Forum Discussion
paul_73820
Nimbostratus
NimbostratusiRule changes not showing up
I am finding when i make change to an iRule they don't show up for some time.
I suspect it's due to the old rule still being in use but this seems odd.
Running version 10.2.1
If someone could enlighten me on why this might be i would appreciate it.
Paul
6 Replies
- boneyard
MVP
it could be that active TCP sessions keep using the rule as long as they arent ended? could that be the case for you? 
koenning_107182Hi Paul,
boneyard is correct, if your browser keeps the connections alive, you will see the old config behaviour.
In a test environment you can prevent this by runningV10/11: tmsh delete sys conn or V9: b conn all delete
This will clear up you connection entries, and thus make sure that you run tests against the current config.
Thanks,
Christian
paul_73820Thanks guys.
I thought that would be the case.
Can i assume that new connections will use the updated irule, its just existing connections that are going to still use the old one?
This would make sense to me.
The protocol I am working with is RADIUS so a b conn delete on that vip would be fine i was just hoping for a less brutal way to get the changes in place when the irule was updated.
Paul
ArieAltostratus
Restarting the browser also tends to work...Updates to Data Classes (groups) do get picked up immediately, so that could be an option. However, keep in mind that updating a class makes it briefly unavailable during the update process so you'll want to code accordingly.
Michael_YatesHi Paul,
As koenning pointed out. Any existing TCP Sessions would continue using the cached (old) iRule until their TCP Session has completed.
Any new connections would cache and use the new iRule.
I would be very careful with the b conn command. If you executed the "b conn all delete" this would delete / reset all connections to the entire device which would be highly disruptive to your traffic.
If you need to use this command you can get more granular.
Show connections to specific Virtual Server:
b conn servervirtual.server.ip.addressshow
Delete connections to specific Virtual Server:
b conn servervirtual.server.ip.addressdelete
The graceful solution is to either allow users to fall off by attrition and get the new iRule when they come back, or direct them to close out their browsers / sever their connection and then come back in a new browser.
Hope this helps.- paul_73820Hi Michael,
Its RADIUS over a UDP vip which is doing per datagram load balancing.
However having thought this through more it makes sense that its still using it as the connection is still active.
I think i may switch to stateless UDP and change the connection time out to immediate, this would remove the connection issue and changes would take effect right away.
The only issues i have had with this are on very busy systems i have seen the load on the BigIP get quite high.
I am very comfortable using b conn delete, so no worries there.
Thanks
