Forum Discussion
Robert_Landrito
Nimbostratus
Nimbostratusdowning a member from LB_FAILED
Hi all,
I'm trying to write an iRule that will down a member in LB_FAILED. I figured this would be a good spot to do it, since LB_FAILED is reached if a selected member is unreachable or non-responsive.
However, it seems that I can't get information for the selected member. [LB::server pool] returns properly, but [LB::server addr] and [LB::server port] don't give me anything, and I therefore can't call LB::down with the appropriate arguments. Calling LB::down alone doesn't seem to do anything in this context either.
Anyone else able to accomplish this? LTM 9.4.5.
7 Replies
L4L7_53191I think this is because of the way LB_FAILED works (someone please jump in if I am wrong): it'll fire if the LTM can't select a pool member, or that member is down. So to me it's not a surprise that you can't down a member from this event.
What are you trying to accomplish, specifically? That may help home in on some options.
-Matt
hoolioCirrostratus
Hi Matt,
I would have expected that LB::server commands would return info for the "currently selected" pool member even if the connection failed. If a member couldn't be selected because no pool member was up, then it would seem logical that LB::server * could only return the pool name. I could see why the IP::server_addr/TCP::server_port commands wouldn't return anything in LB_FAILED because no connection was established to the pool member.
Maybe this is a bug? There have been quite a few issues with using commands in LB_FAILED over the past versions. However, from a post post, someone was able to at least get the LB::server addr and LB::server port values in LB_FAILED (in 9.3.x):
http://devcentral.f5.com/Default.aspx?tabid=53&forumid=5&tpage=1&view=topic&postid=24583
rshayne, do you have any pool members not marked down in the pool when you're testing?
Aaron- L4L7_53191Ahhh yes very good points Aaron, thanks. Now I'm going to have to go off and research this one...so the last question is key: are there any members available? If so, we'll need to dig into this one a bit!
-Matt - Robert_LandritoOk my apologies everyone. The problem is that I was doing the LB::detach before the LB::down. The detach will "unselect" any currently selected member. Makes sense.
- L4L7_53191Makes sense, thanks for the follow-up. Would you be willing to post your rule, by chance?
-Matt - Robert_LandritoIt's just a basic failover iRule. The idea is to use a designated "failover pool" for a given pool. I know I could do this with priorities but I need to snat as the "failover pool" will be a vip on an LB at an alternate datacenter. In addition to adding the snat, I inject a header to try and prevent any crazy loops between LB's. If you have any suggestions or improvements, especially regarding efficiency, do share.
when RULE_INIT { set ::remoteDCSnatPool "remote-dc-snat" } when CLIENT_ACCEPTED { set defaultPool [LB::server pool] set failoverPool "[LB::server pool]-failover" set failover 0 } when HTTP_REQUEST { if { [active_members $defaultPool] < 1 || $failover == 1 } { if { [HTTP::header exists lb_origin] } { log local0. "lb_origin detected, rejecting" reject } else { log local0. "Failing over to $failoverPool" set failover 1 HTTP::header insert "lb_origin" 1 snatpool $::remoteDCSnatPool pool $failoverPool } } } when LB_FAILED { if { $failover == 1 } { reject } LB::down LB::detach log local0. "reached LB_FAILED, [active_members $defaultPool] active members" if { [active_members $defaultPool] < 1 } { if { [HTTP::header exists lb_origin] } { log local0. "lb_origin detected, rejecting" reject } else { log local0. "Failing over to $failoverPool" set failover 1 HTTP::header insert "lb_origin" 1 snatpool $::remoteDCSnatPool LB::reselect pool $failoverPool } } else { LB::mode rr LB::reselect } }
Edited for formatting - JRahm
Admin
iRules contest ends today, might wanna submit that one by 5pm pacific!
