Learn F5 Technologies, Get Answers & Share Community Solutions Join DevCentral

Filter by:
  • Solution
  • Technology
Answers

Virtual Server Connection Rate Limit Reached

Does anyone know how to get a virtual server back to "Available (Enabled) - The virtual server is available" WITHOUT setting the Connection Rate Limit to "0". I saw somewhere that setting the Connection Rate Limit back to "0" as a fix to get the VS back to Available, but I want to keep a Connection Rate Limit on this VS and have it be Available. Currently, even after setting the Connection Rate limit high, the VS returns back to "Unavailable (Enabled) - The virtual server's rate limit has been reached".

Any insight??

0
Rate this Question

Answers to this Question

placeholder+image
USER ACCEPTED ANSWER & F5 ACCEPTED ANSWER

Don't set the VS limit ;)

Even after reaching the limit, the VS still processes the existing connection. It just won't accept new connections. That is the goal of the VS limit.

If you don't want this specific function, why not remove the VS limit ? If you want to set a connection limit, just make sure the number is higher than normal traffic flow.

0
Comments on this Answer
Comment made 01-Feb-2017 by Joe Lupo 54

That's all good and well, but now what do I do since it reached that limit? Is my only recourse to set it to "0" now or would I have to set up a new virtual server?

0
Comment made 01-Feb-2017 by Vijay 4944

Depends on your end goal. If you want to handle more connections after limit is reached, increase the limit. The function of not allowing any more connections after limit is reached by marking the VS down is correct. You won't be able to allow the VS to accept more connections beyond the limit. It depends on what you are trying to do.

0
Comment made 01-Feb-2017 by Joe Lupo 54

Odaah,

Increasing the limit after the original limit is reached does not work. Now that this VS has reached the previously set limit, no matter what limit I put in that field the VS goes back to "Unavailable (Enabled) - The virtual server's rate limit has been reached". That is the problem I am having. I cannot get the VS to go in to an "Available (Enabled) - The virtual server is available" state unless I set the limit to "0".

I assume that with the server having the "Unavailable (Enabled) - The virtual server's rate limit has been reached" status, it will not process traffic.

0
Comment made 01-Feb-2017 by Vijay 4944

Sorry. I didn't know the part about increasing limit not working. Never experienced it. Is it possible to keep an arbitrarily high number based on the number of servers in the pool and the number of connections each server can handle.

0
Comment made 01-Feb-2017 by Joe Lupo 54

Odaah,

Be advised, this is the "Connection Rate Limit" which limits the per second connections. I think it is a DoS attack limiter that keeps a VS from getting hammered and stops traffic from attempting to go through. The "Connection Limit" field limits the concurrent connections to the VS. I think I accidently missed an extra "0" when I was typing the number into the "Connection Rate Limit" field and didn't notice it until I was looking at my VS's and one of them was a triangle (green I think). Now I can't get it to NOT BE "Unavailable (Enabled) - The virtual server's rate limit has been reached" unless I put in a "0". This setting needs to be set to something beside "0" (per our security technical implementation guides), but now I can't put anything in that field without making it unavailable.

0
Comment made 01-Feb-2017 by Vijay 4944

Even a random really high number doesn't work ?

0
Comment made 01-Feb-2017 by Joe Lupo 54

No, but interesting situation. Earlier we failed over to our Standby (making it the Active)(we are operating in an HA pair situation). Now with the previous Standby being the Active, the VS in question is NOT "Unavailable (Enabled) - The virtual server's rate limit has been reached", even with the previously low number that was on the other F5 (previously Active, now Standby). So it appears that this threshold hold-out is hardware specific and doesn't get sync'd to the other. So now my Active F5 shows this VS as "Available (Enabled) - The virtual server is available", as if it never hit a Connection Rate Limit at all. Interesting.

I did up my Connection Rate Limit now on my current Active F5, but when I sync it with the HA Group the other F5 (currently Standby) puts that VS in an "Unavailable (Enabled) - The virtual server's rate limit has been reached" state. I guess as long as I stay on the current Active F5 I'm ok, but if we have to fail over, or it happens automatically for some reason, I'm back to Unavailable.

0
placeholder+image
USER ACCEPTED ANSWER & F5 ACCEPTED ANSWER

Hi - we are facing the same issue in our Production Environment (TMOS-BIG-IP 12.1.2 Build 2.0.276 Hotfix HF2; 2x BIG-IP 4000 in an Active / Standby Cluster Pair) with one of our Virtual Servers where we enabled the "Connection Limit / Connection Rate Limit" feature; similarly to what Joe Lupo posted, also in our Active / Standby Cluster Setup the "Connection Rate Limit exceeded" notification for the specific Virtual Server is reported only by one of the unit of the Cluster (the unit that we have currently set to Standby), even under low traffic volume.

The other unit (formerly set to "Standby" - now currently running as "Active") do not report any error notification message.

Did you manage to solve the issue ? Is there a way to clear the wrong notification message that is automatically presented on the standby unit of the cluster ? To me it sounds more and more like a Feature Bug. Is there already an entry in the F5's Bug Tracker DB ?

Thanks.

0