Forum Discussion

paul_73820's avatar
paul_73820
Icon for Nimbostratus rankNimbostratus
Mar 19, 2012

iRule changes not showing up

I am finding when i make change to an iRule they don't show up for some time.

 

I suspect it's due to the old rule still being in use but this seems odd.

 

 

Running version 10.2.1

 

 

If someone could enlighten me on why this might be i would appreciate it.

 

 

Paul

 

 

 

application delivery
dev
devops
iRules
  • boneyard's avatar
    boneyard
    Icon for MVP rankMVP
    Mar 20, 2012
    it could be that active TCP sessions keep using the rule as long as they arent ended? could that be the case for you?
  • koenning_107182's avatar
    koenning_107182
    Icon for Nimbostratus rankNimbostratus
    Mar 20, 2012
    Hi Paul,

    boneyard is correct, if your browser keeps the connections alive, you will see the old config behaviour.

    In a test environment you can prevent this by running 

    V10/11: tmsh delete sys conn  or V9: b conn all delete

    This will clear up you connection entries, and thus make sure that you run tests against the current config.

    Thanks,

    Christian
  • paul_73820's avatar
    paul_73820
    Icon for Nimbostratus rankNimbostratus
    Mar 21, 2012
    Thanks guys.

     

    I thought that would be the case.

     

    Can i assume that new connections will use the updated irule, its just existing connections that are going to still use the old one?

     

    This would make sense to me.

     

     

    The protocol I am working with is RADIUS so a b conn delete on that vip would be fine i was just hoping for a less brutal way to get the changes in place when the irule was updated.

     

     

    Paul
  • Arie's avatar
    Arie
    Icon for Altostratus rankAltostratus
    Mar 21, 2012
    Restarting the browser also tends to work...

     

     

    Updates to Data Classes (groups) do get picked up immediately, so that could be an option. However, keep in mind that updating a class makes it briefly unavailable during the update process so you'll want to code accordingly.

     

  • Michael_Yates's avatar
    Michael_Yates
    Icon for Nimbostratus rankNimbostratus
    Mar 21, 2012
    Hi Paul,

     

     

    As koenning pointed out. Any existing TCP Sessions would continue using the cached (old) iRule until their TCP Session has completed.

     

     

    Any new connections would cache and use the new iRule.

     

     

    I would be very careful with the b conn command. If you executed the "b conn all delete" this would delete / reset all connections to the entire device which would be highly disruptive to your traffic.

     

     

    If you need to use this command you can get more granular.

     

     

    Show connections to specific Virtual Server:

     

    b conn server virtual.server.ip.address show

     

     

    Delete connections to specific Virtual Server:

     

    b conn server virtual.server.ip.address delete

     

     

    The graceful solution is to either allow users to fall off by attrition and get the new iRule when they come back, or direct them to close out their browsers / sever their connection and then come back in a new browser.

     

     

    Hope this helps.
  • paul_73820's avatar
    paul_73820
    Icon for Nimbostratus rankNimbostratus
    Mar 21, 2012
    Hi Michael,

     

     

    Its RADIUS over a UDP vip which is doing per datagram load balancing.

     

    However having thought this through more it makes sense that its still using it as the connection is still active.

     

     

    I think i may switch to stateless UDP and change the connection time out to immediate, this would remove the connection issue and changes would take effect right away.

     

    The only issues i have had with this are on very busy systems i have seen the load on the BigIP get quite high.

     

     

    I am very comfortable using b conn delete, so no worries there.

     

     

    Thanks