Forum Discussion

saksham_116902's avatar
saksham_116902
Icon for Nimbostratus rankNimbostratus
Sep 07, 2013

iControl accepts new connections when FORCED OFFLINE

Hi,

 

I have been noticing a weird problem with iControl. I created a script following Joe Pruitt's PSServerControl example. The script uses a STATE_DISABLED and should not be accepting any new connections.

 

iControlSnapIn already registered...

 

Disabling Session Enabled State...

 

Waiting for current connections to drop to zero...

 

Current Connections: 21

 

Current Connections: 21

 

Current Connections: 20

 

Current Connections: 20

 

Current Connections: 20

 

Current Connections: 20

 

Current Connections: 20

 

Current Connections: 20

 

Current Connections: 20

 

Current Connections: 20

 

Current Connections: 20

 

Current Connections: 21

 

Current Connections: 17

 

Current Connections: 17

 

Current Connections: 17

 

Current Connections: 17

 

Current Connections: 17

 

Current Connections: 17

 

Current Connections: 17

 

Current Connections: 17

 

Current Connections: 17

 

Current Connections: 17

 

Current Connections: 17

 

Current Connections: 17

 

Current Connections: 17

 

Current Connections: 17

 

Current Connections: 18

 

Current Connections: 19

 

Current Connections: 19

 

Current Connections: 19

 

Current Connections: 17

 

Current Connections: 18

 

Current Connections: 18

 

Current Connections: 18

 

Current Connections: 18

 

Current Connections: 18

 

Current Connections: 18

 

Current Connections: 18

 

Current Connections: 18

 

Current Connections: 18

 

Current Connections: 18

 

Current Connections: 17

 

Current Connections: 17

 

Current Connections: 18

 

Current Connections: 18

 

Current Connections: 18

 

Current Connections: 18

 

Current Connections: 18

 

Current Connections: 18

 

Current Connections: 18

 

Current Connections: 18

 

Current Connections: 18

 

Current Connections: 18

 

Current Connections: 22

 

Current Connections: 22

 

Current Connections: 22

 

Current Connections: 22

 

Current Connections: 21

 

Current Connections: 21

 

Current Connections: 21

 

Current Connections: 21

 

Current Connections: 21

 

Current Connections: 21

 

Current Connections: 18

 

Current Connections: 18

 

Current Connections: 18

 

Current Connections: 18

 

Current Connections: 18

 

Current Connections: 18

 

Current Connections: 18

 

Current Connections: 18

 

Current Connections: 18

 

Current Connections: 15

 

Current Connections: 15

 

Current Connections: 15

 

 

4 Replies

  • As mhite suggested, it looks like you've disabled the node address or pool IP:port. This will allow existing connections to continue as well as clients with a persistence record to continue using the node or pool member.

     

    If you want to prevent all new connections to the node or pool member, you can set the state to offline. Existing connections will be preserved, but new connections will not be allowed.

     

    See this post from Joe for details:

     

    https://devcentral.f5.com/articles/icontrol-apps-20-server-control

     

    Determining The Toggle State

     

    When querying the Toggle state (enabled, disabled, or offline), one must look at the monitor and session enabled states. The three possible combinations of these two values will yield the appropriate toggle states.

     

    Monitor State Session Enabled State Toggle State

     

    STATE_ENABLED STATE_ENABLED Enabled (All traffic allowed)

     

    STATE_ENABLED STATE_DISABLED Disabled (Only persistent or active connections allowed)

     

    STATE_DISABLED STATE_DISABLED Forced Offline (Only active connections allowed)

     

  • Thanks, that does make some sense. Here's my Disable-Member function. Where do you think I should add the required parameters to make it forced offline?
    
    function Disable-Member()
        {
            param($pool_name, $member);
            $vals = $member.Split( (, ':'));
            $member_addr = $vals[0];
            $member_port = $vals[1];
            Write-Host "Disabling Session Enabled State...";
            try{
                $MemberSessionState = New-Object -TypeName iControl.LocalLBPoolMemberMemberSessionState;
                $MemberSessionState.member = New-Object -TypeName iControl.CommonIPPortDefinition;
                $MemberSessionState.member.address = $member_addr;
                $MemberSessionState.member.port = $member_port;
                $MemberSessionState.session_state = "STATE_DISABLED";
                $MemberSessionStateAofA = New-Object -TypeName "iControl.LocalLBPoolMemberMemberSessionState[][]" 1,1
                $MemberSessionStateAofA[0][0] = $MemberSessionState;
                (Get-F5.iControl).LocalLBPoolMember.set_session_enabled_state( (, $pool_name), $MemberSessionStateAofA);
            }
            catch 
            {
                Print Error message if the pool does not contain the pool_member
                [string]$i="ERROR: The requested pool member does not belong to the specified pool name. Please provide valid pool and its member.`n" 
                write-host $i -foregroundcolor "yellow"
            }
            Write-Host "Waiting for current connections to drop to zero..."
            try{
                $MemberDef = New-Object -TypeName iControl.CommonIPPortDefinition;
                $MemberDef.address = $member_addr;
                $MemberDef.port = $member_port;
                $MemberDefAofA = New-Object -TypeName "iControl.CommonIPPortDefinition[][]" 1,1
                $MemberDefAofA[0][0] = $MemberDef;
                $cur_connections = 1;
                while ( $cur_connections -gt 0 )
                {
                    $MemberStatisticsA = (Get-F5.iControl).LocalLBPoolMember.get_statistics( (, $pool_name), $MemberDefAofA);
                    $MemberStatisticEntry = $MemberStatisticsA[0].statistics[0];
                    $Statistics = $MemberStatisticEntry.statistics;
                    foreach ($Statistic in $Statistics)
                    {
                        $type = $Statistic.type;
                        $value = $Statistic.value;
                        if ( $type -eq "STATISTIC_SERVER_SIDE_CURRENT_CONNECTIONS" )
                        {
                             just use the low value.  Odds are there aren't over 2^32 current connections.
                             If your site is this big, you'll have to convert this to a 64 bit number.
                            $cur_connections = $value.low;
                            Write-Host "Current Connections: $cur_connections"
                        }
                    }
                    Start-Sleep -s 1
                }
            } catch {
                    Print Error message if the connections cannot be dropped
                    [string]$i="ERROR: The specified pool member was not found.`n" 
                    write-host $i -foregroundcolor "yellow"
                }
            Write-Host "Disabling Monitor State...";
            try
                {
                $MemberMonitorState = New-Object -TypeName iControl.LocalLBPoolMemberMemberMonitorState;
                $MemberMonitorState.member = New-Object -TypeName iControl.CommonIPPortDefinition;
                $MemberMonitorState.member.address = $member_addr;
                $MemberMonitorState.member.port = $member_port;
                $MemberMonitorState.monitor_state = "STATE_DISABLED";
                $MemberMonitorStateAofA = New-Object -TypeName "iControl.LocalLBPoolMemberMemberMonitorState[][]" 1,1
                $MemberMonitorStateAofA[0][0] = $MemberMonitorState;
                (Get-F5.iControl).LocalLBPoolMember.set_monitor_state( (, $pool_name), $MemberMonitorStateAofA);
                Get-PoolMemberStatus $pool_name $member
            } 
            catch {
                Print Error message if the status cannot be set
                [string]$i="ERROR: The disable status could not be set. `n" 
                write-host $i -foregroundcolor "yellow"
            }
        }