Forum Discussion

Erki_Märks_2779's avatar
Erki_Märks_2779
Icon for Nimbostratus rankNimbostratus
Jan 26, 2011

drain connections

There are two virtual servers, each have 1 pool with 2 nodes attached to it. The IP addresses of these nodes are the same for both of the pools, only port numbers differ. One node for instance 1.1.1.1 is primary and 1.1.1.2 is the secondary in each of these pools. The application is built so that it connects to the server logs in and the connection remains open. If 1.1.1.1 xx goes down, all connections should go to 1.1.1.2 and connections to 1.1.1.1 should be dropped. For that reason, the action on svcdown is set to drop on both of those pools, but even if i do LB::down and LB::down pool xxx member x.x.x.x xx, the connections stay open. Is there a way to do b conn server 2.2.2.2:80 delete from an irule.

 

 

when RULE_INIT

 

{

 

if {not([array exists ::arr])}

 

{

 

array set ::arr {

 

"primary" "1.1.1.1"

 

"secondary" "1.1.1.2"

 

}

 

}

 

}

 

when CLIENT_ACCEPTED

 

{

 

set port "xxxy"

 

set pool "pool_$port"

 

set portsec "xxxx"

 

set poolsec "pool_$portsec"

 

 

if { [active_members $pool] > 0 && [array exists ::arr] && [info exists ::arr(primary)] }

 

{

 

set secondary "$::arr(secondary)"

 

set primary "$::arr(primary)"

 

if {[LB::status pool $pool member $primary $port] != "up" && [LB::status pool $pool member $secondary $port] == "up"}

 

{

 

LB::down pool $poolsec member $primary $portsec

 

set ::arr(primary) "$secondary"

 

set ::arr(secondary) "$primary"

 

}

 

pool $pool member $::arr(primary)

 

}

 

else

 

{

 

reject

 

}

 

}

 

when LB_FAILED

 

{

 

LB::down

 

LB::down pool $poolsec member [LB::server addr] $portsec

 

if { [LB::server addr] == "$::arr(primary)" && [active_members $pool] > 0 }

 

{

 

if {[LB::status pool $pool member $::arr(secondary) $port] == "up"}

 

{

 

set ::arr(primary) $::arr(secondary)

 

set ::arr(secondary) [LB::server addr]

 

pool $pool member $::arr(primary)

 

}

 

}

 

}
application delivery
dev
devops
iRules
  • Colin_Walker_12's avatar
    Colin_Walker_12
    Historic F5 Account
    Jan 26, 2011
    Well, first of all there are a lot of optimizations I would suggest for your iRule to make it more efficient. Setting variables where they aren't absolutely required, using global arrays rather than static:: values (assuming you're on a version that supports them), etc. If you're interested in an optimization discussion, let me know and I'd be happy to help out in that arena.

     

     

    More to your point, however, have you tried using the LB::detach command? Click Here

     

     

    If what you're trying to do is convince the LTM to disconnect from the pool member that'd be the best way to do it, I think.

     

     

    Colin
  • Erki_Märks_2779's avatar
    Erki_Märks_2779
    Icon for Nimbostratus rankNimbostratus
    Jan 26, 2011
    I would only think that i need to use global arrays because i use this data globally - there's at least two of those irules one attached to vhost1, the second irule to the second to vhost2.

     

    For ease of use, the only things that are modified are:

     

    set port "xxx"

     

    set pool "pool_$port"

     

    set portsec "yyy"

     

    set poolsec "pool_$portsec"

     

     

    vhost1

     

    pool_xxx

     

    node 1.1.1.1 xxx

     

    node 1.1.1.2 xxx

     

    vhost2

     

    pool_yyy

     

    node 1.1.1.1 yyy

     

    node 1.1.1.2 yyy

     

     

    if node 1.1.1.1 xxx is standby, then node 1.1.1.1 yyy should be standby. If node 1.1.1.2 xxx () goes down, 1.1.1.1 is set to active and so the connections to both of the virtual servers must be dropped and new connections initiated so that the programs are connected to and will log in to 1.1.1.1 yyy and 1.1.1.1 xxx.

     

    What i'm trying to implement is a basic functionality of a fail-over cluster. The bad thing is that even if the action on svcdown is set to drop the connections are not dropped if I do LB::down.

     

     

    I think LB::detach is not an option because the programs are connected to the server and waiting some data. Unless there's no data sent i can't even use when SERVER_DATA to do TCP::close or something like that.
  • JRahm's avatar
    JRahm
    Icon for Admin rankAdmin
    Jan 28, 2011
    I think you could eliminate a lot of complexity by collapsing the two pools into one and attaching a monitor for both ports to the pool. That way, if there's a failure to your node supporting both ports, they both go down.
  • Erki_Märks_2779's avatar
    Erki_Märks_2779
    Icon for Nimbostratus rankNimbostratus
    Jan 28, 2011
    That's a good idea, but what about the problem that the connections are not dropped, how could i solve this
  • Erki_Märks_2779's avatar
    Erki_Märks_2779
    Icon for Nimbostratus rankNimbostratus
    Jan 28, 2011
    I know that TCP::close closes the current connection but how could I drop all the connections to both of those vhosts at once. As I said setting pool action on svcdown to drop didn't help me.
  • JRahm's avatar
    JRahm
    Icon for Admin rankAdmin
    Jan 28, 2011
    If the monitor is marking the pool members down, the connections should be closed automatically. I don't think you can close all connections from an iRule that is only concerned about the current connection, but I could be wrong about that.
  • hooleylist's avatar
    hooleylist
    Icon for Cirrostratus rankCirrostratus
    Jan 31, 2011
    If you have a monitor for both ports associated with the pool member, have action on service down set to reject and either port goes down, LTM should send a reset for any open connections for either port.

     

     

    Aaron