The option Remove Listening Port when VS down is available on the NSX Advanced Load Balancer UI. When this option is enabled, and the Virtual Service is in a DOWN state, the Service Engine will respond to requests to the VIP and service port with an RST (TCP) or ICMP port unreachable (UDP).

By default, the Remove Listening Port when VS down option is not enabled for a virtual service. In such cases, the NSX Advanced Load Balancer accepts TCP connections for the virtual service in down state and responds to telnet requests for the virtual IP (VIP) and the configured port number.

To enable Remove Listening Port when VS down for a virtual service,

  1. Navigate to Applications > Virtual Services.

  2. Click the edit icon.

  3. Under the Advanced tab, select the check box for Remove Listening Port when VS down, which is available under Other Settings.

  4. Click Save.

Pings to virtual IP continue to work even if the pool associated with the virtual service is down. The option to deactivate ICMP is not available due to shared virtual IP use cases. Since virtual services for shared virtual IPs are hosted on the same SE, deactivating ICMP for the virtual IP would falsely indicate that all the virtual services using the same virtual IP are down. The state of a virtual service can be verified by establishing a TCP connection to the virtual IP and the configured port.

To ensure that the virtual service that is down will drop the initiated TCP connection, enable the Remove listening port when VS down option. This enables a virtual service to go down at the TCP level instead of the application level when the pool or the backend server is down.

Use Case

Remove Listening Port when VS down option helps an admin, user, or external monitoring system identify a Virtual Service that is in a DOWN state with a known failure response (RST for TCP or ICMP port unreachable for UDP). The feature can be verified using telnet or nc.

In the example shown below, 10.10.1.200 is the IP of a virtual service in down state. The telnet request for IP 10.10.1.200 and port 80 fails with a Connection Refused as Remove Listening Port when VS down is enabled for the virtual service.

$ telnet 10.10.1.200 80
Trying 10.10.1.200...
telnet: Unable to connect to remote host: Connection refused