I have an application where I may need to employ the "Connection Rate Limit" feature on an 11.4 LTM. If I configure this on the virtual server for 1000 requests per second, what sort of response, if any, will be sent to those clients who are not immediately serviceable? Will the LTM just hold the SYN for one or more seconds? Will he send a RST in response to a SYN? Or, will he accept the TCP request and queue the first HTTP request?
Finally, If I configure the CRL on the pool or node, rather than the VS, is there a different behavior to be expected toward these non-conforming connection attempts?
It will send TCP reset for connection rate limited virtual servers when the limit is reached.
See the bottom of SOL14813 - Detecting and Mitigating DOS/DDOS attacks (11.4.x/11.5.x)
Connection limit on pool members is really for resource management. When you reach the limit it will not send any new connection requests to that server until it falls back below the threshold. It does not affect existing connections.
The question was about connection "rate limiting" not connection limits. I don't believe TCP RST's are sent in the former.
Perfect, thank you!
For the second part about CRL on the pool members, I would now assume that if all pool members are at the maximum for that second, the VS would send RST to connection attempts in this case as well.