Learn F5 Technologies, Get Answers & Share Community Solutions Join DevCentral

Filter by:
  • Solution
  • Technology
Answers

Best way to set a pool member as Disable from Irule

Hi all,

I have a requirement that needs pool members to be disabled when a certain number of concurrent sessions has been reached to stop new sessions going to the member ( memory locking errors in the app occur above certain user counts and they would rather hard deny users then bring everything down).

I have written an irule that does all this tracking and management but what i cant figure out is a simple good way to disable nodes. This irule will be applied to many pools and 100 odd nodes so it cant be hard coded.

Right now in my dev environment i am lopping over pool members and if any are over threshold using LB:DOWN on that pool member. After looping i then forcing a LB::select, this works because i am relying on a health monitor up delay to keep all the members i just marked as down, down. Thus this logic gets repeated for every new session, and i have nodes constantly going up and down.

i would much rather mark them as disable and bring them back to active if the session count drop below threshold then what i am doing now but i cant figure out at good way. i cant see how you would do it with icall as all the example i see have hardcoded triggers.

So what will work best? i assume some kind of sideband connection? also running 11.6 HF5

All advice and ideas welcome!

cheers

0
Rate this Question
Comments on this Question
Comment made 10-Feb-2016 by IanB
Can you not achieve this by placing a connection limit on each pool member (local traffic / pools / [pool] / members / [member] / Connection Limit ) ?
1

Answers to this Question

placeholder+image
USER ACCEPTED ANSWER & F5 ACCEPTED ANSWER

Hi,

number of TCP connections is not a good measure of number of user sessions for this web app when I look at the conn table for these vips a single user has anywhere from 1 to 10 tcp connections for one session depending on task/function. This is all sap web frontend stuff.

0
placeholder+image
USER ACCEPTED ANSWER & F5 ACCEPTED ANSWER

based off this post https://devcentral.f5.com/questions/how-to-run-a-bash-script-in-irule-with-a-parameter-to-that-bash-script-

i have used a sideband connection with a PUT to icontrol to set the member as user-disabled. The only issue is that i have to use a data group to translate from member ip:port ( what i rules use) to member name (what i control).

Anyone know a better way then a data group to do this?

the magic line for the put looks like:

`set req   "PUT /mgmt/tm/ltm/pool/~[lindex $test end-1]~[lindex $test end]/members/~[lindex $test end-1]~$member:$port HTTP/1.1\r\nHost: localhost\r\nAuthorization: Basic BASE64GOESHERE\r\nContent-Type:application/json\r\nContent-Length: 27\r\n\r\n{\"session\":\"user-disabled\"}"`
0