ADC

Configure a traffic rate limit identifier

A rate limit identifier checks if the amount of traffic exceeds a specified value, within a particular time interval. The identifier returns a “Boolean TRUE” if the amount of traffic exceeds a limit within a particular time interval. When you include a limit identifier in the compound dAdvanced policy expression in a policy rule, you must include a stream selector. If you do not specify, the limit identifier is applied to all requests or responses identified by the compound expressions.

Note:

The maximum length for storing string results (for example, HTTP.REQ.URL) is 60 characters. If the string (for example, URL) is 1000 characters long, out of which 50 characters are long enough to uniquely identify a string, you can use an expression to extract required 50 characters.

To configure a traffic limit identifier from the command line interface

At the command prompt, type:

add ns limitIdentifier <limitIdentifier> -threshold <positive_integer> -timeSlice <positive_integer> -mode <mode> -limitType ( BURSTY | SMOOTH ) -selectorName <string> -maxBandwidth <positive_integer> -trapsInTimeSlice <positive_integer>
<!--NeedCopy-->

Argument description

limitIdentifier. Name for a rate limit identifier. Must begin with an ASCII letter or underscore (_) character, and must consist only of ASCII alphanumeric or underscore characters. Reserved words must not be used. This is a mandatory argument. Maximum Length: 31

threshold. A maximum number of requests that are allowed in the given timeslice when requests (mode is set as REQUEST_RATE) are tracked per timeslice. When connections (mode is set as CONNECTION) are tracked, it is the total number of connections that would be let through. Default value: 1 Minimum value: 1 Maximum Value: 4294967295

timeSlice. Time interval, in milliseconds, specified in multiples of 10, during which requests are tracked to check if they cross the threshold. This argument is needed only when the mode is set to REQUEST_RATE. Default value: 1000 Minimum value: 10 Maximum Value: 4294967295

mode. Defines the type of traffic to be tracked.

  1. REQUEST_RATE. Tracks requests/timeslice.
  2. CONNECTION. Tracks active transactions.

limitType. Defines the type of limit.

  • Smooth: Spreads the load evenly across each time slice of the set time frame. Use for application traffic that is consistent.
  • Bursty: Allows the requests to pass through if the load is below the set threshold. Use for application traffic that is sporadic. It is helpful if the load peaks anytime within the set time frame.

    For example, the set maximum requests are 100 and the time frame is 10 seconds. If your application receives 80 requests in the first second, these limit types behave differently. The bursty limit type allows the requests to pass through because the load is below the set threshold. However, the smooth limit type allows only 10 requests per second. So, it applies the configured action for the excess load.

selectorName. Name of the rate limit selector. If this argument is NULL, rate limiting will be applied on all traffic received by the virtual server or the NetScaler (depending on whether the limit identifier is bound to a virtual server or globally) without any filtering. Maximum Length: 31

maxBandwidth. Maximum bandwidth permitted, in kbps. Minimum value: 0 Maximum value: 4294967287

Example:

Configuring traffic rate limit identifier in BURSTY mode:

add ns limitIdentifier 100_request_limit -threshold 100 -timeSlice 1000 -mode REQUEST_RATE -limitType BURSTY -selectorName limit_100_requests_selector -trapsInTimeSlice 30
<!--NeedCopy-->

Configuring traffic rate limit identifier in SMOOTH mode:

add ns limitidentifier limit_req -mode request_rate -limitType smooth -timeslice 1000 -Threshold 2000 -trapsInTimeSlice 200
<!--NeedCopy-->

To configure a traffic limit identifier by using the configuration utility

Navigate to AppExpert > Rate Limiting > Limit Identifiers, click Add and specify the relevant details.

Configure a traffic rate limit identifier