Learn F5 Technologies, Get Answers & Share Community Solutions Join DevCentral

Filter by:
  • Solution
  • Technology
Answers

Connection Rate Limits - How does BigIP respond?

I have an application where I may need to employ the "Connection Rate Limit" feature on an 11.4 LTM. If I configure this on the virtual server for 1000 requests per second, what sort of response, if any, will be sent to those clients who are not immediately serviceable? Will the LTM just hold the SYN for one or more seconds? Will he send a RST in response to a SYN? Or, will he accept the TCP request and queue the first HTTP request?

Finally, If I configure the CRL on the pool or node, rather than the VS, is there a different behavior to be expected toward these non-conforming connection attempts?

Thanks!!

0
Rate this Question

Answers to this Question

placeholder+image
USER ACCEPTED ANSWER & F5 ACCEPTED ANSWER

It will send TCP reset for connection rate limited virtual servers when the limit is reached.

See the bottom of SOL14813 - Detecting and Mitigating DOS/DDOS attacks (11.4.x/11.5.x)

Connection limit on pool members is really for resource management. When you reach the limit it will not send any new connection requests to that server until it falls back below the threshold. It does not affect existing connections.

0
Comments on this Answer
Comment made 17-Jan-2017 by NikhilB

The question was about connection "rate limiting" not connection limits. I don't believe TCP RST's are sent in the former.

0
placeholder+image
USER ACCEPTED ANSWER & F5 ACCEPTED ANSWER

Perfect, thank you!

For the second part about CRL on the pool members, I would now assume that if all pool members are at the maximum for that second, the VS would send RST to connection attempts in this case as well.

0