Forum Discussion
Jeff_Lang_89686
Nimbostratus
NimbostratusHelp, iRule connection limit, apology server.
I'm looking for an iRule that answers an SSL virtual ip. Normally sending traffic to a pool of ssl servers, and at a connection limit of say 100, it sends to a pool of apology servers (port 80). I will need to make them answer 443 instead as I don't want to ssl proxy and I know
redirect isn't an option as it is encrypted.
Thanks.
5 Replies
- Try this. Configure a connection limit on each pool member. When all the pool members have exceeded this limit, new connections would typically be rejected. However, you can write an LB_FAILED rule which uses LB::reselect pool apology_pool to go to the apology pool instead.
Jeff_Lang_89686rule connect_apology {
pool mainpool
when LB_FAILED {
LB::reselect pool apology_pool
}
Am I way off here?- That looks close to me. You wouldn't need the mainpool portion though, just the LB_Failed event section...like this:
rule connect_apology { when LB_FAILED { LB::reselect pool apology_pool } }
This way, when the servers in mainpool max out on connections, the rule will pick up the LB_Failed event and send the traffic to the apology_pool.
Have you tested this yet? You can set the connection limits low for testing purposes and then reset them higher when you're satisfied that it's functioning as intended.
Try it out and let us know how it goes.
-Colin - Jeff_Lang_89686Aah... forgot I dont need to specify default pool.
Unfortunately, I dont have a v9 test pair available, so I have to wait to test. I will update this thread once I test. Thanks for your help. - Jeff_Lang_89686This worked fine. The only thing was, I needed to remove all profiles to make it work.
Thanks for all the help.
