Connection limit per node and source IP persistence conflict; who wins?

Question

I have a pool of 5 web server nodes.  The maximum connection count of each web server is set to maximum of 100.  Also the VIP persistence is set to source IP.&nbsp;
Now suppose the are a few hundred clients behind the same public NAT.  They call end up on the same web server, node A, due to the persistence rule.  What happens when the 101st user from that same public NAT makes a connection?  &nbsp;
-Will they connect to node A due to persistence rule?  &nbsp;
-Will they forward to a different node, node B, due to the maximum limit rule?  &nbsp;
-Or will they not be able to establish a connection at all due to conflicting rules?     &nbsp;

hannes_rapp · Answer

Now suppose the are a few hundred clients behind the same public NAT. They call end up on the same web server, node A, due to the persistence rule. What happens when the 101st user from that same public NAT makes a connection?
Depends on a number of things
Status of Override Connection Limit setting (Persistence Profile)

Assuming this is enabled, 101th connection will go to node A

When disabled, the persistence record will be discarded and connection will go to another node (load-balancing occurs)If Override Connection Limit setting is disabled and no other pool members are available, TCP-RST will be sent to client which results in a generic "Connection Has Been Reset" web-browser error
Regards,

hannes_rapp_162 · Answer

Now suppose the are a few hundred clients behind the same public NAT. They call end up on the same web server, node A, due to the persistence rule. What happens when the 101st user from that same public NAT makes a connection?
Depends on a number of things
Status of Override Connection Limit setting (Persistence Profile)

Assuming this is enabled, 101th connection will go to node A

When disabled, the persistence record will be discarded and connection will go to another node (load-balancing occurs)If Override Connection Limit setting is disabled and no other pool members are available, TCP-RST will be sent to client which results in a generic "Connection Has Been Reset" web-browser error
Regards,

tickermcse76_16 · Answer

See next comment....

tickermcse76_16 · Answer

See next comment....

tickermcse76_16 · Answer

•Status of Override Connection Limit setting (Persistence Profile) &nbsp;
When disabled, the persistence record will be discarded and connection will go to another node (load-balancing occurs)&nbsp;
Assuming Override is disabled, the F5 will be able to keep track of client to node session/socket information, correct?  Client session data is currently on the web server (though in the process of migrating off).&nbsp;

F5 is upgrading its customer support chat feature on My.F5.com. Chat support will be unavailable from 6am-10am PST on 1/20/26. Refer to K000159584 for details.

Forum Discussion

Connection limit per node and source IP persistence conflict; who wins?

6 Replies

F5 Container Ingress Services (CIS) and using k8s traffic policies to send traffic directly to pods

F5 Architecture Track Sessions - AppWorld 2026

Recent Discussions

Deleting an AS3 Tenant

Request for Bug Tracker/Known Issues – BIG-IP Version 17.5.1.2

AST Configuration Assistance

Adding logging to APM per-request policy without SWG license

Single LTM with multiple GTM domains

Related Content

F5 XC – Persistence and Resiliency pt. I (persistence)

Persisting SSL Connections

Overview of MITRE ATT&CK Tactic : TA0003 - Persistence

Persist connection based on NTLM username

Site-to-Site Connectivity in F5 Distributed Cloud Network Connect – Reference Architecture

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS