Forum Discussion

tickermcse76_16's avatar
tickermcse76_16
Icon for Nimbostratus rankNimbostratus
May 02, 2016

Connection limit per node and source IP persistence conflict; who wins?

I have a pool of 5 web server nodes. The maximum connection count of each web server is set to maximum of 100. Also the VIP persistence is set to source IP.

 

Now suppose the are a few hundred clients behind the same public NAT. They call end up on the same web server, node A, due to the persistence rule. What happens when the 101st user from that same public NAT makes a connection?

 

-Will they connect to node A due to persistence rule?

 

-Will they forward to a different node, node B, due to the maximum limit rule?

 

-Or will they not be able to establish a connection at all due to conflicting rules?

 

application delivery
BIG-IP
LTM

6 Replies

Sort By
  • Hannes_Rapp's avatar
    Hannes_Rapp
    Icon for Nimbostratus rankNimbostratus
    May 02, 2016

    Now suppose the are a few hundred clients behind the same public NAT. They call end up on the same web server, node A, due to the persistence rule. What happens when the 101st user from that same public NAT makes a connection?

    Depends on a number of things

    • Status of 
      Override Connection Limit
      setting (Persistence Profile)

      Assuming this is enabled, 101th connection will go to node A

      When disabled, the persistence record will be discarded and connection will go to another node (load-balancing occurs)
    • If 
      Override Connection Limit
      setting is disabled and no other pool members are available, TCP-RST will be sent to client which results in a generic "Connection Has Been Reset" web-browser error

    Regards,

  • Hannes_Rapp_162's avatar
    Hannes_Rapp_162
    Icon for Nacreous rankNacreous
    May 02, 2016

    Now suppose the are a few hundred clients behind the same public NAT. They call end up on the same web server, node A, due to the persistence rule. What happens when the 101st user from that same public NAT makes a connection?

    Depends on a number of things

    • Status of 
      Override Connection Limit
      setting (Persistence Profile)

      Assuming this is enabled, 101th connection will go to node A

      When disabled, the persistence record will be discarded and connection will go to another node (load-balancing occurs)
    • If 
      Override Connection Limit
      setting is disabled and no other pool members are available, TCP-RST will be sent to client which results in a generic "Connection Has Been Reset" web-browser error

    Regards,

  • tickermcse76_16's avatar
    tickermcse76_16
    Icon for Nimbostratus rankNimbostratus
    May 02, 2016

    •Status of Override Connection Limit setting (Persistence Profile)

     

    When disabled, the persistence record will be discarded and connection will go to another node (load-balancing occurs)

     

    Assuming Override is disabled, the F5 will be able to keep track of client to node session/socket information, correct? Client session data is currently on the web server (though in the process of migrating off).

     

    • Hannes_Rapp's avatar
      Hannes_Rapp
      Icon for Nimbostratus rankNimbostratus
      May 02, 2016
      BigIP identifies client connection as IP:SRC-PORT combination, not just the IP address. Therefore, all 100 connections, despite coming from the same IP are seen as unique connections from different clients. Each client will end up having a dedicated connection record. They won't share the client-side connection.