Forum Discussion
NimbostratusI need to create an irule that will reject a specified percnetage of traffic.
Can some one help me in creating an irule that will reject percentage (ex- 50%) of the traffic .
I need this because when there is a heavy traffic my systems are unable to handle ,so i want to apply this irule so that it will drop 50% or 25% of my traffic , so that systems will not be crashed.
He is the sample i am thinking of which is not working
when HTTP_REQUEST {
if { ([string match {/build/apps/medrec/jaml} [HTTP::path]]) }{
HTTP::respond 502 or reject }
}
}
please help.
If there is any better option than reject like sending a fake response for 50% of the traffic that would be more helpful.
HTTP::respond 502 content {
some html tags
}
8 Replies
hoolioCirrostratus
Hi,
How about something like this?when HTTP_REQUEST { Check the path if { [HTTP::path] eq "/build/apps/medrec/jaml" }{ For 50% of traffic send a 502 response if { rand() > .50 }{ HTTP::respond 502 content {html...} } } }
Aaron
Michael_YatesHi kimjim,
Have you thought of using Ratio Load Balancing with Connection Limits set on the Servers?
Or you could even use SNMP Monitor to monitor the server and Dynamic Ratio load balancing (you would use the SNMP DCA or SNMP DCA Base Templates). That is described in detail here if you are interested.
Hope this helps.- hoolioNice idea Michael.
You could also set connection limits on the pool members and/or virtual server to protect them.
Aaron 
kimjim_51067Hoolio Thank You very much for all your help.
Your irule worked like a charm
but i have one question will rand add any latency if so can you suggest me any other alternative.
Micheal Thanks for your answer , i am not sure how to do it ,really appreciate your help.- hooliorand should add very little CPU load or latency.
Aaron - Ryan_Paras_7933Why not tinker to figure out the high water mark for your application and use something like this... https://devcentral.f5.com/wiki/iRules.HTTPSessionLimit.ashx
This rule "Limits total concurrent HTTP sessions to a pre-defined threshold, allowing those clients with a session cookie to continue once the limit is reached, while redirecting new clients until concurrent sessions are again below the theshold."
That was you can have some clients have a decent experience instead of randomly getting bumped - For the 50% case, you could optimise the rule as follows:
when HTTP_REQUEST {
set flag 0
Check the path
if { [HTTP::path] eq "/build/apps/medrec/jaml" }{
For 50% of traffic send a 502 response
if { $flag == 0 }{
HTTP::respond 502 content {html...}
set flag 1
}
else {
set flag 0
}
}
} - hoolioI like your thinking TDK. But using a local variable for this would be specific to that TCP connection. So if you use that logic, every other HTTP request to the specific URI on each TCP connection would be dropped. I'd guess this wouldn't lead to dropping 50% of requests as some (or most?) clients would not reuse their TCP connections to make multiple requests to that specific URI.
You could use a session table entry to create a flag that you increment and then reset to 0 (https://devcentral.f5.com/wiki/iRules.CMP_v10_compatible_counters_using_the_session_table.ashx).
However, using expr will give a much more even distribution compared with a local variable, regardless of the connection reuse behavior of clients. And it doesn't require any session tracking complexity.
Aaron
