iRule::ology; Connection Limiting Take 2
Published Jan 25, 2011
Version 1.0Was this article helpful?
table set -subtable $tbl $key "ignored" 180
if { [table keys -subtable $tbl -count] > 1000 }
table delete -subtable $tbl $key
If the table is at 999 and three TMMs simulatanously try to insert the subtable entry before querying the subtable size all three connections will be rejected. Correct behavior would be that 2 out of the 3 would be rejected. If you have 32 TMMs (e.g. a fully loaded Viprion) the potential error starts to get larger.
Obviously for a limit of 1000 the iRule is mostly correct, but for a limit of 10 it is likely not.
This is a classic "dining philosopher's problem", and it can be solved by using a random collision avoidance mechanism (iRule to follow in later post), or by F5 implementing an "insert only if count is less than some value" command. (also known as the "let the waiter decide" solution).
BTW you can also write the command so that it unecessary to disable the CLIENT_CLOSED event. I think it's cleaner code to have cleanup code in only one place.