RPC load balancing among multiple tiers using iRules, pools and forwarding

The rule is still checked after the TCP connection to validate against the iRule. You are still checking the rule either way I would think and if so you would be checking against the rule prior to SYN, SYNACK, ACK and therefore reject before the 3way handshake thus doing less work. I agree about the SYN flood but on the inverse wouldnt you also be equally vulnerable to an established TCP connection or do you ignore any commands issued after the open TCP connection?

 

 

Just so I am clear and to avoid looking argumentative, I'm not trying to argue just understand.