Forum Discussion
Al_Faller_1969
May 05, 2011Nimbostratus
Remove active connections from backup system after return to normal
Hi,
I am using my BigIP in front of a set of LDAP Servers. I have the servers in priority groups, and obviously only want traffic to hit the lower priority when there is a failure. Howeve...
hooleylist
Jan 11, 2012Cirrostratus
I don't think iRules would provide a simple efficient option for forcing clients to connect to a higher priority pool member if they've been using a lower priority member and the higher priority pool member comes back up. Doing so, you'd need to constantly check on every connection to see if the client is on a lower priority member and a higher member is available. Though maybe you could use the after command to do this? Colin, do you have any thoughts on how simple this would be?
Here's the psuedo code I'm thinking of. As you can't check the priority of a member that isn't currently selected, I'd actually change the config to use a main pool and a standby pool. You could then try to implement logic like this in an iRule:
When a connection is established to the virtual, check if the main pool has any active members. If not, select the standby pool.
If we've selected the standby pool, run an 'after -periodic' script every X seconds to check if the main pool is back up. If it is, then reset the client connection to force a new connection.
http://devcentral.f5.com/wiki/iRules.after.ashx
http://devcentral.f5.com/wiki/iRules.active_members.ashx
The downside to this is that you couldn't easily wait until a transaction is complete. So the client might get a reset in the middle of a transaction with this logic. Also, there could be a performance impact on LTM in order to regularly check the status of the main pool
Else, you could potentially create an external monitor which tracks when a high priority pool member transitions from down to up and then clear any existing connection table entries to the lower priority members. I don't think this would be extremely complicated to implement, but it's definitely not something you could throw together in 10 minutes. If you're up for some shell scripting, you could try this yourself. Else, you could engage an F5 or partner consultant to do this.
Here's an external monitor template you could use to start with. But the actual script logic is a bit more tricky.
http://devcentral.f5.com/wiki/default.aspx/AdvDesignConfig/TemplateForExternalLtmMonitors.html
Aaron
Recent Discussions
Related Content
DevCentral Quicklinks
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com
Discover DevCentral Connects