Hello,
The problem I am having is that existing connections to a content rule are remaining persistent when I suspend the referenced services, even though I have 'no persistence' configured in the content rule. What I would like to happen is for existing connections to be reset when the services that reference that content rule are suspended, or not active.
My configuration is in a Global load balancing configuration, whereby name resolutions are given to clients based on service availability. If all the services on css1 fail, then client resolutions for mycompany.com will point to css2. This part of the configuration works fine. The web site is the same accross both css's, and every link on the page appends the dns suffix mycompany.com to the link. Since the TTL is set very low, when all servicess on css1 fails, the client should be able to click a link on the page, and the box will do a resolution which will produce the new VIP on css2. My problem is that *existing* tcp connections with css1 are not reset (or sent a tcp fin) when the services are suspended. These users continue to be connected to css1 because their local hosts do not do another name resolution seeing as how their connection state is still established with css1.
To attempt to rectify this problem I configured the global command 'persistence reset remap', and 'no persistence' in the content rule. This has not worked for me though. When I suspend the services, existing connections still continue on the content rule. When I stop the web service on the web machines the services transition to down on the css, but the existing connections do not use the new VIP, and instead show a 404 error. In fact, I don't even see the counters increment when I do a 'show dns-server stat'.
The content rule is on port 443, and has application ssl configured.
Any help or ideas greatly appreciated.
The problem I am having is that existing connections to a content rule are remaining persistent when I suspend the referenced services, even though I have 'no persistence' configured in the content rule. What I would like to happen is for existing connections to be reset when the services that reference that content rule are suspended, or not active.
My configuration is in a Global load balancing configuration, whereby name resolutions are given to clients based on service availability. If all the services on css1 fail, then client resolutions for mycompany.com will point to css2. This part of the configuration works fine. The web site is the same accross both css's, and every link on the page appends the dns suffix mycompany.com to the link. Since the TTL is set very low, when all servicess on css1 fails, the client should be able to click a link on the page, and the box will do a resolution which will produce the new VIP on css2. My problem is that *existing* tcp connections with css1 are not reset (or sent a tcp fin) when the services are suspended. These users continue to be connected to css1 because their local hosts do not do another name resolution seeing as how their connection state is still established with css1.
To attempt to rectify this problem I configured the global command 'persistence reset remap', and 'no persistence' in the content rule. This has not worked for me though. When I suspend the services, existing connections still continue on the content rule. When I stop the web service on the web machines the services transition to down on the css, but the existing connections do not use the new VIP, and instead show a 404 error. In fact, I don't even see the counters increment when I do a 'show dns-server stat'.
The content rule is on port 443, and has application ssl configured.
Any help or ideas greatly appreciated.