Connection Rate Limits - How does BigIP respond?
I have an application where I may need to employ the "Connection Rate Limit" feature on an 11.4 LTM. If I configure this on the virtual server for 1000 requests per second, what sort of response, if any, will be sent to those clients who are not immediately serviceable? Will the LTM just hold the SYN for one or more seconds? Will he send a RST in response to a SYN? Or, will he accept the TCP request and queue the first HTTP request?
Finally, If I configure the CRL on the pool or node, rather than the VS, is there a different behavior to be expected toward these non-conforming connection attempts?
Thanks!!
It will send TCP reset for connection rate limited virtual servers when the limit is reached.
See the bottom of SOL14813 - Detecting and Mitigating DOS/DDOS attacks (11.4.x/11.5.x)
Connection limit on pool members is really for resource management. When you reach the limit it will not send any new connection requests to that server until it falls back below the threshold. It does not affect existing connections.