For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

Parveez_70209's avatar
Parveez_70209
Icon for Nimbostratus rankNimbostratus
Nov 17, 2013

How to Limit concurrent sessions in a LTM using Irule

Hi All,

 

Let's say we have a Virtual-server named as : www.xyz.com-HTTP having a pool named as www.xyz.com-pool which contains two active member servers( Lets say named as Node1 and Node2) serving the requests.

 

Query:

 

  1. How to limit concurrent sessions hitting the Load-balancer into it using an Irule lets say: 1000 ? Node selection into this is Round-Robin.

     

  2. And also how we can write an Irule lets say we have to limit 500 sessions each( among the two active member servers: Named as Node1 and Node2).

     

Thanks and Regards Parveez

 

4 Replies

  • Kevin_Stewart's avatar
    Kevin_Stewart
    Icon for Employee rankEmployee
    Nov 17, 2013

    Would it not be easier to just set a concurrent user limit on the VIP itself?

    Connection Limit: Specifies the maximum number of concurrent connections allowed for the virtual server.
  • Parveez_70209's avatar
    Parveez_70209
    Icon for Nimbostratus rankNimbostratus
    Nov 18, 2013

    Hi Kevin,

     

    Yes, true Kevin.

     

    But How to properly set this up into virtual-server, lets say we have a Virtual-server named as www.xyz.com-HTTP and pool named as www.xyz.com-Pool.

     

    Thanks and Regards Parveez

     

    • Kevin_Stewart's avatar
      Kevin_Stewart
      Icon for Employee rankEmployee
      Nov 18, 2013
      Not sure I understand the question then. The Connection Limit setting is part of the virtual server configuration.
  • brad_11480's avatar
    brad_11480
    Icon for Nimbostratus rankNimbostratus
    Sep 25, 2017

    This is an older posting and perhaps setting connection limit was what was desired to keep the number of connections below 500 on each server. But from my understanding this doesn't keep more than 500 x number of pool members (if all set to 500 limit) from occurring. It is simply a way to load balance to maintain some limit. I have used this with priority pool members to keep connections on a set of higher priority servers until the overall limit is reached and then it spills over to a second priority set of servers. In both cases it won't keep more than 1000 connections (in this case) from occurring as it doesn't deny connection once a limit is set.

     

    But if this question is to limit the number of application sessions (not connections), that cannot be accomplished, from what I understand, by setting a connection limit. An application session may connect and disconnect many times through the course of the application session. Denying that application session a connection due to a connection limit would interfere with an active user to server session. That can be done in an iRule.