Marking a VIP down via an iRule

Hi ant8344,

 

 

The easiest way to accomplish what you are looking to do is to create another monitor to apply to the server pool and then require that all Health Checks be successful in order for the server to be considered alive.

 

 

In your case you could so something like Enable TCP Print Services (which runs on port 515) on the servers. Then create a TCP Monitor for that port and apply it to the pool.

 

 

So when you want to take a server down for maintenance you stop the TCP Print Services on the server causing the device to fail the health check and be marked down.

 

 

Run your maintenance normally and start the service when you are done.

 

 

You can do this with an iRule, but I have found that this type of method is more reliable and preferable. If you are still interested in an iRule approach look here:

 

 

disable pool member with an irule

 

 

Hope this helps.

Actually, what we're looking to do is mark a VIP down that does NOT have a pool applied to it.

 

Since the VIP only has an iRule applied to it (with various conditions), that VIP will always respond on its port.

 

I'm trying to see if there is any way we can have the VIP NOT respond on that port (I'm thinking the only way this is possible is via iRule, if at all).

 

 

Assuming I understand your scenario, one exchange talks to two VIPs on your F5, which then direct traffic accordingly. When doing maintenance at the lowest level (the destination) you need to cut out the middle man by stopping the VIP from processing traffic.

 

 

If you simply want to not respond at all when the VIP should be marked down, you can drop all packets under the conditions that interest you, although rejecting them would cause the exchange to fail immediately rather than waiting for a timeout, which is probably a better scenario.

 

 

if { condition indicating vip needs to be marked down } {

reject

 

} else{

 

do all other processing

 

}

 

Thanks Brian, the reject is what I was looking for.