Forum Discussion
Al_Faller_1969
May 05, 2011Nimbostratus
Remove active connections from backup system after return to normal
Hi,
I am using my BigIP in front of a set of LDAP Servers. I have the servers in priority groups, and obviously only want traffic to hit the lower priority when there is a failure. However, LDAP clients tend to make very long, persistent connections to servers and unfortunately will keep these connections indefinitely to the backup (lower priority) boxes even if a higher priority returns to service since the connection is "active". Any suggestions on a good way to sever these connections in the event of a higher priority becoming available again?
Thanks in advance,
Al
- hooleylistCirrostratusHi Al,
- Al_Faller_1969NimbostratusHi Aaron,
- hooleylistCirrostratusThe iRule to syslog-ng message would be processed locally and wouldn't require an external syslog server. The one gap I see in this is that the initial trigger would require a new connection to be sent to the virtual server. So the deletion of the "bad" connection table entries wouldn't necessarily occur immediately after a higher priority pool member comes back up.
1. Create a script file /usr/local/bin/mycustomscript.pl vi /root/mycustomscript.pl 2. Add the script to the file and save: !/usr/bin/perl system("echo Alert was triggered > /var/tmp/mycustomscriptoutput.txt"); 3. Set the permissions on the file: chmod 755 /root/mycustomscript.pl 4. Edit /config/user_alert.conf and add the following alert definition. The quoted portion is a regex which must match the syslog message. alert my_custom_alert "this is the text we look for in the syslog message" { exec command="/usr/local/bin/mycustomscript.pl" } 5. Trigger the script: logger -p local0.info "this is the text we look for in the syslog message" 6. Review the script action which was to create a file and output some text: less /var/tmp/mycustomscriptoutput.txt Alert was triggered
- Mansab_Mahmood_NimbostratusHello Aaron,
- Colin_Walker_12Historic F5 AccountAre you looking to actually sever active connections to the DR site once the Primary is back online, or are you just looking to ensure that all new requests get routed appropriately?
- Mansab_Mahmood_NimbostratusThanks for your reply Colin!
- hooleylistCirrostratusI don't think iRules would provide a simple efficient option for forcing clients to connect to a higher priority pool member if they've been using a lower priority member and the higher priority pool member comes back up. Doing so, you'd need to constantly check on every connection to see if the client is on a lower priority member and a higher member is available. Though maybe you could use the after command to do this? Colin, do you have any thoughts on how simple this would be?
- Mansab_Mahmood_NimbostratusThanks Aaron,
- hooleylistCirrostratus1) How can I have a 'main pool' and a 'standby pool' for a Virtual Server in the LTM?
2) Is this behaviour (of having to write a irule for switchover when the Higher Priority Member comes back online) specific to Microsoft Exchange or is this how it is with the LTM and other applications as well?when CLIENT_ACCEPTED { Check if the VS default pool has no active members if {[active_members [LB::server pool]] == 0}{ pool remote_cas_pool } }
- Mansab_Mahmood_NimbostratusThanks alot Aaron!
Recent Discussions
Related Content
Â
DevCentral Quicklinks
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com
Discover DevCentral Connects