Forum Discussion

Martin_Kaiser_1's avatar
Martin_Kaiser_1
Icon for Nimbostratus rankNimbostratus
Nov 14, 2006

connection limit across services

Hi guys,     I need to find a solution for the following problem:     I have a pair of v9 BigIPs which are loadbalancing a couple of Nortel VPN gateways. Clients connect to a VS running on...
application delivery
dev
devops
iRules
JRahm's avatar
JRahm
Icon for Admin rankAdmin
Nov 14, 2006
Perhaps the easiest way would be to establish an active connection count via an iRule on the virtual hosting the data path:


when RULE_INIT {
  array set ::active_clients { }
}
when CLIENT_ACCEPTED {
  if { [info exists ::active_clients([IP::client_addr])]  } {
    incr ::active_clients([IP::client_addr])
  } else {
    set ::active_clients([IP::client_addr]) 1
  }
}
when CLIENT_CLOSED {
  if { [info exists ::active_clients([IP::client_addr])] } {
    incr ::active_clients([IP::client_addr]) -1
    if { $::active_clients([IP::client_addr]) <= 0 } {
      unset ::active_clients([IP::client_addr])
    }
  }
}

Then applying a limit via an iRule on the initial virtual:


when CLIENT_ACCEPTED {
  if { [info exists ::active_clients([IP::client_addr])]  } {
    if {$::active_clients([IP::client_addr]) > 200 } {
      reject
      log local0. "Rejecting [IP::client_addr], 200 Active connections"
      return
    }
  }
}

Happy testing! (Rules loaded fine with the Editor on v9.1.2, not that that ensures a working solution!)