Redirection of RADIUS traffic to specific member of pool using iRule - not working properly.
Dear experts,
for troubleshooting purposes (especially when running RADIUS [freeradius to be exact] in debug mode), I only want that particular host to be hitting a specific member of pool. For that purpose, I devised a simple iRule:
when CLIENT_ACCEPTED {
if { [IP::addr [IP::client_addr] equals x.x.x.x] } {
pool pl_radius member y.y.y.y
} else {
pool pl_radius member z.z.z.z
}
}
Furthermore, on RADIUS VIP, there is 60 seconds source address affinity persistence. Now to the problem. When I apply iRule to VIP, it works as expected and immediately it starts forwarding traffic to member z.z.z.z. However, no matter how long I wait (longest I tried was ~30 minutes), there is always around 20 connections (normal value is around 200) active on the y.y.y.y member which are not coming from the host defined in the beginning of the iRule. Is this a standard behavior? If not, woule you mind poiting me to the right direction of investigation? Mind you I do not want to just cut the active connections, but seamlessly move them to the othe pool member. Thank you very much and have a nice day.