Learn F5 Technologies, Get Answers & Share Community Solutions Join DevCentral

Filter by:
  • Solution
  • Technology
Answers

Disabling a Pool Member for maintenance from the Server Side

Hello F5 DevCentral -

My Application and Database Teams have been requesting assistance with two issues.

  1. Can they disable a server for maintenance and mark down the F5 health monitor when they work on the server?

  2. Can they disable one web page from a node(server)? Then mark the page down under maintenance and somehow the F5 can exclude that web page from the pool? This might require an iRule I believe.

I have both Hardware and VE BIG-IP F5 LB's and I have reviewed both links below to answer #1, but when I completed all of the steps below the App and Database Team state question #1 is not working.

https://support.f5.com/csp/article/K12818 and https://devcentral.f5.com/questions/redirect-to-a-maintenance-page

Step 1 – Created Virtual Server with IP: 10.4.24.23. I have a VS with IP: 10.4.24.23 which is reachable and has multiple DNS A records (multiple FQDN’s) assigned to it by our InfoBlox Team.

[xxxxxx:Active:In Sync] ~ # ping -c 2 10.4.24.23

PING 10.4.24.23 (10.4.24.23) 56(84) bytes of data.

64 bytes from 10.4.24.23: icmp_seq=1 ttl=255 time=2.97 ms

64 bytes from 10.4.24.23: icmp_seq=2 ttl=255 time=0.746 ms

Step 2 – Created test Pools with the pool name “SharePoint2013-PoC_80_pool” and “SharePoint2013-PoC_443_pool”.

The pools contain two test servers with IP’s: 10.4.20.87 and 10.4.23.206 listening on ports 80 & 443.

Step 3 – Created a Custom Monitor called “monitor_http_TestEnabled2” under Local Traffic ›› Monitors ››

Step 4 – I have applied the Custom Health Monitor to the Node(Server).

Step 5 – The Application Team has created a text file called server.txt which is reachable via http://controlfile-test.corp.mdsdata.com. When I run the curl command to reach the server, I get the “disabled” message.

[xxxxxxxxx:Active:In Sync] ~ # curl http://controlfile-test.corp.mdsdata.com/server.txt

Status: disabled[xxxxxxxxx:Active:In Sync] ~ #

When I ping the server with the server.txt file I am getting a response back from a different web page assigned to the VS.

[xxxxxxxxx:Active:In Sync]~ # ping -c 3 controlfile-test.corp.mdsdata.com

PING controlfile-test.corp.mdsdata.com (10.4.24.23) 56(84) bytes of data.

64 bytes from farm2.corp.mdsdata.com (10.4.24.23): icmp_seq=1 ttl=255 time=0.858 ms

64 bytes from farm2.corp.mdsdata.com (10.4.24.23): icmp_seq=2 ttl=255 time=0.966 ms

64 bytes from farm2.corp.mdsdata.com (10.4.24.23): icmp_seq=3 ttl=255 time=0.531 ms

xxxxxxxxx:Active:In Sync] ~ # ping -c 3 controlfile-test.corp.mdsdata.com

PING controlfile-test.corp.mdsdata.com (10.4.24.23) 56(84) bytes of data.

64 bytes from itsforme-test.corp.mdsdata.com (10.4.24.23): icmp_seq=1 ttl=255 time=0.892 ms

64 bytes from itsforme-test.corp.mdsdata.com (10.4.24.23): icmp_seq=2 ttl=255 time=0.974 ms

64 bytes from itsforme-test.corp.mdsdatas.com (10.4.24.23): icmp_seq=3 ttl=255 time=0.921 ms

When I ping the actual server IP from the CLI I get a response back, but from the GUI I can see the custom monitor for the node displays it is marked down, which I believe is the correct result.

Finally, The Server Team is telling me they do not belive the Customer MOnitor is working. Can someone tell me what the Server Team side has to do to get this to work? Im quite new at working with the F5 LB , therefore helping me understand what has to be done on the server side would be a great help, so know what to ask the server team for. Sorry for the very long question :-).

0
Rate this Question
Comments on this Question
Comment made 20-Feb-2018 by Pedro Haoa

Hello,

Could you post here your monitor configuration?

Via CLI: # tmsh list /ltm monitor

Cheers!

0
Comment made 20-Feb-2018 by RiadSanchz 107

Hello Pedro - sure here you go:

ltm monitor http monitor_http_TestEnabled2 {

defaults-from http

destination *:webcache

interval 5

recv "Status: enabled"

send "GET / HTTP/1.1\\r\\nHost:controlfile-test.corp.mdsdata.com"

time-until-up 0

timeout 16
0

Answers to this Question

placeholder+image
USER ACCEPTED ANSWER & F5 ACCEPTED ANSWER

Monitor disable mean your pool member will not take new request from VIP and slowly all existing session will be terminated/closed but system is remain in network. So, you will able to ping from your system/BigIP.

In-order to block ping, You will have to enable setting in window/unix server.

0
Comments on this Answer
Comment made 20-Feb-2018 by RiadSanchz 107

Hi f5_rock -

Thank you for clarifying the monitor disable state and from what I can see the node is currently disabled. Whats confusing is the steps taken from the server teams. When the server team changes the file to "Status: enabled" the monitor should display the node is online again I believe, correct?

Right now when I perfom a GET I am seeing "Status: disabled", so the node is marked down. Therefore the pool member will not take new request from VIP and slowly all existing session will be terminated/closed but system is remain in network. I guess I am seeing the correct result, but client is states he see the server still receiving requests and I think he is incorrect.

Im trying to understand the logic from the server side of things. Where does the client place the server.txt file which contains the "Status: enabled/disabled" text? A specific directory under webpage? I perform a GET to http://controlfile-test.corp.mdsdata.com/server.txt and then I get the reply back with either a disabled or enabled. Would the server team have to create a file for every FQDN's theyd like to disable for maintenance?

[xxxxxxxxx:Active:In Sync] ~ # curl http://controlfile-test.corp.mdsdata.com/server.txt

Status: disabled[xxxxxxxxx:Active:In Sync] ~ #

0
Comment made 20-Feb-2018 by Samir Jha 2940

Thank you so much for question..

When the server team changes the file to "Status: enabled" the monitor should display the node is online again I believe, correct?

defaults-from http
destination *:webcache
interval 5
recv "Status: enabled"    --> ##Server Team is changing the page contains based on that LB monitor. LB takes decision to enable & disable pool member
send "GET / HTTP/1.1\\r\\nHost:controlfile-test.corp.mdsdata.com"
time-until-up 0
timeout 16

recv "Status: enabled" --> ##Server Team is changing the page contains(enable/disable) based on that LB monitor. LB takes decision to enable & disable pool member

Client is states he see the server still receiving requests and I think he is incorrect.

Due to LB persistence method, current session is going to Pool member, Its default behavior of LB. You can make persistence none in LB VIP to solve issue and make sure other persistence profile should not attached.

Im trying to understand the logic from the server side of things. Where does the client place the server.txt file which contains the "Status: enabled/disabled" text?

Client placed file on server side & changing parameters via DB/Web to enable/disable pool member.

i.e http://controlfile-test.corp.mdsdata.com/server.txt

0