Forum Discussion
CirrusiRule actions depending on available resources
I created an iRule, which stores HTTP Requests and retransmits them in case a backend server sent a HTTP 5xx response.
As it is a critical Environment and this iRule opens an attack surface, I would like to skip the HTTP Request storage and Response parsing in case the CPU Load is high and/or a lot of memory is consumed by the tmm process.
For the CPU load I use the value of: [cpu usage 15sec] .... I'm surprised about the result as it is an integer value (I assumed a Unix-Like load value) which brings me to the first question: for what [cpu usage Xsec] value I should set the threshold to skip the resource consuming iRule? (which values indicates a high CPU usage and what does the value it self indicate?).
2nd: Can the memory consumption of the tmm instance be measured within the iRule? So fare I see no other solution than parsing a file from the filesystem which I regularly update...
Thanks, Rolf
2 Replies
StephanMantheyNacreous
I cannot answer your question.
But what about an alternative approach including a delay for the HTTP::retry via 'after' and to limit the number of retries?- Kevin_Stewart
Employee
If I may add.
for what [cpu usage Xsec] value I should set the threshold to skip the resource consuming iRule? (which values indicates a high CPU usage and what does the value it self indicate?).
It really depends on a lot of variables, but a noticeably high CPU threshold (something you'd want to do something about) might be between 80 and 90%. The number should be an average of all TMMs and should also be visible via command line:
tmsh show sys performanceI would caveat that arbitrary CPU limit with the notion that the [cpu usage ] command itself will induce some CPU overhead.
Can the memory consumption of the tmm instance be measured within the iRule? So fare I see no other solution than parsing a file from the filesystem which I regularly update...
Not yet
