Forum Discussion

igorzhuk's avatar
igorzhuk
Icon for Altostratus rankAltostratus
Jul 04, 2023

priority group activation

Hi all,
I used f5 priority group activation
When my pool member fail and the second pool member come to active the traffic forward to the lower group pool member,

But when the higher pool member goes up, the active connections stay on the lower group. Any built-in solution for stopping connections to the lower group and forwarding existing connections to the higher priority group meme er that come back?

  • As far as I know, new connections will go to the higher group members of the pool once they become available. I don't think that there is a mechanism to move traffic from lower-priority group members to the higher one when this comes available. The lower priority members will process the established connections , but the new ones will go to the higher priority group members.

    found these, they might help if you use an irule:

    https://community.f5.com/t5/technical-forum/priority-group-failback/m-p/181850#M165544

    https://community.f5.com/t5/technical-forum/priority-group-failback/m-p/52718#M36412

    https://community.f5.com/t5/technical-forum/priority-group-activation-failback-with-http-cookie-insert/m-p/237687#M221381

    https://community.f5.com/t5/technical-forum/reset-connections-to-lower-priority-group-member-when-higher/m-p/271537#M255231

     

     

     

    • igorzhuk's avatar
      igorzhuk
      Icon for Altostratus rankAltostratus

      I found this Irule: it maybe can help me: 

      when LB_SELECTED {
        if { ([IP::addr [LB::server addr] equals "low-priority-ip"]) and ([active_members pool_name] > 1) } {
          LB::reselect
        }
      }

       But my traffic is not HTTP is SMB traffic [445], when LB_SELECTED trigger - how I know it's only ones in TCP connection - no? Because if yes LB:: reselect will not work for existing connections, [and its not VS that make oneconnect]

       

      • whisperer's avatar
        whisperer
        Icon for MVP rankMVP

        Think you found this here:

        https://community.f5.com/t5/technical-forum/priority-group-activation-failback-with-http-cookie-insert/td-p/237687

        That will not work for you... out of the box, at least. Here is why...

        - "low-priority-ip" is a placeholder for the IP addresses of the pool members in the lower priority group. Presume you would need to change the logic to see if the IP is in a list of multiple IP addresses.

        - active-members pool_name needs to of course reference the actual name of your pool. Pool_name is a variable placeholder in this example. Also, this gets all of the ative members, those in the 1st priority group and those in the 2nd priority group.

        I do not know of any iRules command to effectively distinguish the priority of a group member. If this was possible, there there would be some possible logic to see if the total number of active pool members part of the higher priority gorups equals the total, and if the picked load balance selection has chosen a member from the lower priority group. HOWEVER, LB_SELECTED usually occurs only once for a session. So, this wouldnt really change anything. A user sent to the lower priority group, because of an event, wouldnt have their session auto-started to the higher pool if members become available. For that session, the logic has already completed for which pool member to choose. You need to tear down the session, or someone force a reselection. The issue is also that for an existing session, you will not be able to issue the LB reselect arbitrarily in a different event, as it is only valid for the following events:

        • LB_SELECTED
        • LB_QUEUED
        • PERSIST_DOWN
        • LB_FAILED

        Those events will not usually trigger for an already established user session.

        Hope this makes sense?

  • I have never seen any customization options for priority groups. Suppose you could implement some feature to programmatically do the same thing, but customized, using custom pool member monitors with a script.

    The only way to keep the existing config and force ALL connections (including those established already) to go back to the primary activation group (highest priority) would be to down the pool members in the lower priority group. So, maybe a monitor, that when it detects a change in pool members to auto up / auto down the pool members in the lower priority group. Just an idea.

     

    • CA_Valli's avatar
      CA_Valli
      Icon for MVP rankMVP

      This is pretty much what I'm running in an UDP scenario on one of my customers that requested a similar feature.
      I build an "external monitor" that triggers a connection to the other pool members (passed as script arguments), and waits for a response. 
      - if returned data is >0 there's an "exit" condition so monitor fails 
      - if returned data is 0, it checks the next pool member 
      - if all checked PM's return 0 data, it echoes a "KO" message in ouput so monitor turns green and node is eligible for traffic

      This will allow you to "force" LB reselection 

      This ext-mon object is then configured only on lower priority pool members, additionally to the health monitor of the service. Works flawlessly, just be careful with probe schedule since if you open lots of sockets the script might as well intercept some response data from another connection, possibly resulting in false negatives.
      [EDIT] Since you're checking external objects, one last thing I'd recommend is to configure alies address and alias port in the monitor object, so that a single probe updates the status of all your pool members (otherwise, it uses pool members' IP:port as different sockets, which builds up to multiple unnecessary probes) 

  • igorzhuk This is a tough one to deal with because of how priority group activation connections are dealt with when the primary group comes back online. In almost every situation with customers in the past they have just allowed the connections to run their course and they would eventually switch back on their own once they were done using the connection that they had open.