Limit number connections by IP

Haiver Bermon · ‎03-01-2011

Hello, I have an ACE 4710 to balance some aplications exposed to Internet. But one of them has problem with concurrence, the question is, Are there a way to limit the number of connections to this application by public IP address?

Thanks,

Haiver Bermon

ohynderi · ‎03-04-2011

Hi Haiver,

You can limit the number of concurent connections to a real server. For instance:

ACE(config)# serverfarm host SF1
ACE(config-sfarm-host)#   rserver SRV1
ACE(config-sfarm-host-rs)# ?
Configure rserver instance:
backup-rserver Configure backup-rserver for this rserver
conn-limit      Configure max/min connection limits for the server <<<
description     Configure description string for real server
do              EXEC command
end             Exit from configure mode
exit            Exit from this submode
fail-on-all     Fail real when all probes fail
inservice       Activate rserver instance
no              Negate a command or set its defaults
probe           Associate probe with rserver instance
rate-limit      Configure rate limit per second <<<
...

Or you can limit the connection rate to a vip by configuring something similar to this:

ACE(config)# parameter-map type connection pmap
ACE(config-parammap-conn)# ?
Configure connection parameters:
description             Configure description string for this parameter-map
do                      EXEC command
end                     Exit from configure mode
exceed-mss              Configure behavior if a packet exceeds MSS
exit                    Exit from this submode
nagle                   Enable Nagle TCP optimization algorithm
no                      Negate a command or set its defaults
random-sequence-number Enable TCP sequence number randomization <<<

...

But i guess you rater like to limit the number of connections from a single source ip. This is not possible.

Thanks,

Olivier