Forum Discussion
Mike_Graston_10
Nimbostratus
NimbostratusTCP port still availible when VIP fails
I need to right an Irule where the tcp of the vip would fail when the pool members fail. I would have thought setting it up to reject or drop on the VS would have accomplished this but I can still telnet to the tcp port of the VS... This is causing my GSS not to fail over as it is doing a layer 4 helth check? Stumped!
7 Replies
- JRahm
Admin
Try discard! I use this rule for my GSS:when CLIENT_ACCEPTED { if { [active_members MyPool] == 0 } { discard } } 
Mike_Graston_10Worked like a champ! Thanks,- Mike_Graston_10citizen_elah,
Have you ever done this with the GSS where the vip is port 0 as the back end is udp and the health check from the GSS is only tcp? I am figuring the Irule to work fine as it should disgard any packets if the nodes are dwom - JRahmI have not done this before. The only condition in the rule is no active members, so it will discard all connections in this scenario, assuming the CLIENT_ACCEPTED event is triggered. I haven't done anything with UDP so I'm not sure if this event triggers with UDP connections.
zaferHow can i do globally, i have multiple vip and its not usefull
in alteon if vip service down does not accept connection
regards
zafer- zaferand i also tested this i rule, it didnt worked
i did telnet vip port 80
members down and vip accepted connection - JRahmAre you members disabled, or really down? If they're really down, it should work. If you've only disabled them and you have persistence enabled, the virtual will continue to service connections until the pool member status has been changed from allow all traffic to allow only active connections. We do this with an iControl script courtesy of Joe (attached)
