How to count or log the rejected requests when pool is unavailable F5 is sending RST

Good question.

 

 

Is ltmVirtualServStatNoNodesErrors (in SNMP stats) incremented when the RST's are sent? It's documented as number of no-node errors... But I'm not sure whether exceeding the connection limits counts as a no-node error or not...

 

 

If not, I haven't found any other obvious candidates in the SNMP mibs that would doit... What sort of persistence are you using? WOuld it be possible to do the limits in an iRule (And you could log the drops yourself).

 

 

H

Seems like you could just log everytime "active_members pool x eq 0"

I think the 'b pool POOL_NAME list' output will show a count of 'limit' packets for the pool and each member.

 

 

Trying to log each request when this happens might be a huge hit on CPU if alertd is trying to log a message to disk for every rejection. Do you actually care who is getting blocked, or just how many connection attempts are being rejected?

 

 

Aaron

Yeah... Try not to log each drop, or else you risk performing a DOS on yourself when load goes above some lower value that it would otherwise fail at...

 

 

If you do log yourself, keep a counter and then use the after -periodic {} command to do the actual logging even X seconds... Or keep the value in a stats column and poll it via SNMP/iControl.

Thanks all, I decide just to log in the irule when the pool doesn't have members available, its not acurate but at least it gives some idea.

 

if {[active_members my_test_pool] < 1}{

 

log local0. " Request Rejected"

 

}

 

 

Regards