Krzysztof_Kozlo
May 02, 2007Nimbostratus
TCP redirect on LB_FAILED for in-band health check.
We have several situations in the enterprise where it is desirable to have a large number of farmed services run on a single pool of servers. New instances come online all the time, and only TCP health checks are required, but we don't want to configure an explicit pool, complete with monitor, each time someone starts up a listening process on a port.
We want to use a Layer 3 virtual server like this:
virtual moo {
destination 1.1.1.1:any
ip protocol tcp
pool moo
rule moo
}
pool moo {
member server1:any
}
pool foo {
member server2:any
}
What I'd like to be able to do is create a rule like this:
rule moo {
when LB_FAILED {
log "connection to [IP::server_addr] failed"
use pool foo
}
This would enable an on-the-fly TCP health check, essentially -- if the host is not responding on that port, try the other server. I don't see any reason this shouldn't be possible, but it doesn't work. I simply get disconnected when LB_FAILED. LB_FAILED is working, based on LTM output:
May 2 16:20:05 tmm tmm[1049]: 01220002:6: Rule moo : connection failed: 144.203.239.34
Also, it is not the case that LB_FAILED is processed after the client flow is closed. This rule works:
rule moo {
when LB_FAILED {
log "connection failed: [IP::server_addr]"
TCP::respond "sorry, dude, your server's down."
}
}
Observe:
zuul /u/ineteng/Data/f5 239$ telnet 10.165.29.17 23
Trying 10.165.29.17...
Connected to 10.165.29.17.
Escape character is '^]'.
sorry, dude, your server's down.Connection closed by foreign host.
zuul /u/ineteng/Data/f5 240$
Anyone have any ideas? This sure would be useful!