TCP port still availible when VIP fails

Question

I need to right an Irule where the tcp of the vip would fail when the pool members fail. I would have thought setting it up to reject or drop on the VS would have accomplished this but I can still telnet to the tcp port of the VS... This is causing my GSS not to fail over as it is doing a layer 4 helth check? Stumped!

jrahm · Answer

Try discard!  I use this rule for my GSS:
when CLIENT_ACCEPTED {
  if { [active_members MyPool] == 0 } {
    discard
  }
}

mike_graston_10 · Answer

Worked like a champ! Thanks,

mike_graston_10 · Answer

citizen_elah,&nbsp;
&nbsp;  Have you ever done this with the GSS where the vip is port 0 as the back end is udp and the health check from the GSS is only tcp? I am figuring the Irule to work fine as it should disgard any packets if the nodes are dwom

jrahm · Answer

I have not done this before.  The only condition in the rule is no active members, so it will discard all connections in this scenario, assuming the CLIENT_ACCEPTED event is triggered.  I haven't done anything with UDP so I'm not sure if this event triggers with UDP connections.

zafer · Answer

How can i do globally, i have multiple vip and its not usefull&nbsp;
&nbsp;in alteon if vip service down does not accept connection&nbsp;
&nbsp;regards&nbsp;
&nbsp;zafer

Forum Discussion

TCP port still availible when VIP fails

7 Replies

Recent Discussions

Chrome V 124+ on MacOS - Virtual Server Access Issue

vulnerabilities (CVE-2020-36363), CVE-2016-0736,CVE-2019-6593-FOR VERSION BIGIP LTM-16.1.4

Port Group on F5OS network setting

Advise on setting up IRULE

F5 iRule to replace host to path

Related Content

Getting Started with BIG-IP Next: Configuring Instance High Availability

Silverline DDoS capabilities are now available in F5 Distributed Cloud

High Availability in a Bare Metal World

Deploy High-Availability and Latency-sensitive workloads with F5 Distributed Cloud

Making EKS Anywhere Highly Available and Secure