cancel
Showing results for 
Search instead for 
Did you mean: 

N:N loadbalancing and failure recovery

pj_109705
Nimbostratus
Nimbostratus

We have 3 devices and 3 servers where each Device maintains 1 TCP conn with a Server.

 

We need to setup Irule to maintain following failback:

 

- each Device needs to be connected to separate server if all 3 servers are healthy

 

- if 1 server fails, particular device will be reconnected to another server so that server will handle 2 TCP connections

 

- after failed server comes back, we need to resume 1:1 situation

 

This would require to track the healh status of each server and kill the recently relocated connection so the device reinitiates new connection and 1:1 state is reestablished.

 

thank you

 

8 REPLIES 8

pj_109705
Nimbostratus
Nimbostratus
Can you please help to see which functions could be used to achieve the above?

 

 

thank you

nitass
F5 Employee
F5 Employee
- each Device needs to be connected to separate server if all 3 servers are healthy

 

- if 1 server fails, particular device will be reconnected to another server so that server will handle 2 TCP connectionsi am thinking to use table and node command i.e. recording client and server mapping in table and using node command to direct traffic to specific server.

 

 

table

 

https://devcentral.f5.com/wiki/irules.table.ashx

 

 

node

 

https://devcentral.f5.com/wiki/iRules.node.ashx

 

 

- after failed server comes back, we need to resume 1:1 situationmay we delete existing connection when server comes back?

 

 

Acton on Log - using the alertd deamon

 

https://devcentral.f5.com/wiki/advdesignconfig.Acton-on-Log-using-the-alertd-deamon.ashx

What_Lies_Bene1
Cirrostratus
Cirrostratus
pj, is this authorisation traffic?

 

 

Nitass, could we not use the CLIENT_DATA event and your table and node suggestion to select each time data is received. If this is (card/payment) authorisation traffic I expect everything for a transaction to be contained in one packet.

pj_109705
Nimbostratus
Nimbostratus
H Steve, thi is BCAAA trafic between bluecoat proxy and bcaaa server forwarding NTLM auth requests to DC.

pj_109705
Nimbostratus
Nimbostratus
Hi Nittas,

 

yes we need to delete existing conn after server comes back.

 

thanks

What_Lies_Bene1
Cirrostratus
Cirrostratus
OK, so single, long lived connections between one proxy and one server (x3)? No persistence configured?

pj_109705
Nimbostratus
Nimbostratus
indeed, no persistence needed since it is only 1 pernament conn per proxy

What_Lies_Bene1
Cirrostratus
Cirrostratus
OK, thanks for the info. I was considering something funky with timeouts and/or priority group activation but after some thought an iRule is probably the best way to go. I'm hoping Nitass will post an example shortly.