Forum Discussion

Vishnu_Palanis1's avatar
Vishnu_Palanis1
Icon for Nimbostratus rankNimbostratus
May 09, 2008

Not accept connection for pool if no members are active

How do I tell F5 not to accept connections for a certain pool (or a virtual server) if none of the nodes in the pool are active?

 

 

Is this just a configuration or do I have to write an iRule?

 

 

I didn't see any configuration setting, so I looked at writing an iRule. I see the event CLIENT_ACCEPTED which is triggered after the connection is accepted. Is there an event that gets triggered before the connection is accepted, so I can 'reject' the connection?

 

 

Ideas?

 

 

Thanks in advance.
application delivery
dev
devops
iRules

4 Replies

Sort By
  • hooleylist's avatar
    hooleylist
    Icon for Cirrostratus rankCirrostratus
    May 09, 2008
    I don't believe so. You can check this post (Click here) for details and an example of how to send a TCP RST after the three way handshake is established.

     

     

    Aaron
  • Vishnu_Palanis1's avatar
    Vishnu_Palanis1
    Icon for Nimbostratus rankNimbostratus
    May 09, 2008
    Thank you. Wrote this iRule to do what you suggested.

     

     

    when CLIENT_ACCEPTED {

     

    if {[active_members [LB::server pool]] < 1} {

     

    reject

     

    }

     

    }

     

  • hooleylist's avatar
    hooleylist
    Icon for Cirrostratus rankCirrostratus
    May 09, 2008
    That looks like a good method to send a reset if the pool doesn't have any members marked up.

     

     

    Aaron
  • Krzysztof_Kozlo's avatar
    Krzysztof_Kozlo
    Icon for Nimbostratus rankNimbostratus
    May 14, 2008
    If you want to simply ignore connections to downed servers, and don't need any of the more advanced features of the TCP profile, you can use the fastL4 profile. It will ignore SYN packets when all the back-end servers are down.