downing a member from LB_FAILED

I think this is because of the way LB_FAILED works (someone please jump in if I am wrong): it'll fire if the LTM can't select a pool member, or that member is down. So to me it's not a surprise that you can't down a member from this event.

 

 

What are you trying to accomplish, specifically? That may help home in on some options.

 

 

-Matt

Hi Matt,

 

 

I would have expected that LB::server commands would return info for the "currently selected" pool member even if the connection failed. If a member couldn't be selected because no pool member was up, then it would seem logical that LB::server * could only return the pool name. I could see why the IP::server_addr/TCP::server_port commands wouldn't return anything in LB_FAILED because no connection was established to the pool member.

 

 

Maybe this is a bug? There have been quite a few issues with using commands in LB_FAILED over the past versions. However, from a post post, someone was able to at least get the LB::server addr and LB::server port values in LB_FAILED (in 9.3.x):

 

 

http://devcentral.f5.com/Default.aspx?tabid=53&forumid=5&tpage=1&view=topic&postid=24583

 

 

rshayne, do you have any pool members not marked down in the pool when you're testing?

 

 

Aaron

Ahhh yes very good points Aaron, thanks. Now I'm going to have to go off and research this one...so the last question is key: are there any members available? If so, we'll need to dig into this one a bit!

 

 

-Matt

Ok my apologies everyone. The problem is that I was doing the LB::detach before the LB::down. The detach will "unselect" any currently selected member. Makes sense.

Makes sense, thanks for the follow-up. Would you be willing to post your rule, by chance?

 

 

-Matt

It's just a basic failover iRule. The idea is to use a designated "failover pool" for a given pool. I know I could do this with priorities but I need to snat as the "failover pool" will be a vip on an LB at an alternate datacenter. In addition to adding the snat, I inject a header to try and prevent any crazy loops between LB's. If you have any suggestions or improvements, especially regarding efficiency, do share.

 
 when RULE_INIT { 
   set ::remoteDCSnatPool "remote-dc-snat" 
 } 
  
 when CLIENT_ACCEPTED { 
   set defaultPool [LB::server pool] 
   set failoverPool "[LB::server pool]-failover" 
   set failover 0 
 } 
  
 when HTTP_REQUEST { 
   if { [active_members $defaultPool] < 1 || $failover == 1 } { 
     if { [HTTP::header exists lb_origin] } { 
       log local0. "lb_origin detected, rejecting" 
       reject 
     } else { 
       log local0. "Failing over to $failoverPool" 
       set failover 1 
       HTTP::header insert "lb_origin" 1 
       snatpool $::remoteDCSnatPool 
       pool $failoverPool 
     } 
   } 
 } 
  
 when LB_FAILED { 
   if { $failover == 1 } { reject } 
   LB::down 
   LB::detach 
   log local0. "reached LB_FAILED, [active_members $defaultPool] active members" 
   if { [active_members $defaultPool] < 1 } { 
     if { [HTTP::header exists lb_origin] } { 
       log local0. "lb_origin detected, rejecting" 
       reject 
     } else { 
       log local0. "Failing over to $failoverPool" 
       set failover 1 
       HTTP::header insert "lb_origin" 1 
       snatpool $::remoteDCSnatPool 
       LB::reselect pool $failoverPool 
     } 
   } else { 
     LB::mode rr 
     LB::reselect 
   } 
 } 
 

Edited for formatting

iRules contest ends today, might wanna submit that one by 5pm pacific!