Kill all active connections to a Vserver during maintenace....

Thanks to the previous posters for responding! I'm new to the LTMs and appreciate your repsonses. I've done some additional research/work on this.

 

 

>>It's my understanding that setting the action on service down to reject

 

>>on the pool dictates that existing connections are reset when the pool

 

>>member is down.

 

 

That was my expectation also and does seem to be case for any NEW HTTP/TCP sessions going to the Vserver/pool/nodes. However, CURRENT ESTABLISHED sessions running through the VServer do not appear to get reset/redirected and continue on if you disable the Vserver, pool, or node members. This behavior is most noticable on HTTP .NET/Java applications where the application has something going on in the background that keeps the browser from immediately closing a HTTP/TCP session after a trasmission is done. ( in my case, our appliation has sometype of Java applet that downloads and runs through the browser ).

 

 

I actaully ticketed with f5 Support on this and:

 

a) They confirmed that a manually disabled object (Vserver, Pool, node) will indeed continue to pass traffic for an established TCP session. New sessions will be rejected/reset.

 

- In my own testing this is definitely the case if you disable all the nodes and there are no other irules to modify behavior - established TCP sessions do continue on to the nodes. I was able to continue using my webapp continuously for 5-6 minutes after shutting down all nodes before I gave up testing.

 

- What was also interesting was that if you knew what pool member your traffic was going to and disabled just that one member, the LTM still continued to pass established sessions to that server. Interesting Implications if need to immediately pull a problem server out of the pool and did that by just disabling that one node. (e.g. - user traffic on a given webserver is causing that application server to send send problematic sql queries to a backend database)

 

- Shutting the the Vserver seems to have a more immediate impact for terminiating all active traffic - but you loose the ability to process irules and redirect traffic to a maintenace page).

 

b) they indicated there are no configuration options to change that behavior. They pointed me towards some icontrols about doing TCP resets to connections (see my original post).

 

 

I was pretty surprised at that response. F5 has been doing this stuff since forever and that enoung people would have asked about this that it would have been added as a configurable option.

 

 

 

My functional requirement was to was to be able to shutdown all nodes in a pool to enable a mainatenace window and have all traffic (new requests and existing sessions) redirect to a maintenance page. I found a differnt irule on Devcentral that used a HTTP_REQUEST with 'active_members rather than a LB_FAILED method that does work as expected. See irules below.

 

 

this iRULES allows established TCP Connections to conitue on to the pool node members even if they are all manually disabled

 

when LB_FAILED {

 

HTTP::redirect "http://maintenance.sitename.com/"

 

}

 

 

this iRULES checks pool member status with each http request. If all pool members are disbaled,

 

immediately sends all traffic (new requests as well as established TCP sessions) to the maintenace page.

 

when HTTP_REQUEST {

 

if {[active_members [LB::server pool]] == 0} {

 

HTTP::redirect "http://maintenance.sitename.com/"

 

 

 

}

 

}

 

 

 

Thanks!

 

-John G