Forum Discussion
SSHSSH_97332
Feb 11, 2012Nimbostratus
Will IRules direct to a down pool memebr ?
i have VS with 1 pool having 2 pool members , each pool members has a monitor . i have an IRule that have the following logic :
if client src-ip = X , direct to pool member 1 , else direct to the pool ( sothat LB can be achieved )
The question is : if the pool member 1 is down due to a monitor failure , will IRule continue to direct traffic to it causing this client src-ip to face issues ?
12 Replies
Sort By
- pool command just sends traffic right away regardless of monitor status.
[root@ve1023:Active] config b virtual bar list virtual bar { snatpool mysnatpool destination 172.28.19.79:80 ip protocol 6 rules myrule } [root@ve1023:Active] config b pool foo list pool foo { members { 200.200.200.101:80 { monitor fake } 200.200.200.102:80 {} } } [root@ve1023:Active] config b pool foo|grep -i pool\ member +-> POOL MEMBER foo/200.200.200.101:80 inactive,down +-> POOL MEMBER foo/200.200.200.102:80 active,unchecked [root@ve1023:Active] config b rule myrule list rule myrule { when CLIENT_ACCEPTED { if {[IP::addr [IP::client_addr] equals 172.28.19.0/24]} { pool foo member 200.200.200.101 80 } else { pool foo member 200.200.200.102 80 } } } [root@centos251 ~] curl -i http://172.28.19.79 HTTP/1.1 200 OK Date: Sun, 12 Feb 2012 05:45:49 GMT Server: Apache/2.2.3 (CentOS) Last-Modified: Fri, 11 Nov 2011 14:48:14 GMT ETag: "4183e4-3e-9c564780" Accept-Ranges: bytes Content-Length: 62 Content-Type: text/html; charset=UTF-8 ... This is 101 host. ... [root@ve1023:Active] config tcpdump -nni 0.0 port 80 and not host 200.200.200.10 tcpdump: verbose output suppressed, use -v or -vv for full protocol decode listening on 0.0, link-type EN10MB (Ethernet), capture size 108 bytes 21:39:10.570016 IP 172.28.19.251.45053 > 172.28.19.79.80: S 1534292938:1534292938(0) win 5840 21:39:10.570054 IP 172.28.19.79.80 > 172.28.19.251.45053: S 1499369674:1499369674(0) ack 1534292939 win 4380 21:39:10.570944 IP 172.28.19.251.45053 > 172.28.19.79.80: . ack 1 win 46 21:39:10.571011 IP 200.200.200.79.45053 > 200.200.200.101.80: S 2199208058:2199208058(0) win 4380 21:39:10.571017 IP 172.28.19.251.45053 > 172.28.19.79.80: P 1:155(154) ack 1 win 46 21:39:10.573862 IP 200.200.200.101.80 > 200.200.200.79.45053: S 2748507079:2748507079(0) ack 2199208059 win 5792 21:39:10.573879 IP 200.200.200.79.45053 > 200.200.200.101.80: . ack 1 win 4380
- So what is the solution in this Case ?
- i think you may add condition in irule or may use pool with priority group activation instead of specifying only one pool member.
just my 2 cents.
- but how will pool with priority group activation if IRule directs to a certain pool member even if member is down ?
- sorry to confuse. i meant using pool command in irule instead of pool member command and enabling priority group on the pool.
- Can we do something like : if srcip=X & Monitor is "ok" forward too pool one .... by that we checked for health before forwarding
- yes, you may use LB::status pool.
- Thanks alot
- e.g.
[root@ve1023:Active] config b virtual bar list virtual bar { snat automap pool foo destination 172.28.19.79:80 ip protocol 6 rules myrule } [root@ve1023:Active] config b pool foo list pool foo { members { 200.200.200.101:80 { monitor fake } 200.200.200.102:80 {} } } [root@ve1023:Active] config b rule myrule list rule myrule { when CLIENT_ACCEPTED { log local0. "\[IP::client_addr\]: [IP::client_addr]" log local0. "\[LB::status pool foo member 200.200.200.101 80\]: [LB::status pool foo member 200.200.200.101 80]" log local0. "\[LB::status pool foo member 200.200.200.102 80\]: [LB::status pool foo member 200.200.200.102 80]" if {[IP::addr [IP::client_addr] equals 172.28.19.0/24]}{ if {[LB::status pool foo member 200.200.200.101 80] eq "up"}{ pool foo member 200.200.200.101 80 } elseif {[LB::status pool foo member 200.200.200.102 80] eq "up"}{ pool foo member 200.200.200.102 80 } else { reject } } else { if {[LB::status pool foo member 200.200.200.102 80] eq "up"}{ pool foo member 200.200.200.102 80 } elseif {[LB::status pool foo member 200.200.200.101 80] eq "up"}{ pool foo member 20.200.200.101 80 } else { reject } } } when SERVER_CONNECTED { log local0. "[IP::client_addr]:[TCP::client_port] -> [IP::local_addr clientside]:[TCP::local_port clientside] -> [IP::remote_addr]:[TCP::remote_port]" } } [root@ve1023:Active] config cat /var/log/ltm Feb 17 02:18:13 local/tmm info tmm[4822]: Rule myrule : [IP::client_addr]: 172.28.19.251 Feb 17 02:18:13 local/tmm info tmm[4822]: Rule myrule : [LB::status pool foo member 200.200.200.101 80]: up Feb 17 02:18:13 local/tmm info tmm[4822]: Rule myrule : [LB::status pool foo member 200.200.200.102 80]: up Feb 17 02:18:13 local/tmm info tmm[4822]: Rule myrule : 172.28.19.251:45472 -> 172.28.19.79:80 -> 200.200.200.101:80 Feb 17 02:18:55 local/ve1023 notice mcpd[3746]: 01070638:5: Pool member 200.200.200.101:80 monitor status down. Feb 17 02:19:01 local/tmm info tmm[4822]: Rule myrule : [IP::client_addr]: 172.28.19.251 Feb 17 02:19:01 local/tmm info tmm[4822]: Rule myrule : [LB::status pool foo member 200.200.200.101 80]: down Feb 17 02:19:01 local/tmm info tmm[4822]: Rule myrule : [LB::status pool foo member 200.200.200.102 80]: up Feb 17 02:19:01 local/tmm info tmm[4822]: Rule myrule : 172.28.19.251:45473 -> 172.28.19.79:80 -> 200.200.200.102:80
Recent Discussions
Related Content
DevCentral Quicklinks
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com
Discover DevCentral Connects