Forum Discussion

Branden_Visser_'s avatar
Branden_Visser_
Icon for Nimbostratus rankNimbostratus
Aug 12, 2009

Graceful node removal

Hi all,

 

 

We have a need restrict new persistent sessions to an application server for a duration of time (until all sessions are removed) for a graceful reboot of the server. I know the LTM allows for this by 'disabling' a node in the pool, but we haven't had success with it.

 

 

I ran a trial of this by disabling a node for about 2 hours. During that time, the number of user sessions on that server node managed to increase.

 

 

We're running BIG-IP 9.4.4 Build 73.1 Hotfix HF1 with cookie persistence, is there maybe a known issue for this version and disabling nodes?

 

 

Thanks,

 

 

Branden
config
design

5 Replies

Sort By
  • hooleylist's avatar
    hooleylist
    Icon for Cirrostratus rankCirrostratus
    Aug 14, 2009
    Hi Branden,

     

     

    This is expected. If the persistence is based on a cookie, the client could continue to present the cookie in requests for either the duration they keep their browser open for (for a session cookie) or until the time expiration is reached. If they're consistently making requests, a time expired cookie wouldn't reach the expiration time. Basically, you could disable the node to prevent new TCP connections and then after whatever grace period you want passes force it offline to prevent any new TCP connections or clients with persistence records from reaching the node.

     

     

    Aaron
  • Branden_Visser_'s avatar
    Branden_Visser_
    Icon for Nimbostratus rankNimbostratus
    Aug 14, 2009
    Hi Aaron, thanks for your reply.

     

     

    The way you explained it is how I expected it would work, but I can't understand how the number sessions on the server *increased*. Does this sound right to you?

     

     

    I disabled the node when there were about 250 sessions on the server, 2 hours later, there were about 325 sessions. How did NEW users get on the node if only current persistent connections should be able to access it after I've disabled it?

     

     

    Best,

     

     

    Branden
  • hooleylist's avatar
    hooleylist
    Icon for Cirrostratus rankCirrostratus
    Aug 14, 2009
    That count is of TCP connections, not app sessions. So it could have gone up if more clients accessed the VIP with valid persistence cookies.

     

     

    Aaron
  • Branden_Visser_'s avatar
    Branden_Visser_
    Icon for Nimbostratus rankNimbostratus
    Aug 14, 2009

    Posted By hoolio on 08/14/2009 8:16 AM

     

    That count is of TCP connections, not app sessions.

     

     

     

    The application server provides me a count of *user sessions*. The number of users active on the application server with active sessions. When I say "Session", I don't mean TCP Connections, I mean users who are carrying sessions on my application servers -- not the F5.

     

     

    The number of users who are authenticated to the application server still climbs drastically, despite the fact that the server has been "disabled". This means that new users (without session cookies) who are coming to the server are being sent to that server, and are logging in to it.

     

     

    I hope that clarifies.

     

     

    Best,

     

     

    Branden
  • hooleylist's avatar
    hooleylist
    Icon for Cirrostratus rankCirrostratus
    Aug 17, 2009
    Hi Branden,

     

     

    Thanks for the clarification. I assumed you were looking at the TCP connections on the LTM pool stats. That does seem odd. You could use a persistence logging iRule to get a better picture of what's happening after you disable a node:

     

     

    Persistence Cookie Logger

     

    http://devcentral.f5.com/Wiki/default.aspx/iRules/Persistence_Cookie_Logger.html

     

     

    Aaron