Session Limits for SSL sessions in iRules ??

I currentley have a couple of SSL-VPN boxes being managed by Big-IP (Not Firepass unforts..), and they are liscenced up to 1000 users per unit.

 

 

I also have 3DNS LB across 2 DC's each has one of the Neoteris in it.

 

 

I need to get my Big-IP to recognise when a unit reaches 995 "Connections" and take it down, obviously udating the WIP. This should spill users to other DC.

 

 

The problem is obviously that browsers tend to open more than one connection to the server, so connection limits are not very accurate in this situation I think.

 

 

Could an iRule be made that would look at the setup of SSL sessions, and increments a variable based on "something" Source IP address maybe, or SSL-ID if multiple sessions between 2 end points share the same ID's?? and then decrememnt it when a session is closed, + reduce the counter to compensate for reaping???

 

 

Struggling a little with this, any suggestions would be VERY helpfull. Thanks