Forum Discussion

shadow82's avatar
Icon for Cirrus rankCirrus
Jan 04, 2024

HowTo disable/enable VServer based on timetable?


We need to enable a VServer only in business hours. After - it should be disabled.

Is there any function (time schedule, iRule, LTM policy rule) or should I go into cron on F5 with commands like:

tmsh modify ltm virtual test disabled

or REST API - (found here

url = 'https://device/mgmt/tm/ltm/virtual/test'
data = {'disabled':True}
r=requests.patch(url, json = data, auth=("username", "password"), verify=False)
if r.status_code >= 400:
print('\tError Code: ' + str(r.status_code))
print("Disabled VIP")

5 Replies

  • If you know the schedule in advance and just want to block certain hours it might be easier to write a simple irule to block the traffic when you need to. Also note when you "disable" a VS in BIG-IP, it will still answer ARPs (unless you disable/remove the virtual address too) but will answer with a RST when the VS is matched to a new flow. To duplicate this behavior dynamically in an irule, you could do something like this.


    # set the UTC hours to deny
    set hours_to_deny "0 1 2 3 4 5 6 7 17 18 19 20 21 22 23"
    set seconds_per_day [ expr 24 * 60 * 60 ]
    set seconds_per_hour [ expr 60 * 60 ]
    set seconds_since_midnight [ expr [ clock seconds] % $seconds_per_day ]
    set hour [expr int([ expr $seconds_since_midnight / $seconds_per_hour ]) ]
    log local0. "New connection from [IP::client_addr] UTC hour is: $hour"
    if { [lsearch -integer $hours_to_deny $hour] } {
    log local0. "drop connection"
    } else {
    log local0. "allow connection"


  • There are two ways to accompish this.

    - The F5 is a linux server essentially. So create two bash scripts -- one to disable the VS and one to enable the VS via TMSH commands, which it appears that you may have already. Then add two crontab entries. Pros - Quick, Cons - Dirty, You have to manage.

    - Use RESTfull APIs and provide the application team with an account to have access to their virtual servers / applications in their own administrative partition. Have them use an external server or even automation like Ansible, to make the RESTfull API calls. Pros - You dont have to manage the app availability. Proper the proper way to go, as an F5 BIG-IP upgrade can throw out your crontab entries! Cons - Slower to implement.

  • as f5 is linux based, you can add these kind of entry to the linux crontab scheduler using crontab -e
    0 19 * * *   /bin/tmsh modify ltm virtual the_vs_name disabled
    0 8 * * 1-5   /bin/tmsh modify ltm virtual the_vs_name enabled

    1st line disables the vs every 19:00.
    2nd line enables the vs every 8:00 monday to friday

    crontab manual: