Forum Discussion
NimbostratusIPsec between Source & Destination in between F5 deployed
Hi,
In my environment, IPsec installed in Source and destination servers. Destination servers are coming under Virtual / VIP. so Source are connecting first to destination VIP and VIP forward all requests to destination Servers.
TCP connection must need to active between destination and source servers because of IPsec communication till end each request completed from source side. Persistence profile with source affinity are configured with VIP / Virtual with by default timeout 600 sec.
This persistence timeout is giving sometime bad experience. Bad node never go offline if they are out of rotation from F5 because of timeout value.
We need some solutions where bad node can go permanently offline immediately without serving any traffic and all connections or requests by default move to Good node.
We are using 8950 F5 and Software version is 10.2.1
Your reply and solution suggestion would be appreciate.
Thanks
1 Reply
Hi
I guess you would have setup health monitors for the pool members and usually if a monitor is setup, ltm stops sending new traffic to a particular pool member when there is no proper response in the first check. And it also tears down all the connections after the timeout timer. All this is user configurable so based on your requirement , you can customize the timers.
Regards, Vikram Khatri
