Mar 27, 2026 - For details about updated CVE-2025-53521 (BIG-IP APM vulnerability), refer to K000156741.

Forum Discussion

Jon_Steel_3910's avatar
Jon_Steel_3910
Icon for Nimbostratus rankNimbostratus
Sep 23, 2009

How to Force Offline DisableNode using iControl ?

Hi     Currently, I'm using the Disable-F5.LTMNodeAddress -node {IP} to disable access to a device. However, this marks the node as "disabled" (allowing persistent connections to continue)...
dev
devops
iControl
Joe_Pruitt's avatar
Joe_Pruitt
Sep 23, 2009
The Disable-F5.LTMNodeAddress Cmdlet calls the iControl LocalLBNodeAddress.set_session_enabled_state method under the seams with the iControl.CommonEnabledState.STATE_DISABLED flag.

 

 

The GUI has a three way toggle that I've talked about before but I'll address it again. The mapping is as follows

 

 

Enabled (All traffic allowed):

 

set_monitor_state : STATE_ENABLED

 

set_session_enabled_state : STATE_ENABLED

 

 

Disabled (Only persistent or active connections allowed):

 

set_monitor_state : STATE_ENABLED

 

set_session_enabled_state : STATE_DISABLED

 

 

Forced Offline (Only active connections allowed):

 

set_monitor_state : STATE_DISABLED

 

set_session_enabled_state : STATE_DISABLED

 

 

 

From this it seems you want to call set_monitor_state as well with the STATE_DISABLED flag.

 

 

A little background on the Cmdlets first. I wrote those as some simple use cases knowing they wouldn't cover everyones situations. With that in mind, I added the Get-F5.iControl Cmdlet that will return an interface into the entire iControl API. As you've probably seen in some of my tech tips

 

 

http://devcentral.f5.com/wiki/default.aspx/iControl/PowerShell.html

 

Click here

 

 

 

I use this Cmdlet exclusively since it gives the most flexibility. I wrote this tech tip on Graceful Server Shutdown that doesn't address NodeAddresses, but illustrates Pool Members

 

 

http://devcentral.f5.com/Default.aspx?tabid=63&articleType=ArticleView&articleId=254

 

Click here

 

 

 

But, I think what you finally want is this CodeShare entry I wrote titled PsServerControl

 

 

http://devcentral.f5.com/wiki/default.aspx/iControl/PsServerControl.html

 

Click here

 

 

 

In this sample you can either pass in either an address (ie 10.10.10.10) and a state (enabled or disabled) or you can pass in an address:port (10.10.10.10:80) along with the target state of "enable" or "disable". It will then then set the state of the nodeaddress (or pool members) to either "Enabled" or "Offline" depending on the state you pass in.

 

 

In the future, I'd suggest looking at the core APIs since they do provide more flexibility and it's fairly easy to write function wrappers that will emulate a Cmdlet's look and feel.

 

 

Hopefully this gets you where you need to go with the Forced Offline mode. Let me know if not and I'll whip something else up for you.

 

 

Also, if you have a hard time figuring out the core API and how to associate it with PowerShell, let me know specifics and I can work on a series of Tech Tips.

 

 

-Joe