Prevent three way handshake on VIP when nodes unavailable

Question

Very simple setup VIP and pool, if all nodes are unavailable (failed health check) we don't want the VIP to respond on a three-way handshake ... which it does by default due to the full-proxy feature of the big-ip.  &nbsp;
&nbsp;Tech support advised an irule to discard the connection which made it worse:
&nbsp;when CLIENT_ACCEPTED {
&nbsp;  if { [active_members VIP-vh9stage.nml.com_71.164_80] == 0 } {
&nbsp;    discard
&nbsp;  }
&nbsp;}
&nbsp;so i changed it to a reject which is better, but still doesn't prevent the 3-way.  After all, it is when the client is accepted.
&nbsp;Thanks

hooleylist · Answer

Oddly enough, when I tested on 9.4, I think 'discard' also triggered a reset (!?).  &nbsp;
&nbsp;I believe that when you add a TCP profile to a virtual server, there is no way to prevent TMM from completing a three way handshake.&nbsp;
&nbsp;Check this post from rapmaster_c for more info (Click here).&nbsp;
&nbsp;Aaron

Forum Discussion

Prevent three way handshake on VIP when nodes unavailable

1 Reply

Recent Discussions

Overwriting or adding LTM SSL Traffic cert and key using iControlREST

Pricing when used with aws waf

F5 terminal - help to run commands - disk space full

import live updates from version x to version y

Tenant image upgrade

Related Content

Guarding Large Language Models: Advanced Approaches to Preventing Model Theft

Avoid SSL Handshake When Pool is Unavailable

Operationlizing Online Fraud Detection, Prevention, and Response

Re: Prevention of OWASP API Security API3:2019 Excessive Data Exposure using F5 XC

SSL Profiles Part 1: Handshakes