Suspending a group/content rule on CSS

Unanswered Question
Jun 1st, 2007
User Badges:

Hi,


I need to know what happens when I suspend a group or a content rule (to modify it, ie: remove or add a service):


1. Does it affect existing flows making use of this group/content rule ?

2. Does it only affect new connections ?

3. In a ASR redundancy mode, would the backup CSS take over new connections while the group/content rule is suspended ?


I'm looking for a way of amending my configuration (ie: remove/add a service to existing content rule or group) without being disruptive to the service.


Thanks

Arno



  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
RODRGUTI Fri, 06/01/2007 - 08:27
User Badges:

Hello Arno,


What happens when I suspend a group or a content rule:


1. Does it affect existing flows making use of this group/content rule ?

R/ Yes, at the point that you suspend the content rule the CSS is going to stop doing arping for that VIP address, so the current connections are going to be lost. And the new ones are not going to be able to reach the vip address.


For the group, if you suspend the group the only thing that is going to happen is that the CSS wont nat the new connections.


2. Does it only affect new connections ?

R/ Nop, it will affect also connections already established. (Just if you suspend the content rule) the group works when the traffic match on the content rule, so, when the content rule choose the service to send the traffic the CSS is going to check that the service is linked to a group in order to do the nat.


3. In a ASR redundancy mode, would the backup CSS take over new connections while the group/content rule is suspended ?

R/ Nop, the CSS is going to be the master for all the vips, including the one that you suspend, if the critical services and the reporters are alive the backup CSS is going to be the backup until the Master change to down.


So, does not matter if you suspend all content rules on your Master CSS, because the critical services and the reporters are alive.


If you need to modify your content rule, you will need a down time, or a maintenance window, if you don't want to do a failover.


Hope this help.


- Rodrigo


Actions

This Discussion