LyonsG_85618
Mar 30, 2015Cirrostratus
Session Persistence when pool disabled
I have configured a VIP with a default pool containing 2 servers.
Action on service down has been configured as RESET.
I have a monitor applied which retrieves a file that contains the word SUCCESSFUL or FAILED.
The receive disable string is FAILED.
This is working as expected.
I also have an irule for jession id persistence taken from here:
https://devcentral.f5.com/wiki/iRules.Weblogic_JSessionID_Persistence.ashx
`
The problem is that the persistence is being honoured so that even if pool member is DISABLED the existing connection is not RESET.
Pool config is:
` ltm pool /DEVT/pool-extranet-devt-https {
members {
/Common/172.1.1.1:443 {
address 172.1.1.1
}
/Common/172.1.1.2:443 {
address 172.1.1.2
}
}
monitor /DEVT/monitor-extranet-devt-10500 and /DEVT/monitor-extranet-devt-443
service-down-action reset
}
`
Monitor config is:
` ltm monitor https /DEVT/monitor-extranet-devt-443 {
adaptive disabled
cipherlist DEFAULT:+SHA:+3DES:+kEDH
compatibility enabled
defaults-from /Common/https
destination *:*
interval 5
ip-dscp 0
recv "200 OK"
send "GET / HTTP/1.1\\r\\nHost: \\r\\n\\Connection: Close\\r\\n\\r\\n"
time-until-up 0
timeout 16
}
ltm monitor http /DEVT/monitor-extranet-devt-10500 {
adaptive disabled
defaults-from /Common/http
destination *:10500
interval 5
ip-dscp 0
recv SUCCESSFUL
recv-disable FAILED
send "GET /jbtest/servlet/JBTest HTTP/1.1\\r\\nHost: \\r\\n\\Connection: Close\\r\\n\\r\\n"
time-until-up 0
timeout 16
}
`
Virtual Server config is:
` ltm virtual /DEVT/vs-extranet-devt-https {
destination /DEVT/172.28.152.30:443
ip-protocol tcp
mask 255.255.255.255
persist {
/DEVT/profile-persistence-devt-jsessionid {
default yes
}
}
pool /DEVT/pool-extranet-devt-https
profiles {
/Common/http { }
/Common/httpcompression { }
/Common/oneconnect { }
/Common/tcp { }
/DEVT/profile-extranet-devt-clientssl {
context clientside
}
/DEVT/profile-extranet-devt-serverssl {
context serverside
}
}
source 0.0.0.0/0
source-address-translation {
type automap
}
translate-address enabled
translate-port enabled
}
`
So how can I get BIG-IP to reset any persistent connections when server responds with FAILED?
I was going to apply an iRule that would reject connections if both pool members were down:
` when HTTP_REQUEST {
if { [active_members pool-extranet-devt-https] < 1 } {
reject
}
}
I would like to do this for each pool member though.
Anyone got any thoughts as to how i could do this ?
Or even why the ACTION ON SERVICE DOWN doesn't work when persistnce is applied?