Checking if Virtual Server disabled within iRule

An iRule associated is not triggered except in response to certain events after a connection has been established to the virtual server its associated with (CLIENT_ACCEPTED and beyond). If the virtual server is manually disabled, no new connections are allowed to it, hence no iRule associated with it will ever trigger.

Instead of disabling the virtual server, you could manually disable the associated pool(s). Traffic is allowed to the virtual server and your iRule could check to see if there are any active pool members to load balance to. If none found, then send your pretty maintenance page. See https://clouddocs.f5.com/api/irules/active_members.html

There's two problems with that: 1) If all pool members are down, I want to take a different action and display a message stating that there is a a service issue, as opposed to a scheduled maintenance event 2) There's multiple virtual servers pointing to the same pool, so disabling the pool negatively affects more than I want it to

Are the multiple virtual servers pointing to the same pool members (in other words, same IP and service port) or same nodes (IPs) but different service ports (in other words, different pool members)?

Same pool. Basically, there's a test Virtual Server that's an exact copy of the main Virtual Server

You can disable pool member instances without it impacting other instances. In other words, two different pools - but same pool members - for each virtual server (let's call them "test" and "prod" respectively). Manually disable the pool member's in the pool associated with the "prod" virtual server; the members in the pool associated with the "test" virtual server are not impacted and still show available in that pool. This effectively disables the "prod" virtual server without preventing it from accepting connections, and allows your iRule to work its magic. Your "test" virtual server is not impacted.

The problem I think is the iRule can't distinguish between disabled and down members. Remember, if it's an issue of all pool members being down, I would like to display a FailWhale page so the user understand that this is a service issue, not something that was planned. On Citrix Netscaler, you'd use the "-backupVServer" option on the Content Switched server to point to maintenance page, and then the FailWhale vServer for the LB vservers

That is true. You're definitely between a rock and a hard place! I found this article here - https://devcentral.f5.com/s/feed/0D51T00006i7M54SAE - that may provide some insight into some other techniques you could employ. Don't know if you've seen it or not.

Additional find: With 11.5 and the REST-based iControl, you can issue a side-band call to the (icrd) REST interface to perform just about any TMSH functions you want, including perhaps checking the status of those pool members to see if they are offline (due to monitor) or manually disabled. Net upshot is that a virtual server needs to be enabled in order for any iRules associated with it to trigger. Manually disabling a virtual server "disables" execution of any associated iRules except for existing open connections.

I think the best overall solution is use a data group list to set some flag that puts a VS is maintenance mode. As you say, if the VS is disabled, then it doesn't process anything. So I have to enable maintenance without disabling the VS.

 

https://devcentral.f5.com/questions/redirecting-user-request-to-maintenance-page-or-another-virtual-server