Forum Discussion

ashk's avatar
ashk
Icon for Cirrus rankCirrus
Feb 07, 2023

Connection Limit vs Connection Rate Limit

Hello Everyone, 

I wanted to know the exact real time understanding for Connection Limit and Connection Rate Limit. 

we have a request comes in to mitigate DDOS attacks  and not sure on the values to configure and what happenes with what. 

appreciate the help. 

  • Hello,

    The settings related to the connection limit can prevent DoS attacks as you mentioned, but I believe that it must be adjusted very carefully and with coordination with the application team to know the exact threshold you should apply on each pool member or node.

    Also, you must think of doing a stress test on the backend server to see how many requests the server can actually receive per second.

    Regarding the differences between the two options "Connection Limit" and "Connection Rate Limit", you can check the below clarification:

    1. Connection Limit: a number that specifies the maximum number of concurrent open connections.
    2. Connection Rate Limit: a number that specifies the number of new connections accepted per second for the virtual server.
    • ashk's avatar
      ashk
      Icon for Cirrus rankCirrus

      Thank you for the reply, 

      So, Connection limit will hold the number of conncurrent open connections, is it from the same Source IP or mixture of all connections? 

      Like 192.x.x.x is trying 50+ more connections and its a ddos attack Connection limit so it will drop only 192.x.x.x  the source. or is this something need to define under Connection rate limit? 

      also, need to know more how stress test works šŸ˜„ appreciate the help šŸ™‚ 

      • Hello,

        It is not mentioned in the article that these limitations are for specific IPs, so think it is a generic one for all connections regardless of the source.

        Regarding stress tests, it allows you to measure your web applicationā€™s reliability beyond normal load. Stress can be different based on the service running. For example, if we are talking about an HTTP web application, it can be sending many requests more than the server can handle to know the exact threshold that the server can receive and process under extreme conditions.

        There are many tools that can be used, you will need to search on that topic to find the best fit.

        Thanks,

        Mohamed Salah