Forum Discussion

yang_128295's avatar
yang_128295
Historic F5 Account
Nov 20, 2006

reject irule command doesn't work(9.1.2)

Hi all,

 

 

when i use fastL4 profile, bigip just drop syn packets when all pool member are down.

 

I want bigip to send reset for syn packets in order that client application made second action rapidly

 

I made the irue below. but reject command doens't work..

 

is there any problem in my irule

 

 

=============

 

 

when CLIENT_ACCEPTED {

 

set num [active_members antonio_pool]

 

log "active num is $num"

 

if { $num == 0 } {

 

reject

 

log "rejected"

 

} else {

 

pool antonio_pool

 

}

 

}

3 Replies

  • In case anyone else runs into this, CR72170 was created to track the issue:

     

     

     

    If the "reject" iRule commnd is used, fastL4 does not

     

    issue a reset (RST) to the client, but the usual full-proxy does.

     

     

     

    Aaron
  • Per SOL7100 (Click here), it looks like this has only been fixed in 9.3 so far.

     

     

    As a workaround, you could use the command 'node 1.1.1.1' to force TMM to send back an ICMP network unreachable message to the client. The client seems to close the connection immediately after it receives the message.

     

     

    Aaron