Martin_Kaiser_1
Nov 14, 2006Nimbostratus
connection limit across services
Hi guys,
I need to find a solution for the following problem:
I have a pair of v9 BigIPs which are loadbalancing a couple of Nortel VPN gateways. Clients connect to a VS running on port 500 over the internet. This is only the initial connection. Each client opens two of those connections to the chosen VPN gateway (don't ask me why, I'm not into this VPN stuff very deeply).
When those connections are established, the client establishes a new connection to a different VS running on port 10000, through which the "real" data will flow. The both connections on port 500 are teared down shortly after the connection on port 10000 is established. Of course, the connections on port 500 and the one on port 10000 have to use the same gateway, which is no problem with the option "persist across services".
The problem is a different one: Each gateway assigns IP-addresses to its clients. Let's assume that each gateway has a pool of 200 addresses to assign. The problem now is, when I configure a connection limit of 200 on each node for port 10000, it will have no influence on the initial connections to port 500. When I configure the same connection limit for port 500, it won't work either, because those connections are teared down long before the connection to port 10000 is, i.e. the loadbalancer might pick a gateway which does not have any free ressources and the client will be rejected when it tries to connect to port 10000.
Does anybody have a hint or a solution for me? I thought about an iRule which is bound to the VS at port 500 and somehow checks if the appropriate node has its connection limit on port 10000 exceeded. How is that configured?
Any help is appreciated! Thanks in advance!
Greetings from Germany,
Martin
PS: it is not possible to simply use "least connections" as loadbalancing algorithm, because the VPN gateways are not equal in processing power and connection limit.