persist none for all pool connections when only one member is active (tcp only)

I'd strongly suggest terminating that SSL as you'll be able make decisions that are orders of magnitude more intelligent than source address affinity. Believe it or not, it's not really a big deal to move the cert over to the BigIP at all. The LTM uses hardware offload for all of its crypto (handshakes *and* bulk crypto) so this isn't a big deal load wise. I'd expect that your servers will appreciate not dealing with it as well. If this is an option, I'd definitely encourage you to test it. If you do this, you can use cookie inserts for persistence which is (to me, at least) always ideal if you can use it.

 

 

Anyhow, you're right: once your server comes back online, the current connections will persist to the server they've been talking to. This is by design because in this case we've configured the BigIP to persist...if your app can tolerate re-binding to a new system - and it sounds like it can, as a last resort - you may be able to pull this off via iRules by clobbering the persistence record, although this may add a few challenges. How would you decide which connections to re-bind and which not to? It may not matter, but it's worth considering...

 

-Matt