For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

rando_57003's avatar
rando_57003
Icon for Nimbostratus rankNimbostratus
Apr 03, 2014

Forcing Node Offline without F5 Access

What is the easiest way to allow our deployment team to force a web server node offline without logging into the F5 Configuration Manager, or using the F5 command line? We'd like them to be able to take web servers down for maintenance without having access to the F5. We already use Solarwinds to monitor the connection count to each server, so they would be aware once all active connections are terminated.

 

application delivery
BIG-IP Access Policy Manager (APM)
LTM
management
security

4 Replies

  • pete_71470's avatar
    pete_71470
    Icon for Cirrostratus rankCirrostratus
    Apr 03, 2014

    You could attach an http monitor that has a recv string that won't match if the service is intentionally being taken down:

     

    ltm monitor http /Common/http_service_is_up { ... recv "Service is up" recv-disable "Service is down" send "GET /status.html\r\n" }

     

    The folks responsible for the node would change the status.html file to read 'Service is down' when they want it removed from the pool.

     

  • rando_57003's avatar
    rando_57003
    Icon for Nimbostratus rankNimbostratus
    Apr 03, 2014

    Would the monitor allow active connections to finish before removing the server from the pool, or disable it immediately? I appreciate your help.

     

    • pete_71470's avatar
      pete_71470
      Icon for Cirrostratus rankCirrostratus
      Apr 03, 2014
      It will allow the connection to complete: Up (disabled) - The system cannot make new connections, and allows existing connections until they are completed or time out.