search

F5Networks / f5-appsvcs-extension

F5 BIG-IP Application Services 3 Extension
Apache License 2.0
163 stars 52 forks source link

BIGIP sends the reset when sending the data group update using AS3 declaration #752

Closed vklohiya closed 5 months ago

vklohiya commented 10 months ago

Environment

Summary

When we update the datagroup in AS3 declaration there is 0.5 seconds when there are no pool members hence the BIG-IP sends the reset with [F5RST: No pool member available] (logged with tm.rstcause.pkt enable).

Steps To Reproduce

Steps to reproduce the behavior:

  1. Submit the following declaration: 
    {
"$schema": "https://raw.githubusercontent.com/F5Networks/f5-appsvcs-extension/master/schema/3.45.0/as3-schema-3.45.0-5.json",
"class": "AS3",
"declaration": {
    "class": "ADC",
    "controls": {
        "class": "Controls",
        "userAgent": "CIS/v2.14.0-WIP K8S/v1.24.0+9546431"
    },
    "id": "urn:uuid:85626792-9ee7-46bb-8fc8-4ba708cfdc1d",
    "label": "CIS Declaration",
    "remark": "Auto-generated by CIS",
    "schemaVersion": "3.41.0",
    "test": {
        "Shared": {
            "class": "Application",
            "coffee_svc_8080_default_cafe_example_com": {
                "class": "Pool",
                "members": [
                    {
                        "addressDiscovery": "static",
                        "serverAddresses": [
                            "10.4.0.15"
                        ],
                        "servicePort": 31064,
                        "shareNodes": true
                    },
                    {
                        "addressDiscovery": "static",
                        "serverAddresses": [
                            "10.4.0.14"
                        ],
                        "servicePort": 31064,
                        "shareNodes": true
                    },
                    {
                        "addressDiscovery": "static",
                        "serverAddresses": [
                            "10.4.0.16"
                        ],
                        "servicePort": 31064,
                        "shareNodes": true
                    }
                ]
            },
            "coffee_svc_8080_default_cluster2_cafe_example_com": {
                "class": "Pool",
                "members": [
                    {
                        "addressDiscovery": "static",
                        "serverAddresses": [
                            "10.4.0.22"
                        ],
                        "servicePort": 30394,
                        "shareNodes": true
                    },
                    {
                        "addressDiscovery": "static",
                        "serverAddresses": [
                            "10.4.0.21"
                        ],
                        "servicePort": 30394,
                        "shareNodes": true
                    },
                    {
                        "addressDiscovery": "static",
                        "serverAddresses": [
                            "10.4.0.20"
                        ],
                        "servicePort": 30394,
                        "shareNodes": true
                    }
                ]
            },
            "crd_10_8_3_11_443": {
                "class": "Service_HTTPS",
                "iRules": [
                    "crd_10_8_3_11_443_tls_irule"
                ],
                "policyEndpoint": "/test/Shared/crd_10_8_3_11_443_cafe_example_com_policy",
                "redirect80": false,
                "serverTLS": [
                    {
                        "bigip": "/Common/clientssl"
                    }
                ],
                "snat": "auto",
                "source": "0.0.0.0/0",
                "translateServerAddress": true,
                "translateServerPort": true,
                "virtualAddresses": [
                    "10.8.3.11"
                ],
                "virtualPort": 443
            },
            "crd_10_8_3_11_443_ab_deployment_dg": {
                "class": "Data_Group",
                "keyDataType": "string",
                "records": [
                    {
                        "key": "cafe.example.com",
                        "value": "coffee_svc_8080_default_cafe_example_com,0.600;coffee_svc_8080_default_cluster2_cafe_example_com,1.000"
                    }
                ]
            },
            "crd_10_8_3_11_443_cafe_example_com_policy": {
                "class": "Endpoint_Policy",
                "rules": [
                    {
                        "actions": [
                            {
                                "event": "request",
                                "type": "log",
                                "write": {
                                    "message": "a/b pool"
                                }
                            }
                        ],
                        "conditions": [
                            {
                                "all": {
                                    "operand": "equals",
                                    "values": [
                                        "cafe.example.com:443",
                                        "cafe.example.com"
                                    ]
                                },
                                "event": "request",
                                "name": "host",
                                "type": "httpHeader"
                            }
                        ],
                        "name": "vs_cafe_example_com_coffee_svc_8080_default_cluster2_cafe_example_com"
                    }
                ],
                "strategy": "first-match"
            },
            "crd_10_8_3_11_443_ssl_edge_servername_dg": {
                "class": "Data_Group",
                "keyDataType": "string",
                "records": [
                    {
                        "key": "cafe.example.com",
                        "value": "coffee_svc_8080_default_cluster2_cafe_example_com"
                    }
                ]
            },
            "crd_10_8_3_11_443_ssl_edge_serverssl_dg": {
                "class": "Data_Group",
                "keyDataType": "string",
                "records": [
                    {
                        "key": "cafe.example.com",
                        "value": "false"
                    }
                ]
            },
            "crd_10_8_3_11_443_tls_irule": {
                "class": "iRule",
                "iRule": "when CLIENT_ACCEPTED { TCP::collect }\n\n\n\t\tproc select_ab_pool {path default_pool } {\n\t\t\tset last_slash [string length $path]\n\t\t\tset ab_class \"/test/Shared/crd_10_8_3_11_443_ab_deployment_dg\"\n\t\t\twhile {$last_slash >= 0} {\n\t\t\t\tif {[class match $path equals $ab_class]} then {\n\t\t\t\t\tbreak\n\t\t\t\t}\n\t\t\t\tset last_slash [string last \"/\" $path $last_slash]\n\t\t\t\tincr last_slash -1\n\t\t\t\tset path [string range $path 0 $last_slash]\n\t\t\t}\n\n\t\t\tif {$last_slash >= 0} {\n\t\t\t\tset ab_rule [class match -value $path equals $ab_class]\n\t\t\t\tif {$ab_rule != \"\"} then {\n\t\t\t\t\tset weight_selection [expr {rand()}]\n\t\t\t\t\tset service_rules [split $ab_rule \";\"]\n\t\t\t\t\tforeach service_rule $service_rules {\n\t\t\t\t\t\tset fields [split $service_rule \",\"]\n\t\t\t\t\t\tset pool_name [lindex $fields 0]\n\t\t\t\t\t\tset weight [expr {double([lindex $fields 1])}]\n\t\t\t\t\t\tif {$weight_selection <= $weight} then {\n\t\t\t\t\t\t\treturn $pool_name\n\t\t\t\t\t\t}\n\t\t\t\t\t}\n\t\t\t\t}\n\t\t\t\t# If we had a match, but all weights were 0 then\n\t\t\t\t# retrun a 503 (Service Unavailable)\n\t\t\t\tHTTP::respond 503\n\t\t\t}\n\t\t\treturn $default_pool\n\t\t}\n\n\n\t\twhen CLIENT_DATA {\n\t\t\t# Byte 0 is the content type.\n\t\t\t# Bytes 1-2 are the TLS version.\n\t\t\t# Bytes 3-4 are the TLS payload length.\n\t\t\t# Bytes 5-$tls_payload_len are the TLS payload.\n\t\t\tbinary scan [TCP::payload] cSS tls_content_type tls_version tls_payload_len\n\t\t\tif { ! [ expr { [info exists tls_content_type] && [string is integer -strict $tls_content_type] } ] }  { reject ; event disable all; return; }\n\t\t\tif { ! [ expr { [info exists tls_version] && [string is integer -strict $tls_version] } ] }  { reject ; event disable all; return; }\n\t\t\tswitch -exact $tls_version {\n\t\t\t\t\"769\" -\n\t\t\t\t\"770\" -\n\t\t\t\t\"771\" {\n\t\t\t\t\t# Content type of 22 indicates the TLS payload contains a handshake.\n\t\t\t\t\tif { $tls_content_type == 22 } {\n\t\t\t\t\t\t# Byte 5 (the first byte of the handshake) indicates the handshake\n\t\t\t\t\t\t# record type, and a value of 1 signifies that the handshake record is\n\t\t\t\t\t\t# a ClientHello.\n\t\t\t\t\t\tbinary scan [TCP::payload] @5c tls_handshake_record_type\n\t\t\t\t\t\tif { ! [ expr { [info exists tls_handshake_record_type] && [string is integer -strict $tls_handshake_record_type] } ] }  { reject ; event disable all; return; }\n\t\t\t\t\t\tif { $tls_handshake_record_type == 1 } {\n\t\t\t\t\t\t\t# Bytes 6-8 are the handshake length (which we ignore).\n\t\t\t\t\t\t\t# Bytes 9-10 are the TLS version (which we ignore).\n\t\t\t\t\t\t\t# Bytes 11-42 are random data (which we ignore).\n\n\t\t\t\t\t\t\t# Byte 43 is the session ID length.  Following this are three\n\t\t\t\t\t\t\t# variable-length fields which we shall skip over.\n\t\t\t\t\t\t\tset record_offset 43\n\n\t\t\t\t\t\t\t# Skip the session ID.\n\t\t\t\t\t\t\tbinary scan [TCP::payload] @${record_offset}c tls_session_id_len\n\t\t\t\t\t\t\tif { ! [ expr { [info exists tls_session_id_len] && [string is integer -strict $tls_session_id_len] } ] }  { reject ; event disable all; return; }\n\t\t\t\t\t\t\tincr record_offset [expr {1 + $tls_session_id_len}]\n\n\t\t\t\t\t\t\t# Skip the cipher_suites field.\n\t\t\t\t\t\t\tbinary scan [TCP::payload] @${record_offset}S tls_cipher_suites_len\n\t\t\t\t\t\t\tif { ! [ expr { [info exists tls_cipher_suites_len] && [string is integer -strict $tls_cipher_suites_len] } ] }  { reject ; event disable all; return; }\n\t\t\t\t\t\t\tincr record_offset [expr {2 + $tls_cipher_suites_len}]\n\n\t\t\t\t\t\t\t# Skip the compression_methods field.\n\t\t\t\t\t\t\tbinary scan [TCP::payload] @${record_offset}c tls_compression_methods_len\n\t\t\t\t\t\t\tif { ! [ expr { [info exists tls_compression_methods_len] && [string is integer -strict $tls_compression_methods_len] } ] }  { reject ; event disable all; return; }\n\t\t\t\t\t\t\tincr record_offset [expr {1 + $tls_compression_methods_len}]\n\n\t\t\t\t\t\t\t# Get the number of extensions, and store the extensions.\n\t\t\t\t\t\t\tbinary scan [TCP::payload] @${record_offset}S tls_extensions_len\n\t\t\t\t\t\t\tif { ! [ expr { [info exists tls_extensions_len] && [string is integer -strict $tls_extensions_len] } ] }  { reject ; event disable all; return; }\n\t\t\t\t\t\t\tincr record_offset 2\n\t\t\t\t\t\t\tbinary scan [TCP::payload] @${record_offset}a* tls_extensions\n\t\t\t\t\t\t\tif { ! [info exists tls_extensions] }  { reject ; event disable all; return; }\n\t\t\t\t\t\t\tfor { set extension_start 0 }\n\t\t\t\t\t\t\t\t\t{ $tls_extensions_len - $extension_start == abs($tls_extensions_len - $extension_start) }\n\t\t\t\t\t\t\t\t\t{ incr extension_start 4 } {\n\t\t\t\t\t\t\t\t# Bytes 0-1 of the extension are the extension type.\n\t\t\t\t\t\t\t\t# Bytes 2-3 of the extension are the extensionlength.\n\t\t\t\t\t\t\t\tbinary scan $tls_extensions @${extension_start}SS extension_type extension_len\n\t\t\t\t\t\t\t\tif { ! [ expr { [info exists extension_type] && [string is integer -strict $extension_type] } ] }  { reject ; event disable all; return; }\n\t\t\t\t\t\t\t\tif { ! [ expr { [info exists extension_len] && [string is integer -strict $extension_len] } ] }  { reject ; event disable all; return; }\n\n\t\t\t\t\t\t\t\t# Extension type 00 is the ServerName extension.\n\t\t\t\t\t\t\t\tif { $extension_type == \"00\" } {\n\t\t\t\t\t\t\t\t\t# Bytes 4-5 of the extension are the SNI length (we ignore this).\n\n\t\t\t\t\t\t\t\t\t# Byte 6 of the extension is the SNI type.\n\t\t\t\t\t\t\t\t\tset sni_type_offset [expr {$extension_start + 6}]\n\t\t\t\t\t\t\t\t\tbinary scan $tls_extensions @${sni_type_offset}S sni_type\n\t\t\t\t\t\t\t\t\tif { ! [ expr { [info exists sni_type] && [string is integer -strict $sni_type] } ] }  { reject ; event disable all; return; }\n\n\t\t\t\t\t\t\t\t\t# Type 0 is host_name.\n\t\t\t\t\t\t\t\t\tif { $sni_type == \"0\" } {\n\t\t\t\t\t\t\t\t\t\t# Bytes 7-8 of the extension are the SNI data (host_name)\n\t\t\t\t\t\t\t\t\t\t# length.\n\t\t\t\t\t\t\t\t\t\tset sni_len_offset [expr {$extension_start + 7}]\n\t\t\t\t\t\t\t\t\t\tbinary scan $tls_extensions @${sni_len_offset}S sni_len\n\t\t\t\t\t\t\t\t\t\tif { ! [ expr { [info exists sni_len] && [string is integer -strict $sni_len] } ] }  { reject ; event disable all; return; } \n\n\t\t\t\t\t\t\t\t\t\t# Bytes 9-$sni_len are the SNI data (host_name).\n\t\t\t\t\t\t\t\t\t\tset sni_start [expr {$extension_start + 9}]\n\t\t\t\t\t\t\t\t\t\tbinary scan $tls_extensions @${sni_start}A${sni_len} tls_servername\n\t\t\t\t\t\t\t\t\t}\n\t\t\t\t\t\t\t\t}\n\n\t\t\t\t\t\t\t\tincr extension_start $extension_len\n\t\t\t\t\t\t\t}\n\t\t\t\t\t\t\tif { [info exists tls_servername] } {\n\t\t\t\t\t\t\t\tset passthru_class \"/test/Shared/crd_10_8_3_11_443_ssl_passthrough_servername_dg\"\n\t\t\t\t\t\t\t\tif { [class exists $passthru_class] } {\n\t\t\t\t\t\t\t\t\tset servername_lower [string tolower $tls_servername]\n\t\t\t\t\t\t\t\t\tSSL::disable serverside\n\t\t\t\t\t\t\t\t\tset dflt_pool_passthrough \"\"\n\n\t\t\t\t\t\t\t\t\t# Disable Serverside SSL for Passthrough Class\n\t\t\t\t\t\t\t\t\tset dflt_pool_passthrough [class match -value $servername_lower equals $passthru_class]\n\t\t\t\t\t\t\t\t\tif { not ($dflt_pool_passthrough equals \"\") } {\n\t\t\t\t\t\t\t\t\t\tSSL::disable\n\t\t\t\t\t\t\t\t\t\tHTTP::disable\n\t\t\t\t\t\t\t\t\t}\n\n\t\t\t\t\t\t\t\t\tset ab_class \"/test/Shared/crd_10_8_3_11_443_ab_deployment_dg\"\n\t\t\t\t\t\t\t\t\tif { not [class exists $ab_class] } {\n\t\t\t\t\t\t\t\t\t\tif { $dflt_pool_passthrough == \"\" } then {\n\t\t\t\t\t\t\t\t\t\t\tlog local0.debug \"Failed to find pool for $servername_lower $\"\n\t\t\t\t\t\t\t\t\t\t} else {\n\t\t\t\t\t\t\t\t\t\t\tpool $dflt_pool_passthrough\n\t\t\t\t\t\t\t\t\t\t}\n\t\t\t\t\t\t\t\t\t} else {\n\t\t\t\t\t\t\t\t\t\tset selected_pool [call select_ab_pool $servername_lower $dflt_pool_passthrough]\n\t\t\t\t\t\t\t\t\t\tif { $selected_pool == \"\" } then {\n\t\t\t\t\t\t\t\t\t\t\tlog local0.debug \"Failed to find pool for $servername_lower\"\n\t\t\t\t\t\t\t\t\t\t} else {\n\t\t\t\t\t\t\t\t\t\t\tpool $selected_pool\n\t\t\t\t\t\t\t\t\t\t}\n\t\t\t\t\t\t\t\t\t}\n\t\t\t\t\t\t\t\t}\n\t\t\t\t\t\t\t}\n\t\t\t\t\t\t}\n\t\t\t\t\t}\n\t\t\t\t}\n\t\t\t}\n\n\t\t\tTCP::release\n\t\t}\n\n\t\twhen CLIENTSSL_HANDSHAKE {\n \t\t\tSSL::collect\n\t\t}\n\n         when CLIENTSSL_DATA {\n            if { [llength [split [SSL::payload]]] < 1 }{\n                reject ; event disable all; return;\n                }\n            set sslpath [lindex [split [SSL::payload]] 1]\n            set routepath \"\"\n            set wc_routepath \"\"\n            \n            if { [info exists tls_servername] } {\n\t\t\t\tset servername_lower [string tolower $tls_servername]\n            \tset domain_length [llength [split $servername_lower \".\"]]\n\t\t\t\tset domain_wc [domain $servername_lower [expr {$domain_length - 1}] ]\n\t\t\t\tset wc_host \".$domain_wc\"\n\t\t\t\t# Set routepathas combination of servername and url path\n\t\t\t\tappend routepath $servername_lower $sslpath\n     \t\t\tappend wc_routepath $wc_host $sslpath\n\t\t\t\tset routepath [string tolower $routepath]\n\t\t\t\tset wc_routepath [string tolower $wc_routepath]\n\t\t\t\tset sslpath $routepath\n\t\t\t\t# Find the number of \"/\" in the routepath\n\t\t\t\tset rc 0\n\t\t\t\tforeach x [split $routepath {}] {\n\t\t\t\t   if {$x eq \"/\"} {\n\t\t\t\t\t   incr rc\n\t\t\t\t   }\n\t\t\t\t}\n\t\t\t\t# Disable serverside ssl and enable only for reencrypt routes\t\t\t\t\t\t\t\t\t\t\t\t\t\n                SSL::disable serverside\n\t\t\t\tset reencrypt_class \"/test/Shared/crd_10_8_3_11_443_ssl_reencrypt_servername_dg\"\n\t\t\t\tset edge_class \"/test/Shared/crd_10_8_3_11_443_ssl_edge_servername_dg\"\n                if { [class exists $reencrypt_class] || [class exists $edge_class] } {\n\t\t\t\t\t# Compares the routepath with the entries in ssl_reencrypt_servername_dg and\n\t\t\t\t\t# ssl_edge_servername_dg.\n\t\t\t\t\tfor {set i $rc} {$i >= 0} {incr i -1} {\n\t\t\t\t\t\tif { [class exists $reencrypt_class] } {\n\t\t\t\t\t\t\tset reen_pool [class match -value $routepath equals $reencrypt_class]\n # Check for wildcard domain\n                            if { $reen_pool equals \"\" } {\n\t\t\t\t\t\t\t    if { [class match $wc_routepath equals $reencrypt_class] } {\n\t\t\t\t\t\t\t        set reen_pool [class match -value $wc_routepath equals $reencrypt_class]\n                                }\n                            }\n\t\t\t\t\t\t\tif { not ($reen_pool equals \"\") } {\n\t\t\t\t\t\t\t\tset dflt_pool $reen_pool\n\t\t\t\t\t\t\t\tSSL::enable serverside\n\t\t\t\t\t\t\t}\n\t\t\t\t\t\t}\n\t\t\t\t\t\tif { [class exists $edge_class] } {\n\t\t\t\t\t\t\tset edge_pool [class match -value $routepath equals $edge_class]\n                            # Check for wildcard domain\n                            if { $edge_pool equals \"\" } {\n\t\t\t\t\t\t\t    if { [class match $wc_routepath equals $edge_class] } {\n\t\t\t\t\t\t\t        set edge_pool [class match -value $wc_routepath equals $edge_class]\n\t\t\t\t\t\t\t    }\n                            }\n\t\t\t\t\t\t\tif { not ($edge_pool equals \"\") } {\n\t\t\t\t\t\t\t    set dflt_pool $edge_pool\n\t\t\t\t\t\t\t}\n\t\t\t\t\t\t}\n                        if { not [info exists dflt_pool] } {\n                            set routepath [\n        string range $routepath 0 [\n                                    expr {[string last \"/\" $routepath]-1}\n                                ]\n                            ]\n\t\t\t\t\t\t\tset wc_routepath [\n string range $wc_routepath 0 [\n                                    expr {[string last \"/\" $wc_routepath]-1}\n                                ]\n                            ]\n                        }\n                        else {\n                     break\n\t\t\t\t\t\t}\n\t\t\t\t\t}\n                }\n\t\t\t\t# handle the default pool for virtual server\n\t\t\t\tset default_class \"/test/Shared/crd_10_8_3_11_443_default_pool_servername_dg\"\n                 if { [class exists $default_class] } { \n                    set dflt_pool [class match -value \"defaultPool\" equals $default_class]\n                 }\n                \n                # Handle requests sent to unknown hosts.\n                # For valid hosts, Send the request to respective pool.\n                if { not [info exists dflt_pool] } then {\n                \t # Allowing HTTP2 traffic to be handled by policies and closing the connection for HTTP/1.1 unknown hosts.\n     \t if { not ([SSL::payload] starts_with \"PRI * HTTP/2.0\") } {\n                \t    reject ; event disable all; return;\n                    }\n                } else {\n                \tpool $dflt_pool\n                }\n\t\t\t\tset ab_class \"/test/Shared/crd_10_8_3_11_443_ab_deployment_dg\"\n                if { [class exists $ab_class] } {\n                    set selected_pool [call select_ab_pool $servername_lower $dflt_pool]\n                    if { $selected_pool ==\"\" } then {\n                        log local0.debug \"Unable to find pool for $servername_lower\"\n                    } else {\n                        pool $selected_pool\n                    }\n                }\n            }\n  SSL::release\n        }\n\n\t\twhen SERVER_CONNECTED {\n\t\t\tset reencryptssl_class \"/test/Shared/crd_10_8_3_11_443_ssl_reencrypt_serverssl_dg\"\n\t\t\tset edgessl_class \"/test/Shared/crd_10_8_3_11_443_ssl_edge_serverssl_dg\"\n\t\t\tif { [info exists sslpath] and [class exists $reencryptssl_class] } {\n\t\t\t\t# Find the nearest child path which matches the reencrypt_class\n\t\t\t\tfor {set i $rc} {$i >= 0} {incr i -1} {\n\t\t\t\t\tif { [class exists $reencryptssl_class] } {\n\t\t\t\t\t\tset reen [class match -value $sslpath equals $reencryptssl_class]\n                        # check for wildcard domain match\n                        if { $reen equals \"\" } {\n\t\t\t\t\t\t    if { [class match $wc_routepath equals $reencryptssl_class] } {\n\t\t\t\t\t\t        set reen [class match -value $wc_routepath equals $reencryptssl_class]\n\t\t\t\t\t\t    }\n                        }\n\t\t\t\t\t\tif { not ($reen equals \"\") } {\n\t\t\t\t\t\t\t    set sslprofile $reen\n\t\t\t\t\t\t}\n\t\t\t\t\t}\n\t\t\t\t\tif { [class exists $edgessl_class] } {\n\t\t\t\t\t\tset edge [class match -value $sslpath equals $edgessl_class]\n                        # check for wildcard domain match\n                        if { $edge equals \"\" } {\n\t\t\t\t\t\t    if { [class match $wc_routepath equals $edgessl_class] } {\n\t\t\t\t\t\t        set edge [class match -value $wc_routepath equals $edgessl_class]\n\t\t\t\t\t\t    }\n                        }\n\t\t\t\t\t\tif { not ($edge equals \"\") } {\n\t\t\t\t\t\t\t    set sslprofile $edge\n\t\t\t\t\t\t}\n\t\t\t\t\t\t\n\t\t\t\t\t}\n\t\t\t\t\tif { not [info exists sslprofile] } {\n\t\t\t\t\t\tset sslpath [\n\t\t\t\t\t\t\tstring range $sslpath 0 [\n\t\t\t\t\t\t\t\texpr {[string last \"/\" $sslpath]-1}\n\t\t\t\t\t\t\t]\n\t\t\t\t\t\t]\n                        set wc_routepaath [\n\t\t\t\t\t\t\tstring range $wc_routepath 0 [\n\t\t\t\t\t\t\t\texpr {[string last \"/\" $wc_routepath]-1}\n\t\t\t\t\t\t\t]\n\t\t\t\t\t\t]\n\t\t\t\t\t}\n\t\t\t\t\telse {\n\t\t\t\t\t\tbreak\n\t\t\t\t\t}\n\t\t\t\t}\n\t\t\t\t# Assign respective SSL profile based on ssl_reencrypt_serverssl_dg\n\t\t\t\tif { not ($sslprofile equals \"false\") } {\n\t\t\t\t\t\tSSL::profile $reen\n\t\t\t\t}\n\t\t\t}\n        }"
            },
            "template": "shared"
        },
        "class": "Tenant",
        "defaultRouteDomain": 0,
        "label": "test"
    }
}
}
  2. In one terminal run apache benchmark ab -n 20000 -c 20
  3. Now, Update the Data group crd_10_8_3_11_443_ab_deployment_dg in above schema as follows and repost the declaration: 
    "coffee_svc_8080_default_cafe_example_com,0.500;coffee_svc_8080_default_cluster2_cafe_example_com,1.000"

Expected Behavior

The pool members don´t change hence I would expect no disruption at all.

Actual Behavior

There is service disruption

dstokesf5 commented 5 months ago

Thank you for your feedback. We are having difficulty reproducing this issue. Are you still experiencing this issue with the latest AS3 release?

vklohiya commented 5 months ago

@dstokesf5 , We are not able to reproduce this issue. Hence closing now.