Re: [load balancing] Rate limiting SOAP transactions

From: Rosenberry, Eric <eric.rosenberry [izzat]>
Date: Wed Feb 25 2009 - 18:08:41 EST


Thanks for the reply, that is helpful.

If I am reading this correctly, this dialog is saying that I could limit the number of TCP/HTTP/SOAP connections per second and not just the bandwidth of them? (I ask because I see fields for both)

Also, could you have it respond back with an actual SOAP reply, or would it need to be an HTTP error code?



From: [] On Behalf Of Kit Wetzler
Sent: Wednesday, February 25, 2009 2:42 PM
To: Load Balancing Mailing List
Subject: Re: [load balancing] Rate limiting SOAP transactions

Not that this will help you much, but for the NetScaler users on the list needing to do something similar, version 9.0 has rate limiting that could do this pretty easily. F5 definitely has iRules that can do rate limting as well. With both F5 and NetScaler, you can choose the action to take once the rate limit has been reached, NetScaler it is done by including the Rate limiting object in the appropriate Responder policy. With F5, you can configure an appropriate iRule to reply with whatever you need once the limit is reached.


Hope this was helpful and appropriate.


From: [] On Behalf Of Rosenberry, Eric
Sent: Wednesday, February 25, 2009 1:37 PM
To: Load Balancing Mailing List
Subject: [load balancing] Rate limiting SOAP transactions

I am looking for a way to rate limit how many SOAP transactions per second that a given customer can send us such that any given customer could not overload the system and cause impact to other customers. As an example, say our system can handle 1000 transactions per second and our normal load from all customers is 500 tps. If a given customer has a huge traffic increase they could overload the system and cause issues for other well behaving customers.

Would it be possible in the F5 (probably through the use of an iRule) to identify traffic from a specific customer (preferably based on data within the soap payload, but I suspect in reality it would have to be based on source IP) and then track what the current transaction rate is and in some way block connections exceeding the limit? I assume to block it would require just terminating the session, though optimally we would send back a soap error or even http error.

Not being an expert in iRules myself I am mostly wondering if the F5 can even implement a rate tracking and limiting capability within TCL that would perform even remotely well.

Any suggestions are appreciated.

Eric Rosenberry
Sr. Network Engineer | Chief Bit Plumber
Direct +1. 503.943.6763 | Mobile: +1.503.348.3625 | Fax: +1.503.224.1581

111 SW Fifth Avenue
Suite 3200
Portland, OR 97204<>

The information contained in this email message may be privileged, confidential and protected from disclosure. If you are not the intended recipient, any dissemination, distribution or copying is strictly prohibited. If you think that you have received this email message in error, please notify the sender by reply email and delete the message and any attachments.

lb-l mailing list
Searchable Archive: Load Balancing Digest Load Balancing Wiki

Received on Wed Feb 25 18:08:37 2009

This archive was generated by hypermail 2.1.8 : Wed Feb 25 2009 - 18:08:38 EST