Forum Discussion
Connection rate limit not working in F5
Hi Experts
During a recent test scenario on F5 LTM 2000, we tried rate limiting the virtual server based on (1) only source address and (2) virtual server and source address. I had set rate limit to 20K, but during testing, the connection overshot this limit and reached 25K.
Can anyone assist? Do I need to raise a TAC case for this? The virtual server type is performance L4.
Regards, Sumanta.
Hi,
The rate limit just limit the number of new connections per second. It's not the number of concurrent connections.
- tatmotivCirrostratus
Are we talking about "connection limits" or "connection rate limits"? See https://support.f5.com/kb/en-us/products/big-ip_ltm/manuals/product/ltm-implementations-11-6-0/35.html for differences:
When you specify a connection limit, the system prevents the total number of concurrent connections to the virtual server, pool member, or node from exceeding the specified number. When you specify a connection rate limit, the system controls the number of allowed new connections per second, thus providing a manageable increase in connections without compromising availability.
So, when talking about connection RATE limits, it is legit to have more than 20k connections established, as long as they are not being established in the same second.
If we are talking about connection limits on the other hand, that connection count would not be legit, with one exception: if you have a persistence profile on the virtual, the "override connection limit" option might (as the name suggests) override the connection limit.
HTH
Martin
- Yann_Desmarest_Nacreous
Hi,
The rate limit just limit the number of new connections per second. It's not the number of concurrent connections.
Hi All
Thanks. In that case, how do we limit 20K concurrent connections from a single source IP?
- Yann_Desmarest_Nacreous
Unfortunately,
If you want a connection limit by source IP, you should switch to irules. Connection Limit and Connection Rate Limit are settings that apply to connections for the Virtual Server.
You may also try using Bandwidth controller or rate class to limit by bandwidth usage per ip address.
Hi,
The rate limit just limit the number of new connections per second. It's not the number of concurrent connections.
Hi All
Thanks. In that case, how do we limit 20K concurrent connections from a single source IP?
Unfortunately,
If you want a connection limit by source IP, you should switch to irules. Connection Limit and Connection Rate Limit are settings that apply to connections for the Virtual Server.
You may also try using Bandwidth controller or rate class to limit by bandwidth usage per ip address.
Recent Discussions
Related Content
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com