Rate limiting and pool redirection

Question

We've got a client-facing application server pool sitting behind a Brocade SLB. Everything works fine, but we are vulnerable to clients who cache our product availability and overload the farm, which causes disruption to all clients. Currently we manage this manually, by creating redirection rules based on source IP.

Is it possible with F5 products (and presumably iRules) to configure a transaction rate limit, above which specific clients (identified by IP address) can be transparently redirected to a second server pool, thereby protecting "well behaved" clients?

hamish · Answer

Yep. 
&nbsp;  
&nbsp; In fact there's several request rate limiting iRules in the codeshare... All you'll have to do is marry some of that up with a quick lookup table (Supplied via a DataGroup - always my first choice instead of hard-coding) and you'll be away laughing. 
&nbsp;  
&nbsp; IIRC the iRUles you'll want to look at are Version_9_Throttle_on_Requests_Per_Second, HTTPRequestTthrottle and HTTP_throttle_alternative 
&nbsp;  
&nbsp; (There are others as well). 
&nbsp;  
&nbsp; H

Forum Discussion

Rate limiting and pool redirection

1 Reply

Recent Discussions

What are the different phases in DevOps?

Create a CSR and Key using the BigIP LTM GUI when renewing a certificate

F5 Rseries HA

Error when running bigip_command Playbook against LTM : Syntax Error: unexpected argument /bin/sh\n

Can iRule be used to perform exception of IPI category based on Geolocation

Related Content

Introduction to F5 Distributed Cloud Console Rate Limiting Feature

Rate Limiting SSL VPN User Traffic

Rate limiting GraphQL API query using iRule and Advanced WAF Violation

Mitigating OWASP API Security Risk: Lack of Resources and Rate Limiting using F5 XC Platform

Rate Limit HTTP Requests