Forum Discussion
NimbostratusReal world connection limit setting
Hello,
I am working on a new project and we are attempting to run a load test to ensure all the systems involved are working, but we currently have a VIP connection limit set to 500 for our production system. We ran a test in an internal environment (with connection limit of 300) with 100 concurrent users and it failed very quickly. Our site's landing page has about 30 http requests for complete loading, so would that be about 3,000 simultaneous connections?
My question is, what is a 'normal' connection limit for a production system? Or should there be a limit at all? I see in the documentation that the default is 0 and the limit parameter is mainly used to mitigate DoS attacks or manage expected high traffic events.
Thank you
4 Replies
Mui_64918Cirrus
It is not a good idea to set connection limit because it never give you desired results. A browser can open multiple connections depending on the version so its difficult to gauge the number of users you are letting in. I had a similar requirement and used an irule with cookies to allow exact number of users but still it gets complex, do you want to let x number of users or X number of transactions? If it goes beyond X do we block them or send them to a holding page?. I was looking to set a threshold of X outstanding transactions but that is difficult since we dont know if a request timed out or just was taking too long. So i will have to reset my table quite so often and decided against it.
So in short if you dont care about users beyond the threshold then connection limit might work otherwise its a challenge.
Morgan_01_14470In our case I don't even think we want to block users for any reason other than a DoS. If anything we should queue the requests but I think the connection limit parameter just completely denies it. Do you know if there is any possible configuration that would require a number >0 to be used?- kridsana
Cirrocumulus
Did TCP request queing feature can do this job?
If you have the web application firewall ASM it has a couple of settings that specifically for this kind of case. It can monitor server latency and then start injecting javascript or rate-limiting.
