iRule::ology; Connection Limiting Take 2
Published Jan 25, 2011
Version 1.0Was this article helpful?
set limit $static::cmcc_limit
set max_backlog $static::cmcc_backlog
set accept_it 0
Save the subtable name with the client IP address
set tbl "connlimit:[IP::client_addr]"
Use the client's source port as the subtable key
set key "[TCP::client_port]"
the client source port to the subtable with an 180 second timeout
table set -subtable $tbl $key "ignored" 180
Check if the client IP has more than X connections
set count [table keys -subtable $tbl -count]
if { $count <= $limit } {
set accept_it 1
log local0.alert "accept-1 count=$count"
} elseif { $count <= $limit + $max_backlog } {
we're close to the limit, randomly retry
set tmout [expr { int(rand()*20) + 1 }]
after $tmout
set count [table keys -subtable $tbl -count]
if { $count <= $limit } {
log local0.alert "accept-2 count=$count"
set accept_it 1
}
}