Forum Discussion

manc_63343's avatar
manc_63343
Icon for Nimbostratus rankNimbostratus
Apr 30, 2010

Can LTM be used to configure Active and Passive Servers?

For a given vip is it possible to define pool of servers that are active and also some pool of members that passive. Basically this is what I want to do:     1. Define active pool of servers for...
config
design
DR_A__18839's avatar
DR_A__18839
Historic F5 Account
May 15, 2015

Maybe also possible that slow ramp + PGA is effecting distribution expectations? Review SOL16242 for applicability to your situation: https://support.f5.com/kb/en-us/solutions/public/16000/200/sol16242.html

 

(never saw reference to instability of your alternate pool member, so not a direct match unless that was omitted)

 

Or, perhaps you just didn't wait more than 10s?

 

nPath has nothing to do with this. I noted nPath config on the F5 would allow a shift between pool members of active traffic, but also noted that this is nonsensical unless we're dealing w/L3 pool members gw/router type devices (something I find unlikely given the provided config).

 

I can only think of a few possible causes for the described behavior: active traffic, a form of persistence, slow ramp, or perhaps even a bug.

 

Persistence is stated as a non-issue (not in-use; and my cursory glance of config agrees). Slow ramp may be an issue (if you didn't wait 10s), but the bug on slow ramp + PGA doesn't seem to fit (see the final req in the SOL). I don't know the environment, what you're trying to pass, nor your level of expertise, so I'm tossing out more-or-less random ideas.

 

FWIW: A traffic capture during the 3rd case scenario would answer a lot of questions and garner significant understanding.

 

If I were wanting to figure this out, I'd use a traffic capture command similar to the following to get further insight: tcpdump -nnei0.0:p -c1000 host 10.0.22.6 and tcp port 8441

 

Assuming a more modern TMOS version, :p should adequately fetch the related SNAT'd server side connections for the filtered for client side virtual traffic.

 

In your lab repro, stop the primary pool member, start the tcpdump on the active F5, start the client test traffic, restore service to the primary pool member, wait ~15s (slow ramp + 5s), then stop the capture.

 

Good luck!

 

If you choose to post the results of the traffic capture to this thread, I highly suggest scrubbing the output to meet your security standards (as I'm sure you've already done with the provided configuration). I personally don't see a problem with posting this sort of thing, but I'm not your security policy administrator. ;)

 

If you do want to scrub, I suggest saving the txt output capture to a file, and then running a sed line similar to: sed 's/[mac1]/F5_server_MAC/g;s/[mac2]/primary_pool_MAC/g;s/[ip1]/primary_pool_ip/g' capture.txt

 

Where "[mac1]" is the literal MAC address of the F5 server_side MAC address, and so on.

 

Beyond that, if my tcpdump or sed command are incorrect, you have my apologies. I didn't test them.