bigip1 panic: unable to alloc 4194304 bytes

Hi,

 

 

There isn't a way within iRules to instantaneously close all existing TCP connections for a client IP address, if some case is true for one of their connections.

 

 

It's not a very complete solution, but I suppose you could add checks in other iRule events to see if a "drop" variable has been set for one client IP on another connection. For a TCP-based connection where you aren't collecting the request data or response data, there are five events triggered:

 

 

CLIENT_ACCEPTED

 

LB_SELECTED

 

SERVER_CONNECTED

 

SERVER_CLOSED

 

CLIENT_CLOSED

 

 

For details on the events available, check the wiki page for TCP events (Click here).

 

 

Adding a check in LB_SELECTED or SERVER_CONNECTED should allow you to close a connection if the client IP was marked as one to drop before the server connection has been established (LB_SELECTED) or when the server side connection is established (SERVER_CONNECTED). This wouldn't help if the server side connection was already established though. I don't think this is an ideal solution as it wouldn't affect connections which are already sending data.

 

 

You might be able to use iControl to remove all entries for a client IP from the connection table if some condition is true for one connection. I'm not certain on this, but you could post in the iControl forum asking for suggestions.

 

 

Else, you could just live with the existing connections that a client may have open and only prevent them from opening new ones.

 

 

Aaron