Mar 27, 2026 - For details about updated CVE-2025-53521 (BIG-IP APM vulnerability), refer to K000156741.

Forum Discussion

jgranieri_42214's avatar
jgranieri_42214
Icon for Nimbostratus rankNimbostratus
Feb 09, 2012

Priority Group Activation ( Preemption question)

I have a working config for priority group activation on a 2 node pool.     Due to the nature of my application I don't want the higher priority pool member to receive traffic when it comes bac...
config
design
nitass's avatar
nitass
Icon for Employee rankEmployee
Feb 09, 2012
this is just another example using irule. please feel free to revise. 

[root@ve1023:Active] config  b virtual bar list
virtual bar {
   snat automap
   destination 172.28.19.79:22
   ip protocol 6
   rules myrule
}
[root@ve1023:Active] config  b pool foo1 list
pool foo1 {
   monitor all tcp
   members 200.200.200.101:22 {}
}
[root@ve1023:Active] config  b pool foo2 list
pool foo2 {
   monitor all tcp
   members 200.200.200.102:22 {}
}
[root@ve1023:Active] config  b rule myrule list
rule myrule {
   when RULE_INIT {
   set static::pool1 foo1
   set static::pool2 foo2
}

when CLIENT_ACCEPTED {
   set vs "[IP::local_addr]:[TCP::local_port]"

   if {[table lookup current_pool] eq ""} {
      table set current_pool $static::pool1 indef indef
   }

   if {[active_members [table lookup current_pool]] < 1} {
      if {[table lookup current_pool] eq $static::pool1} {
         set new $static::pool2
      } elseif {[active_members $static::pool1] > 0} {
         set new $static::pool1
      } else {
         reject
         return
      }
      table set current_pool $new 0 0
   }
   pool [table lookup current_pool]
}

when SERVER_CONNECTED {
   log local0. "[IP::client_addr]:[TCP::client_port] -> $vs -> [IP::remote_addr]:[TCP::remote_port]"
}
}

[root@ve1023:Active] config  cat /var/log/ltm
Feb  9 09:40:24 local/tmm info tmm[4822]: Rule myrule : 192.168.204.8:62065 -> 172.28.19.79:22 -> 200.200.200.101:22
Feb  9 09:40:50 local/ve1023 notice mcpd[3746]: 01070638:5: Pool member 200.200.200.101:22 monitor status down.
Feb  9 09:40:50 local/tmm err tmm[4822]: 01010028:3: No members available for pool foo1
Feb  9 09:40:59 local/tmm info tmm[4822]: Rule myrule : 172.28.19.253:58019 -> 172.28.19.79:22 -> 200.200.200.102:22
Feb  9 09:41:21 local/tmm err tmm[4822]: 01010221:3: Pool foo1 now has available members
Feb  9 09:41:24 local/ve1023 notice mcpd[3746]: 01070727:5: Pool member 200.200.200.101:22 monitor status up.
Feb  9 09:41:46 local/tmm info tmm[4822]: Rule myrule : 172.28.19.251:50606 -> 172.28.19.79:22 -> 200.200.200.102:22

the last log shows a new connection was still sent to foo2 pool even foo1 pool was back.