F5 IRULE cannot use [LB::server pool] in FLOW_INIT context

Hi.

According to the cloud doc, [LB::server] command is valid in the following events.

But "FLOW_INIT" is not listed in events.

=======================================================================

https://clouddocs.f5.com/api/irules/LB__server.html

Related Information

Valid Events:

CLIENT_ACCEPTED, HTTP_REQUEST, HTTP_RESPONSE, LB_FAILED, LB_SELECTED

=======================================================================

iRule FLOW_INIT

Details the functionality within FLOW_INIT.

LB:: functionality is not included

Why do you need to use [LB::server pool] in the FLOW_INIT event?

need to send rejection packet when servers are down on VIP. I have over 10 VIPs to apply this to due to external monitors. Anyway to dynamically get the pool value in FLOW_INIT

As the linked article above describes, the purpose of the FLOW_INIT event is for the following use cases:

• Override ACL action
• Bandwidth control on both client/server flows
• Routing to another Vip
• Marking qos tos/dscp on both client/server flows

.

So you will need to move up to the application layer to be able to use [LB::server pool] .

if I move this to application layer and this is just a regular TCP VIP with standard profile then theres no way to stop the 3 way handshake unless its done in FLOW_INIT..Unless i am missing something

If you are thinking of evaluating the pool status at the very first client packet (if you could do that - you can't), then you are not really saving a significant amount of resources; instead you are making your F5 system more vulnerable in a possible syn attack.

so what is the best way to drop a tcp connection on a VIP with Standard profile when no pool members are up...Our external monitors are having false positives. F5 article said to use this approach.

In the event "CLIENT_ACCEPTED".

Health monitor is a different issue. Is there something special that you need to use an external monitor for it?