Because you’re using session affinity, and you still have active sessions attached to that host.
A backend can be Alive or Dead. It can also be Enabled or Disabled. Enabled means it can receive new connections. (connections not in our session database) Disabled means it cannot receive new connections. Alive means it can receive connections at all. (is it actually listening to the port) Dead means it’s down. (when a host is marked down, its session database is immediately cleared… forcing those connections to find another backend on their next connection in) Poundctl manipulates Enabled/Disable, leading to a graceful/quiesce shutdown type behavior. (otherwise, clients would lose their session when a backend is disabled) If I want a non graceful shutdown, I’ll either shut down apache on the backend, or use iptables on the LB or the backend to reject access to the appropriate host+port. Joe From: Brad Allison [mailto:brad.alli...@gmail.com] Sent: Tuesday, June 18, 2013 1:22 PM To: pound@apsis.ch Subject: Re: [Pound Mailing List] poundctl command simply do not work Okay. Now using -1 for the listener I see the backend server is listed as status="DISABLED". So that part worked. But I also see traffic is still being sent to that server and hostname keys are still pointed to that server. I also see in the pound.log that it's still sending request to that "DISABLED" server. So if it's DISABLED in pound why would pound still continue to send traffic there? The data: [root@lalalqa-lb-01 ~]# /usr/sbin/poundctl -c /var/lib/pound/pound.cfg -X <pound> <listener index="0" protocol="HTTPS" address="0.0.0.0:443<http://0.0.0.0:443>" status="active"> </listener> <service index="0"> <backend index="0" address="10.0.2.21:443<http://10.0.2.21:443>" avg="0.000" priority="5" alive="yes" status="DISABLED" /> <backend index="1" address="10.0.3.22:443<http://10.0.3.22:443>" avg="0.000" priority="5" alive="yes" status="active" /> <session index="0" key="derm-auto.lalalqa.com<http://derm-auto.lalalqa.com>" backend="1" /> <session index="1" key="demo.lalalqa.com<http://demo.lalalqa.com>" backend="1" /> <session index="2" key="testing.myqa.com<http://testing.myqa.com>" backend="0" /> <session index="3" key="ophth.lalalqa.com<http://ophth.lalalqa.com>" backend="0" /> </service> </pound> >From pound.log: Jun 18 17:15:38 lalalqa-pound-01 pound: testing.myqa.com<http://testing.myqa.com> 173.255.181.79 - - [18/Jun/2013:17:15:38 +0000] "GET /static/images/layout/footer-tail-bg.gif HTTP/1.1" 200 49 "https://testing.myqa.com/ema/static/css/ema.css?build=3.0.0.7.8&rev=34505" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.8; rv:21.0) Gecko/20100101 Firefox/21.0" (- -> 10.0.2.21:443<http://10.0.2.21:443>) 0.026 sec Jun 18 17:15:38 lalalqa-pound-01 pound: testing.myqa.com<http://testing.myqa.com> 173.255.181.79 - - [18/Jun/2013:17:15:38 +0000] "GET /static/yui/2.9.0/build/assets/skins/sam/sprite.png HTTP/1.1" 200 3745 "https://testing.myqa.com/ema/static/css/ema.css?build=3.0.0.7.8&rev=34505" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.8; rv:21.0) Gecko/20100101 Firefox/21.0" (- -> 10.0.2.21:443<http://10.0.2.21:443>) 0.028 sec On Tue, Jun 18, 2013 at 10:46 AM, Joe Gooch <mrwiz...@k12system.com<mailto:mrwiz...@k12system.com>> wrote: Try using -1 as the listener. >From your XML output it appears you use global services. (Services not >contained within the Listener block itself) Joe From: Brad Allison [mailto:brad.alli...@gmail.com<mailto:brad.alli...@gmail.com>] Sent: Tuesday, June 18, 2013 9:37 AM To: pound@apsis.ch<mailto:pound@apsis.ch> Subject: [Pound Mailing List] poundctl command simply do not work I'm trying to use the -b option for poundctl to disable a backend. The command runs with the three fields listener service and backend. The command appears to work. But when I list out the -X option it says all backends are enabled... even though I just disabled it. So the options for poundctl do not work. Notice how the status for the backend index=1 it still set to "active" after I disabled it. [root@ ~]# /usr/sbin/poundctl -c /var/lib/pound/pound.cfg -b 0 0 1 [root@ ~]# /usr/sbin/poundctl -c /var/lib/pound/pound.cfg -X <pound> <listener index="0" protocol="HTTPS" address="0.0.0.0:443<http://0.0.0.0:443>" status="active"> </listener> <service index="0"> <backend index="0" address="10.0.2.21:443<http://10.0.2.21:443>" avg="0.000" priority="5" alive="yes" status="active" /> <backend index="1" address="10.0.3.22:443<http://10.0.3.22:443>" avg="0.000" priority="5" alive="yes" status="active" /> <session index="0" key="demo.lalala.com<http://demo.lalala.com>" backend="1" /> <session index="1" key="107.11.11.11" backend="1" /> </service> </pound>