Forum Discussion

DJ_23086's avatar
DJ_23086
Icon for Altocumulus rankAltocumulus
Mar 12, 2009

Limit connections to nodes

Hi     I'm having some issues with this one, and haven't been able to put together anything useful.   We have been requested to look into limiting the connections (http) to nodes. T...
application delivery
dev
devops
iRules
DJ_23086's avatar
DJ_23086
Icon for Altocumulus rankAltocumulus
Mar 16, 2009
Hi CB

I did have a look at that one, though I don't think default limits will work as described, as they want to be able to hand off to a specific server or "downpage" once the node limit is reached.

I essentially need a way to track NODE connections and limit, regardless of VIP connection numbers.

I managed to find this off a older post (http://devcentral.f5.com/Default.aspx?tabid=53&forumid=5&tpage=1&view=topic&postid=702612287), though it only tracks VIP connections, and I have the same problem as the poster had, where it has issues with timed-out connections going over the limit. 

  
 when RULE_INIT { 
 set ::total_active_clients 0 
 set ::max_active_clients 1 
 log local0. "rule session_limit initialized: total/max: $::total_active_clients/$::max_active_clients" 
 } 
 when CLIENT_ACCEPTED { 
 log local0. "Client accepted" 
 log local0. "active clients $::total_active_clients" 
 } 
 when HTTP_REQUEST { 
 log local0. "current active clients $::total_active_clients" 
 ; test cookie presence 
 if {[HTTP::cookie exists "ClientID"]} { 
 log local0. "active user with cookie making http request" 
 set need_cookie 0 
 set client_id [HTTP::cookie "ClientID"] 
 ; if cookie not present & connection limit not reached, set up client_id 
 } else { 
 if {$::total_active_clients < $::max_active_clients} { 
 log local0. "http request from new client access granted. cookie set."  
 set need_cookie 1 
 set client_id [format "%08d" [expr { int(100000000 * rand()) }]] 
 log local0. "current active clients $::total_active_clients" 
 log local0. "new active client" 
 incr ::total_active_clients 
 log local0. "current active clients $::total_active_clients" 
 ; otherwise redirect 
 } else { 
 log local0. "http request from non active connection denied" 
 HTTP::redirect "http://www.google.com" 
 incr ::total_active_clients 
 log local0. "attempting to close connection" 
 catch HTTP::close 
 catch TCP::close 
 return 
 } 
 } 
 } 
 when HTTP_RESPONSE { 
 ; insert cookie if needed 
 if {$need_cookie == 1} { 
 HTTP::cookie insert name "ClientID" value $client_id 
 } 
 } 
 when CLIENT_CLOSED { 
 ; decrement current connection counter for this client_id 
 log local0. "current active clients $::total_active_clients" 
 log local0. "client closed" 
 log local0. [IP::remote_addr] 
 if {$::total_active_clients > 0} { 
 log local0. "decremeting active clients" 
 incr ::total_active_clients -1 
 } 
 log local0. "current active clients 
 $::total_active_clients" 
 }