We are trying to use the Connection Rate Limit Mode - Per Source Address option for one of our higly used VIP's. What the best way to configure this setting. We have tried this option without much success or no success. I am able to set a value for Connection limit and that seems to work but not the ableve mentioned option. Any inputs will be much appreciated
Are you actually seeing different IP addresses on the F5 BIG-IP? If you are source NATing on a firewall/proxy and the F5 BIG-IP doesn't see the real source IPs then this won't work for you.
The VIP is seeing different soure IP's, its not getting NAT'ed IP
Hi @Deepsri ,
It works per source address subnet masks which you as admin sets the mask on the virtual server optins.
This is a piece of info in bigip GUI :
Connection Rate Limit Source Mask
Specifies an IP address mask, in bits, to be applied to the source address as part of the rate limiting. The default is 0, which is equivalent to using the entire address, 32 in IPv4, or 128 in IPv6.
It should give you stable results based on subnet mask that you set.
Note that , Connection Limits have not allowness if the connections per source address subnet mask exceed the defined limits , so you have to properly set the mask value and the limit as well.
Have a look in the following article , you may hit in this BUG : https://my.f5.com/manage/s/article/K17082
I hope this helps you