Forum Discussion

1Tamad's avatar
1Tamad
Icon for Nimbostratus rankNimbostratus
Jul 13, 2022

Temporary reroute of web traffic

We are doing break/fix on a server that will include a reboot. Server admins are asking us to confirm that all web requests will be routed to a secondary server during the change window.

Once we are complete, we will want both web members taking requests.

What's the best way to do it?

  • Hello 1Tamad,

    I would do it this way:

    1. Enable the feature "priority group activation" in a the pools.

    2. Add new nodes with a priority group higher than the rest of the nodes of the pools. 

    3. Disable + force offline the old servers.

    4. Remove connections or persistence records that still match the old servers.

    5. Start doing the maintenance tasks over the old nodes.

    6. Enable the service over the old nodes. 

    7. Finally disable the "priority group activation" for the pools.

    8. (optional) Remove the priority group value you assigned previously to each node.

    REFhttps://support.f5.com/csp/article/K13525153

    REFhttps://support.f5.com/csp/article/K53851362

    REFhttps://support.f5.com/csp/article/K55632517

     

    • StephanManthey's avatar
      StephanManthey
      Icon for MVP rankMVP

      Step 4 of your solution may be avoided by setting your pool to "action on service down" to "reset".

      OneConnect may help as well (applies to virtual servers with SSL-termination and http-profile only!) to reroute traffic in case the poolmember becomes unavailable.

      • Patrik_Jonsson's avatar
        Patrik_Jonsson
        Icon for MVP rankMVP

        The elite of DC has spoken but I just wanted to add a small note on OneConnect. It's an awesome feature but you should be aware of some things if the following conditions are true:

        • You are not source NAT:ing your traffic already
        • You depend on source IPs in your server logs (most people do)
        • You want to enable OneConnect

        Then make sure that the X-Forwarded-For headers are inserted on the F5 and that the servers can read them. Otherwise you'll see some strange traffic patterns in the server logs. 🙂

        More about XFF here:
        https://support.f5.com/csp/article/K4816

        Kind regards,
        Patrik