Default Action On Service Down used for F5

Vendor

F5

Description

The default option for "Action On Service Down" is "None", which maintains connections to pool member even when the monitor fails, but does not create new connections.If using a good monitor that is able to determine the status of the member however, the better option in most cases is "Reject", which instead resets the existing connection and forces the client to establish a new one. This ensures that the client has an optimal chance of connecting to a functioning pool member.
Indeni will alert when the device configuration does not follow this best practice.

Remediation Steps

Read more about "Action On Service Down" at https://support.f5.com/csp/article/K15095

How does this work?

This alert uses the iControl REST interface to extract the option "Action On Service Down" for all configured pools.

Why is this important?

The default option is "None", which maintains connections to pool member even when the monitor fails, but does not create new connections. The better option in most cases however, is "Reject" which instead resets the existing connection and forces the client to establish a new one. This, coupled with good monitors ensures that the client has an optimal chance of connecting to a functioning pool member.

Without Indeni how would you find this?

An administrator could manually check member availabilty by logging on to the web interface of the device and clicking on "Local Traffic" -> "Pools" and for each pool in the list verify the option "Action On Service Down".

View Source Code
single