For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

Kenny_Lussier_5's avatar
Kenny_Lussier_5
Icon for Nimbostratus rankNimbostratus
Jul 27, 2010

Limiting connections based on data group

Hi All,     Please excuse my lack of knowledge. I am very new to F5, and I am trying to work through a PoC with LTM v10.1. I have searched through and found several examples of how to limit traf...
application delivery
dev
devops
iRules
Hamish's avatar
Hamish
Icon for Cirrocumulus rankCirrocumulus
Jul 27, 2010
You want the class command... There's two ways to do this...

1. Use datagroups of type address. Then simply drop addresses and netmasks into the group. A simple test for the group containing the IP address is as simple as 


  if { [class lookup [IP::CLIENT] $className] } {
     do whatever...
  }

However this doesn't scale very well as the number of datagroups increases (I'm assuming you're using different datagroups to indicate different connection limits).

What I'd do is have a single DG, and using key/value pairs. e.g. 


address1:connlimit
address2:connlimit

and use the class command to lookup the address and get back the connlimit. The actual counting of connlimit, I'd do with a table. Just like you're doing above. Just replace the hardcoded '10' with the connlmit that you get back from the DG.

H