Apply transaction rate limit to a vip – Brocade Communications Systems ServerIron ADX 12.4.00a User Manual

Page 24

Advertising
background image

10

ServerIron ADX Security Guide

53-1002440-03

Transaction Rate Limit (TRL)

1

Configure transaction rate limit for pass through traffic

You can configure transaction rate limit for traffic that is not going to a virtual server. You can
configure only one group for pass through traffic.

To create a transaction rate limit group for pass through traffic, follow these steps.

1. Enable privileged EXEC mode.

ServerIronADX> enable

2. Enter global configuration mode.

ServerIronADX# configure terminal

3. Specify name of BW rule set and enter client bandwidth configuration mode.

ServerIronADX(config)# client-trans-rate-limit tcp default

Syntax: [no] client-trans-rate-limit tcp | udp | icmp default

4. Specify the trl parameter for the client subnet and set a connection rate.

For IPv4:

ServerIronADX(config-client-trl)#trl 100.1.1.0 255.255.255.0 monitor-interval

3 conn-rate 10 hold-down-time 1

For IPv6:

ServerIronADX(config-client-trl)#trl 300:11/128 monitor-interval 3 conn-rate

10 hold-down-time 1

Syntax: [no] trl { <client-IPv4> <client-mask> | <client-IPv6> <prefix> } monitor-interval

<mon-value> conn-rate <con-value> hold-down-time <hold-down-value>

5. The transaction rate limit policy pertaining to the protocol and the port must be applied to

either the physical or the virtual interface for pass through traffic. This will ensure that the
traffic is brought to the application processor (BP) for rate-limitation.

Applying policy on physical interface

ServerIronADX(config) # interface eth 1/1

ServerIronADX(config-if-1/1) # ip tcp trans-rate 80

Applying policy on virtual interface

ServerIronADX(config) # interface ve 20

ServerIronADX(config-vif-20) # ip udp trans-rate 53

Syntax: [no} ip tcp | udp trans-rate <ports>

Syntax: [no} ip icmp trans-rate

The <ports> parameter specifies one or more TCP or UDP ports to monitor. You can monitor up
to four ports.

Apply transaction rate limit to a VIP

After configuring transaction rate limit, you must bind transaction rate limit to a VIP. To enable
transaction rate limit, follow these steps.

1. Enable privileged EXEC mode.

ServerIronADX> enable

Advertising
Popular Brands
Popular manuals