iRule for rate limit unexpected behaviour
I have a requirement to implement rate limiting for HTTP requests and have acheived this somewhat through reading discussions and receving advice via this community. The iRules I have are not behaving as I'd expect. I've been carrying out some testing on two iRules referenced below. The results are not what I expect to see and I was hoping someone could help me understand what's going on and if it can be fixed.
Basically I am using httperf to send 20 requests per second for 10 seconds. The iRules are set to rate limit at 30 requests per second but are still being triggered. The below screenshot shows Perfmon configured to count GET requests received per second on our server.
The first block of httperf requests is against the VIP with no iRule enabled as you can see we are getting a nice steady flow of 20 requests per second.
The 2nd block of requests is whilst iRule 1 mentioned below is enabled. There seems to be rate limiting going on even though it's set to 30 per second.
The 3rd block of requests is whilst iRule 2 mentioned below is enabled. Again we see the same thing.
Any ideas? The rate limit also performs quite poorly with bursts of traffic, is there anything you can suggest to improve this?
iRule 1:
when RULE_INIT {
set static::maxRate 30
set static::timeout 1
}
when HTTP_REQUEST {
if { (([string tolower [HTTP::host]] equals "demo.company.com") or ([string tolower [HTTP::host]] equals "demo.company.com")) and [string tolower [HTTP::uri]] starts_with "/test/index" } then {
if { [set methodCount [table incr -mustexist "Count_[HTTP::method]"]] ne "" } then {
if { $methodCount > $static::maxRate } then {
log local0. "[IP::client_addr] exceeded max HTTP requests per second. URL is [HTTP::host][HTTP::uri]"
HTTP::respond 429 content "Request blockedExceeded requests/sec limit." Retry-After 30
return
}
} else {
table set "Count_[HTTP::method]" 1 indef $static::timeout
}
log local0. "[IP::client_addr]: methodCount=$methodCount using [HTTP::method]"
}
}