Can I prevent VS to send RST in case there are no active members in associated pool?

Question

Hi guys,&nbsp;
recently we hit an interesting scenario during a migration: we had a VS for an application with hundreds of clients with no pool member being active, yet. LTM started to send TCP Resets to clients trying to reach the VS. The bad thing was that the clients were stubbornly trying again and again right after they received RST, resulting in tens of SYN-RST pairs per client per second. This multiplied quickly and took down another device along the path.&nbsp;
The question is, can I change the behavior of the F5 and prevent it to send RST to every SYN it receives? The presumption is that even if clients will try again and again, it won't be tens requests per client per second, but every client shall send one SYN after timeout of few seconds.&nbsp;
Note: I can, of course, solve this outside of the F5. This question is, nevertheless, related to whether it can be done on the F5 directly.&nbsp;
Thank you.&nbsp;
Jozef&nbsp;

squeak · Answer

You can choose just to drop the traffic if there are no available pool members. Don´t know if that solves your issue. &nbsp;

jozef_hamar · Answer

Hey Squeak,&nbsp;
you cannot do that on the Pool. You can do that on Pool member, but I do not want manually alter Pool member settings. Even disabling the VS does not work. So far while testing, the only thing that worked for me was to change the VS type from Standard to Performance L4.&nbsp;

vijay_e · Answer

You can also configure an iRule that serves a "Sorry, no service" page if all the pool members are down as shown here. &nbsp;

adriano_bezerr1 · Answer

In the virtual server you have the "Immediate Action On Service Down" option, have you tried using it as "DROP"?&nbsp;

Forum Discussion

Can I prevent VS to send RST in case there are no active members in associated pool?

4 Replies

Recent Discussions

F5Access | MacOS Sonoma

Active- Active HA setup

syslog server connection

Cannot see floating MAC address outside of ESXi

Rewrite uri translation not working

Related Content

Guarding Large Language Models: Advanced Approaches to Preventing Model Theft

Operationlizing Online Fraud Detection, Prevention, and Response

Re: Prevention of OWASP API Security API3:2019 Excessive Data Exposure using F5 XC

API Security Strategy - Discover and map APIs, block unwanted connection and prevent data leakage

SSL Orchestrator Advanced Use Cases: Integrating F5 Intrusion Prevention System (IPS)