question about LTM and virtual servers..

Have a look at the Pool configuration settings for "Action on Service Down". This article is a nice write up on the topic. There are a number of configuration options depending on your desired application behavior.

thanks. i have the pool settings to reject but it still answers on it. if i bring the virtual server down, the request times out but if the virtual server is enabled with the pool down, the big ip still answers it. it seems like it's proxying the connection even with the pool down.

It does still proxy the connection. What type of traffic is this virtual server handing? If it is http/https, you can write a iRule that will respond with a "we are down" web page if there are no active members in the pool.

thanks! it's not http/https traffic, it's ldap queries between two servers. so, there is no way to have the virtual truly down when the pool members are down?

I would say a small irule rejecting connections when all members are down.

when CLIENT_ACCEPTED {
if {[active_members [LB::server pool]] < 1} {   
reject
}
} 

But, for my understand, it is the default behavior. Your VS should reject the connection when pool are down.

I think it's not what "avengers" want Matthieu, because reject action will send a TCP RST or ICMP unreacheable.

Same question here : https://devcentral.f5.com/questions/turning-vs-off-when-nodes-down

The first event that you can trigger on, CLIENT_ACCEPTED, happens AFTER a successful 3-way handshake. If you simply want the VIP to not be able to complete this handshake, then you need to disable the VIP. It's certainly not a "best practice" sort of thing, but you could use a user_alert.conf script config or iCall in 11.4 to "message" the management plane from the data plane to disable the VIP if the pool members are down.