Killing active connections after a node is marked down

Question

Hello guys,&nbsp;
Is there a way to kill all active connections immediately to the backend node, when the pool's HTTP keepalive marks it down? The problem we are seeing is the connection is still open to the backend node between the F5 SNAT. It's not releasing the connection and sending it over to the next active node. I suspect it's because the backend port doesn't get closed completely, only the layer 7 HTTP service does, so the F5 connection to the node is never actually timed out on the TCP idle because the port is never down. I know new requests will go to the next available active node but the existing connection on the previous node is a proxy connection and never generates a new request it just keeps sending data over the established session.   &nbsp;

simon_blakely · Answer

The pool option Action on Service Down: &nbsp;

Specifies how the system should respond when the target pool member becomes unavailable. The default is None, meaning that the system takes no action to manage existing connections when a pool member becomes unavailable.&nbsp;

None: Specifies that the system maintains existing connections, but does not send new traffic to the member.&nbsp;

Reject: Specifies that, if there are no pool members available, the system resets and clears the active connections from the connection table and sends a reset (RST) or Internet Control Message Protocol (ICMP) message. If there are pool members available, the system resets and clears the active connections, but sends newly arriving connections to the available pool member and does not send RST or ICMP messages.

Drop: Specifies that the system simply cleans up the connection.&nbsp;

Reselect: Specifies that the system manages established client connections by moving them to an alternative pool member when monitors mark the original pool member down.&nbsp;

Please note - Reselect does not do what you think it does for TCP connections - it does not establish a new 3WHS to the newly selected pool member, it just send the packets. Unless the pool member is a transparent gateway, this will cause the new pool member to issue a reset.&nbsp;
K15095: Overview of the Action On Service Down feature&nbsp;

Forum Discussion

Killing active connections after a node is marked down

Recent Discussions

How to implement LTM forward proxy client to determine the diversion pool based on the domain name

FTP PASV mode to Extended Passive mode

Oracle JDBC SSL Termination failing on F5

APM for banner and cert

An Irule for Client Ssl Profile that Allows Unassigned TLS Extension Values (17516)

Related Content

Active/Active load balancing examples with F5 BIG-IP and Azure load balancer

Kill SNAT AutoMap!

Advent Calendar, IPA alert, Active Cyber Defense, call ChatGPT

Site-to-Site Connectivity in F5 Distributed Cloud Network Connect – Reference Architecture

Exploit PowerShell, Ransomware Attack Report, Active Cyber Defense, Attack to GPS

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS