F5 is upgrading its customer support chat feature on My.F5.com. Chat support will be unavailable from 6am-10am PST on 1/20/26. Refer to K000159584 for details.

Forum Discussion

crosson_16669's avatar
crosson_16669
Icon for Nimbostratus rankNimbostratus
Jan 15, 2013

F5 fallback pool

Assume the below config. If all the members of dns-53-A are down how does the virtual server behave? Given that there is an irule to LB members to a different pool will the VS remain up even though his default pool is currently down? I understand that a VS's status will reflect the underlying pool but does it know to check pools you may have listed in your attached irule?

 

 

 

rule DNS_POOL_FALLBACK {

 

when CLIENT_ACCEPTED {

 

if { [active_members "dns-53-A"] < 1 } {

 

pool "dns-53-B"

 

}

 

}

 

}

 

 

pool dns-53-A {

 

monitor all dns_monitor and dns_monitor_tcp

 

members {

 

10.0.0.14:domain {}

 

10.0.0.15:domain {}

 

}

 

}

 

pool dns-53-B {

 

monitor all dns_monitor and dns_monitor_tcp

 

members {

 

172.16.0.14:domain {}

 

172.16.0.15:domain {}

 

172.16.0.114:domain {}

 

172.16.0.115:domain {}

 

}

 

}

 

virtual dns-tcp {

 

snat automap

 

pool dns-53-A

 

destination 10.1.0.15:domain

 

ip protocol tcp

 

rules DNS_POOL_FALLBACK

 

}

 

virtual dns-udp {

 

snat automap

 

pool dns-53-A

 

destination 10.1.0.15:domain

 

ip protocol udp

 

rules DNS_POOL_FALLBACK

 

}

 

 

application delivery
dev
devops
iRules

3 Replies

  • nitass's avatar
    nitass
    Icon for Employee rankEmployee
    Jan 15, 2013
    i do see bigip still sending traffic to pool in irule. 

    [root@ve10:Active] config  b virtual list
virtual bar-tcp {
   snat automap
   pool foo-a
   destination 172.28.19.252:53
   ip protocol 6
   rules myrule
}
virtual bar-udp {
   snat automap
   pool foo-a
   destination 172.28.19.252:53
   ip protocol 17
   rules myrule
}
[root@ve10:Active] config  b pool foo-a list
pool foo-a {
   monitor all fake
   members 200.200.200.101:53 {}
}
[root@ve10:Active] config  b pool foo-b list
pool foo-b {
   members 200.200.200.111:53 {}
}
[root@ve10:Active] config  b rule myrule list
rule myrule {
   when CLIENT_ACCEPTED {
  if { [active_members "foo-a"] < 1 } {
    pool "foo-b"
  }
}
}
[root@ve10:Active] config  b self 200.200.200.253 list
self 200.200.200.253 {
   netmask 255.255.255.0
   unit 1
   floating enable
   vlan internal
   allow default
}

 pool is down

[root@ve10:Active] config  b pool foo-a|grep -i pool\ member
+-> POOL MEMBER foo-a/200.200.200.101:53   inactive,down

 tcp

[root@ve10:Active] config  tcpdump -nni 0.0 not host 200.200.200.10 and port 53 or icmp
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on 0.0, link-type EN10MB (Ethernet), capture size 108 bytes
05:09:49.349283 IP 172.28.19.251.42883 > 172.28.19.252.53: S 1658522725:1658522725(0) win 5840 
05:09:49.349411 IP 172.28.19.252.53 > 172.28.19.251.42883: S 2911763653:2911763653(0) ack 1658522726 win 4380 
05:09:49.350324 IP 172.28.19.251.42883 > 172.28.19.252.53: . ack 1 win 46 
05:09:49.350466 IP 200.200.200.253.42883 > 200.200.200.111.53: S 992993099:992993099(0) win 4380 
05:09:49.354379 IP 200.200.200.111.53 > 200.200.200.253.42883: S 2393792889:2393792889(0) ack 992993100 win 5792 
05:09:49.354389 IP 200.200.200.253.42883 > 200.200.200.111.53: . ack 1 win 4380 
05:10:02.351209 IP 172.28.19.251.42883 > 172.28.19.252.53: P 1:7(6) ack 1 win 46 [|domain]
05:10:02.351231 IP 200.200.200.253.42883 > 200.200.200.111.53: P 1:7(6) ack 1 win 4380 [|domain]
05:10:02.352216 IP 200.200.200.111.53 > 200.200.200.253.42883: . ack 7 win 46 
05:10:02.451206 IP 172.28.19.252.53 > 172.28.19.251.42883: . ack 7 win 4386 

 udp

[root@ve10:Active] config  tcpdump -nni 0.0 not host 200.200.200.10 and udp port 53 or icmp
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on 0.0, link-type EN10MB (Ethernet), capture size 108 bytes
05:11:13.351337 IP 172.28.19.251.44005 > 172.28.19.252.53:  30303+ A? www.google.com. (32)
05:11:13.351426 IP 200.200.200.253.44005 > 200.200.200.111.53:  30303+ A? www.google.com. (32)
  • nitass's avatar
    nitass
    Icon for Employee rankEmployee
    Jan 15, 2013
    So would the VSERVER would remain up?status in gui is offline (enabled). 

    [root@ve10:Active] config  b virtual
VIRTUAL ADDRESS 172.28.19.252   UNIT 1
|     ARP enable
|     (cur, max, limit, tot) = (0, 2, 0, 2)
|     (pkts,bits) in = (7, 3216), out = (4, 1760)
+-> VIRTUAL bar-tcp   SERVICE 53
    |     PVA acceleration none
    |     (cur, max, limit, tot) = (0, 1, 0, 1)
    |     (pkts,bits) in = (4, 1776), out = (4, 1760)
    |     requests (total) = 0
    +-> RULE myrule
        +-> CLIENT_ACCEPTED   2 total   0 fail   0 abort
    +-> POOL foo-a  LB METHOD round robin   MIN/CUR ACTIVE MEMBERS 0/0
        |     (cur, max, limit, tot) = (0, 0, 0, 0)
        |     (pkts,bits) in = (0, 0), out = (0, 0)
        +-> POOL MEMBER foo-a/200.200.200.101:53   inactive,down
            |     session enabled    priority 0    ratio 1
            |     (cur, max, limit, tot) = (0, 0, 0, 0)
            |     (pkts,bits) in = (0, 0), out = (0, 0)
            |     requests (total) = 0
VIRTUAL ADDRESS 172.28.19.252   UNIT 1
|     ARP enable
|     (cur, max, limit, tot) = (0, 2, 0, 2)
|     (pkts,bits) in = (7, 3216), out = (4, 1760)
+-> VIRTUAL bar-udp   SERVICE 53
    |     PVA acceleration none
    |     (cur, max, limit, tot) = (0, 1, 0, 1)
    |     (pkts,bits) in = (3, 1440), out = (0, 0)
    |     requests (total) = 0
    +-> RULE myrule
        +-> CLIENT_ACCEPTED   2 total   0 fail   0 abort
    +-> POOL foo-a  LB METHOD round robin   MIN/CUR ACTIVE MEMBERS 0/0
        |     (cur, max, limit, tot) = (0, 0, 0, 0)
        |     (pkts,bits) in = (0, 0), out = (0, 0)
        +-> POOL MEMBER foo-a/200.200.200.101:53   inactive,down
            |     session enabled    priority 0    ratio 1
            |     (cur, max, limit, tot) = (0, 0, 0, 0)
            |     (pkts,bits) in = (0, 0), out = (0, 0)
            |     requests (total) = 0