Forum Discussion
DDoS protection with APM module
- Dec 15, 2024
Hi Nick_Matthews ,
I recommend using Connections limit feature in VS and ( Eviction policy ) in context of virtual server.
the PoA:
1- Create a custom Eviction policy ( System > Configuration > local Traffic > Eviction policy list > Create new )
use this Article to guide you which Biases algorithms : https://my.f5.com/manage/s/article/K15821and this as well: https://my.f5.com/manage/s/article/K15822#vs
use for example the low water level > 90% and High water mark > 100%
2- Go to the targeted Virtual server and set the connection limit to 3000 and assign the created custom eviction policy.
Now What is the effect for this change ! I'll let you know below :
here some clarifications I added regarding your scenario:
Also I wanna add this Article for a sample of log that you encounter when aggressive sweeper mode reached on eviction policy:
https://my.f5.com/manage/s/article/K13302777
Feel Free to set your values
you can use Low water > 90% and High water 95% for example.
I just wanted to explain the idea of eviction policy in Virtual server Context.
So I see It's more efficient than iRules as it consumes alot of processing and will take much to configure a rate limiter iRules.
So Go through this and let me know 😉Thanks
Hi Nick_Matthews ,
I recommend using Connections limit feature in VS and ( Eviction policy ) in context of virtual server.
the PoA:
1- Create a custom Eviction policy ( System > Configuration > local Traffic > Eviction policy list > Create new )
use this Article to guide you which Biases algorithms : https://my.f5.com/manage/s/article/K15821
and this as well: https://my.f5.com/manage/s/article/K15822#vs
use for example the low water level > 90% and High water mark > 100%
2- Go to the targeted Virtual server and set the connection limit to 3000 and assign the created custom eviction policy.
Now What is the effect for this change ! I'll let you know below :
here some clarifications I added regarding your scenario:
Also I wanna add this Article for a sample of log that you encounter when aggressive sweeper mode reached on eviction policy:
https://my.f5.com/manage/s/article/K13302777
Feel Free to set your values
you can use Low water > 90% and High water 95% for example.
I just wanted to explain the idea of eviction policy in Virtual server Context.
So I see It's more efficient than iRules as it consumes alot of processing and will take much to configure a rate limiter iRules.
So Go through this and let me know 😉
Thanks
Hi Mohamed,
Thank you very much for your detailed reply. I have gone ahead and set this up and will monitor how this performs.
I assume I also need this option enabled as well for this to work?
Thanks
- Dec 18, 2024
hi Nick_Matthews ,
No You don't need this option, this option prevents aggressive sweeper from being triggered, because I said aggressive sweeper will be triggered to prevent new connections to path through Virtual server if the connection limits reached.
So keep it disabled.
have a look in this article >> https://my.f5.com/manage/s/article/K93017176
Search for "Eviction Protected" and see if you want to use it or not
Recent Discussions
Related Content
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com