Forum Discussion

pmerlin_350975's avatar
pmerlin_350975
Icon for Nimbostratus rankNimbostratus
Feb 14, 2018

Killing TCP connection attached to secondary when primary server is back (in active/passive mode)

Hi I have 2 probes connecting to a console and I want to make the console HA using F5.

 

I've defined a Master and Backup console with a Virtual IP. Looking at other post, I've defined a VIP with a Pool of 2 Consoles with 2 different priority. 10 for the primary, and 1 for the backup with Priority Group less than 1 & Round robin. Round robin is not used as I only have 1 server per priority Group.

 

The 2 probes connect to the master. OK. When master goes down : 2 probes connect to backup: OK. When master come UP again: new connection connects to master, but probes attached to backup stay on it. I would like to reconnect the 2 probes to the master.

 

Shutting down the slave console is working, resetting the probe is also working but I would like an automatic solution.

 

It is possible to kill connections from the probes to the backup server when primary is working again ?Irules with TCP::Close on the VIP connections ?

 

application delivery
iRules
LTM
  • pmerlin_350975's avatar
    pmerlin_350975
    Icon for Nimbostratus rankNimbostratus
    Feb 14, 2018

    Algo needed: When Number_of_server from (priority group 10) switch from 0 to 1, kill all remaining TCP connection to the VIP.

     

  • Only1masterbla1's avatar
    Only1masterbla1
    Icon for Cirrus rankCirrus
    Feb 14, 2018

    In general, F5 never kills any session and intermediate devices should not. Existing sessions continues as long as server is available and new connections are based as per new reality. Killing all sessions for VIP is not a good idea. In your case, you have very short connection timeout period (default is 5 mins).

     

  • Niels_van_Sluis's avatar
    Niels_van_Sluis
    Icon for MVP rankMVP
    Feb 15, 2018

    This is an iRule I created some time ago to do about what you are asking for. In this example pool member 10.0.0.1 is de primary pool member and pool member 10.0.0.2 is the backup pool member. This iRule will monitor TCP traffic when there are active connections to the backup member. When there are active connections being send to the bacup server, while the primary pool member is up (again), it will reject the current active connection to the backup pool member.

    Note that this iRule has been tested in my lab only.

    when CLIENT_DATA {
    if { [LB::status pool pool_name member 10.0.0.1 80] equals "up" } {
        reject
         Disable future events in this or any other iRule on the virtual server
        event disable all
         Exit this event of this iRule immediately
        return
    }

    TCP::release
    TCP::collect 1
}

when SERVER_CONNECTED {
    if { [IP::addr [LB::server addr] equals 10.0.0.2] } {
        clientside { TCP::collect 1 }
    }
}