Forum Discussion
shadow82
Cirrus
CirrusHowTo disable/enable VServer based on timetable?
Hi!
We need to enable a VServer only in business hours. After - it should be disabled.
Is there any function (time schedule, iRule, LTM policy rule) or should I go into cron on F5 with commands like:
tmsh modify ltm virtual test disabled
or REST API - (found here https://community.f5.com/t5/technical-forum/rest-api-to-disable-virtual-server/m-p/295092)
url = 'https://device/mgmt/tm/ltm/virtual/test'
data = {'disabled':True}
r=requests.patch(url, json = data, auth=("username", "password"), verify=False)
if r.status_code >= 400:
print('\tError Code: ' + str(r.status_code))
else:
print("Disabled VIP")
- Lucas_Thompson
Employee
If you know the schedule in advance and just want to block certain hours it might be easier to write a simple irule to block the traffic when you need to. Also note when you "disable" a VS in BIG-IP, it will still answer ARPs (unless you disable/remove the virtual address too) but will answer with a RST when the VS is matched to a new flow. To duplicate this behavior dynamically in an irule, you could do something like this.
when CLIENT_ACCEPTED {
# set the UTC hours to deny
set hours_to_deny "0 1 2 3 4 5 6 7 17 18 19 20 21 22 23"
set seconds_per_day [ expr 24 * 60 * 60 ]
set seconds_per_hour [ expr 60 * 60 ]
set seconds_since_midnight [ expr [ clock seconds] % $seconds_per_day ]
set hour [expr int([ expr $seconds_since_midnight / $seconds_per_hour ]) ]
log local0. "New connection from [IP::client_addr] UTC hour is: $hour"
if { [lsearch -integer $hours_to_deny $hour] } {
log local0. "drop connection"
reject
} else {
log local0. "allow connection"
}
} 
dbov68Nimbostratus
Hi,
you can do it easier, play with a monitor, the field Receive Disable String
https://my.f5.com/manage/s/article/K12818
Your App Team can control when to get on or off the app.
regards
Daniel
- whisperer
MVP
There are two ways to accompish this.
- The F5 is a linux server essentially. So create two bash scripts -- one to disable the VS and one to enable the VS via TMSH commands, which it appears that you may have already. Then add two crontab entries. Pros - Quick, Cons - Dirty, You have to manage.
- Use RESTfull APIs and provide the application team with an account to have access to their virtual servers / applications in their own administrative partition. Have them use an external server or even automation like Ansible, to make the RESTfull API calls. Pros - You dont have to manage the app availability. Proper the proper way to go, as an F5 BIG-IP upgrade can throw out your crontab entries! Cons - Slower to implement.
This is probably a good case for using iCall. See: https://community.f5.com/t5/technical-articles/what-is-icall/ta-p/288206.
I wouldn't opt for cron, because you'll loose them when upgrading.
- zamroni777
Nacreous
as f5 is linux based, you can add these kind of entry to the linux crontab scheduler using crontab -e
0 19 * * * /bin/tmsh modify ltm virtual the_vs_name disabled
0 8 * * 1-5 /bin/tmsh modify ltm virtual the_vs_name enabled1st line disables the vs every 19:00.
2nd line enables the vs every 8:00 monday to fridaycrontab manual:
https://linux.die.net/man/5/crontab
