Forum Discussion
DJ_23086
Altocumulus
AltocumulusLimit connections to nodes
Hi
I'm having some issues with this one, and haven't been able to put together anything useful.
We have been requested to look into limiting the connections (http) to nodes. The setup is fairly straightforward, and I'd probably be able to tweak one of the example scripts off of Codeshare, but we are using pools for more than one VIP, and also on occasion nodes in more than one pool which seems to rule out limiting connections per VIP or pool?
Is there a way that we can somehow monitor and manage a maximum connection limit to each node, and serve a maintenance page or redirect to a maintenance pool for overflow? I would expect this would need to be tracked via session cookie or something, to differentiate between current and new clients.
Eg. server limit 250 connections, new connection number 251 gets redirected to a "Too many users, please try again later" page or overflow pool.
Any pointers?
- The_Bhattman
Nimbostratus
DJ_23086Hi CB
I did have a look at that one, though I don't think default limits will work as described, as they want to be able to hand off to a specific server or "downpage" once the node limit is reached.
I essentially need a way to track NODE connections and limit, regardless of VIP connection numbers.
I managed to find this off a older post (http://devcentral.f5.com/Default.aspx?tabid=53&forumid=5&tpage=1&view=topic&postid=702612287), though it only tracks VIP connections, and I have the same problem as the poster had, where it has issues with timed-out connections going over the limit.when RULE_INIT { set ::total_active_clients 0 set ::max_active_clients 1 log local0. "rule session_limit initialized: total/max: $::total_active_clients/$::max_active_clients" } when CLIENT_ACCEPTED { log local0. "Client accepted" log local0. "active clients $::total_active_clients" } when HTTP_REQUEST { log local0. "current active clients $::total_active_clients" ; test cookie presence if {[HTTP::cookie exists "ClientID"]} { log local0. "active user with cookie making http request" set need_cookie 0 set client_id [HTTP::cookie "ClientID"] ; if cookie not present & connection limit not reached, set up client_id } else { if {$::total_active_clients < $::max_active_clients} { log local0. "http request from new client access granted. cookie set." set need_cookie 1 set client_id [format "%08d" [expr { int(100000000 * rand()) }]] log local0. "current active clients $::total_active_clients" log local0. "new active client" incr ::total_active_clients log local0. "current active clients $::total_active_clients" ; otherwise redirect } else { log local0. "http request from non active connection denied" HTTP::redirect "http://www.google.com" incr ::total_active_clients log local0. "attempting to close connection" catch HTTP::close catch TCP::close return } } } when HTTP_RESPONSE { ; insert cookie if needed if {$need_cookie == 1} { HTTP::cookie insert name "ClientID" value $client_id } } when CLIENT_CLOSED { ; decrement current connection counter for this client_id log local0. "current active clients $::total_active_clients" log local0. "client closed" log local0. [IP::remote_addr] if {$::total_active_clients > 0} { log local0. "decremeting active clients" incr ::total_active_clients -1 } log local0. "current active clients $::total_active_clients" }- DJ_23086Given this a little more thought, and I think I was overcomplicating it slightly...
Would this work?
- Set individual node limits
- Create an "overflow" pool
- Add iRule:when LB_FAILED { pool overflowpool }
When all the servers in a specific pool reach their limits, any future requests get handed off to the overflow pool on the LB_FAILED event. - DJ_23086Anyone able to confirm the above should/shouldn't work? I'm just a bit unsure that the LB_FAILED event for each VIP would fire in this case?
Thanks
gouthamCould you please share the code if you managed to get that irule working. I am currently working on the same request.
Thanks GR
hoolioCirrostratus
You could test by setting a connection limit on the node to 1, configuring an iRule which logs something in the LB_FAILED event and then make two connections to the VIP.
Aaron
