Does anyone know how to get a virtual server back to "Available (Enabled) - The virtual server is available" WITHOUT setting the Connection Rate Limit to "0". I saw somewhere that setting the Connection Rate Limit back to "0" as a fix to get the VS back to Available, but I want to keep a Connection Rate Limit on this VS and have it be Available. Currently, even after setting the Connection Rate limit high, the VS returns back to "Unavailable (Enabled) - The virtual server's rate limit has been reached".
Don't set the VS limit ;)
Even after reaching the limit, the VS still processes the existing connection. It just won't accept new connections. That is the goal of the VS limit.
If you don't want this specific function, why not remove the VS limit ? If you want to set a connection limit, just make sure the number is higher than normal traffic flow.
That's all good and well, but now what do I do since it reached that limit? Is my only recourse to set it to "0" now or would I have to set up a new virtual server?
Depends on your end goal. If you want to handle more connections after limit is reached, increase the limit. The function of not allowing any more connections after limit is reached by marking the VS down is correct. You won't be able to allow the VS to accept more connections beyond the limit. It depends on what you are trying to do.
Increasing the limit after the original limit is reached does not work. Now that this VS has reached the previously set limit, no matter what limit I put in that field the VS goes back to "Unavailable (Enabled) - The virtual server's rate limit has been reached". That is the problem I am having. I cannot get the VS to go in to an "Available (Enabled) - The virtual server is available" state unless I set the limit to "0".
I assume that with the server having the "Unavailable (Enabled) - The virtual server's rate limit has been reached" status, it will not process traffic.
Sorry. I didn't know the part about increasing limit not working. Never experienced it. Is it possible to keep an arbitrarily high number based on the number of servers in the pool and the number of connections each server can handle.
Be advised, this is the "Connection Rate Limit" which limits the per second connections. I think it is a DoS attack limiter that keeps a VS from getting hammered and stops traffic from attempting to go through. The "Connection Limit" field limits the concurrent connections to the VS. I think I accidently missed an extra "0" when I was typing the number into the "Connection Rate Limit" field and didn't notice it until I was looking at my VS's and one of them was a triangle (green I think). Now I can't get it to NOT BE "Unavailable (Enabled) - The virtual server's rate limit has been reached" unless I put in a "0". This setting needs to be set to something beside "0" (per our security technical implementation guides), but now I can't put anything in that field without making it unavailable.
Even a random really high number doesn't work ?
No, but interesting situation. Earlier we failed over to our Standby (making it the Active)(we are operating in an HA pair situation). Now with the previous Standby being the Active, the VS in question is NOT "Unavailable (Enabled) - The virtual server's rate limit has been reached", even with the previously low number that was on the other F5 (previously Active, now Standby). So it appears that this threshold hold-out is hardware specific and doesn't get sync'd to the other. So now my Active F5 shows this VS as "Available (Enabled) - The virtual server is available", as if it never hit a Connection Rate Limit at all. Interesting.
I did up my Connection Rate Limit now on my current Active F5, but when I sync it with the HA Group the other F5 (currently Standby) puts that VS in an "Unavailable (Enabled) - The virtual server's rate limit has been reached" state. I guess as long as I stay on the current Active F5 I'm ok, but if we have to fail over, or it happens automatically for some reason, I'm back to Unavailable.
Hi - we are facing the same issue in our Production Environment (TMOS-BIG-IP 12.1.2 Build 2.0.276 Hotfix HF2; 2x BIG-IP 4000 in an Active / Standby Cluster Pair) with one of our Virtual Servers where we enabled the "Connection Limit / Connection Rate Limit" feature; similarly to what Joe Lupo posted, also in our Active / Standby Cluster Setup the "Connection Rate Limit exceeded" notification for the specific Virtual Server is reported only by one of the unit of the Cluster (the unit that we have currently set to Standby), even under low traffic volume.
The other unit (formerly set to "Standby" - now currently running as "Active") do not report any error notification message.
Did you manage to solve the issue ? Is there a way to clear the wrong notification message that is automatically presented on the standby unit of the cluster ?
To me it sounds more and more like a Feature Bug. Is there already an entry in the F5's Bug Tracker DB ?