Forum Discussion

Craig_Jackson_2's avatar
Craig_Jackson_2
Icon for Nimbostratus rankNimbostratus
Nov 07, 2012

Reporting of hitting Connection Limits

We're using pool-member connection limits to prevent servers being overloaded. We can see from the statistics that these limits are being hit. The same statistics suggest that we're hitting the sum of all of the member limits, which would imply that we're turning some connections away.

 

I used these limits in a previous job running on LTM 9.x, and I remember getting log messages when the overall limit had been hit and turnaways have occurred. However, we're not seeing any such messages on 11.2. We currently have the "Layer 4" category as Informational.

 

I thought there was an SNMP trap in this case, as well. However, I don't see any relevant entries in /etc/alertd/alert.conf, nor do I see any MIB entries that seem relevant.

 

Is there any built-in way of getting an alert when we reject a user? Is it necessary to use an iRule to get this information?

 

config
design

4 Replies

Sort By
  • What_Lies_Bene1's avatar
    What_Lies_Bene1
    Icon for Cirrostratus rankCirrostratus
    Nov 07, 2012
    Not sure about the logging or SNMP but it's possible you are benefiting from the Connection/Request Queuing feature in v11.

     

     

    http://support.f5.com/content/kb/en-us/products/big-ip_ltm/manuals/product/ltm_implementations_11_0_0/_jcr_content/pdfAttach/download/file.res/ltm_impl_v11_0.pdf
  • Craig_Jackson_2's avatar
    Craig_Jackson_2
    Icon for Nimbostratus rankNimbostratus
    Nov 10, 2012
    After posting my original question, I read about the queuing facility and the LB_QUEUED event. It looks like one indeed can use LB_QUEUED to output a message.

     

     

    However, the relevant pools have queuing turned off. What happens in that case?
  • What_Lies_Bene1's avatar
    What_Lies_Bene1
    Icon for Cirrostratus rankCirrostratus
    Nov 10, 2012
    I didn't actually know you could turn it off, I'll have to look into that. Anyway, I think logging a message for each connection exceeded could pose a risk to the system and that's probably why you don't get a message. However, apparently when the connection limit is reached for a pool member or node, the device's status changes to Unavailable and I assume this event is logged? If not I'm sure it could be configured to be logged.