Figure 7-6, Limiting user access to server 183 – Nortel Networks WEB OS 212777 User Manual
Page 183
Web OS 10.0 Application Guide
Chapter 7: Filtering
n
183
212777-A, February 2002
TCP Rate Limiting Filter Based on Virtual Server IP Address
This example defines a filter that limits clients to 100 TCP connections per second to a specific
destination (VIP 10.10.10.100). Once a client exceeds that limit, the client is not allowed to
make any new TCP connection request to that destination for 40 minutes.
shows
how to use this feature to limit client access to a specific destination.
Figure 7-6 Limiting User Access to Server
Configure the following on the switch:
Fastage
and
slowage
are set to 2 seconds and 8 minutes as follows:
time window =
timewin x fastage
= 1 x 2 seconds = 2 seconds
hold down time =
holddur x slowage
= 5 x 8 minutes = 40 minutes
max rate =
maxcon
/time window = 200 connections/2 seconds = 100 connections/second
>> # /cfg/slb/filt 100/ena
(Enable the filter)
>> Filter 100 # dip 10.10.10.100/dmask 255.255.255.0
(Specify the virtual server IP address)
>> Filter 100# adv/tcp
(Select the advanced filter menu)
>> TCP advanced# tcplim en
(Enable TCP rate limiting)
>> TCP advanced# maxconn 20
(Specify the maximum connections)
>> TCP advanced# /cfg/slb/adv
(Select the Layer 4 advanced menu)
>> Layer 4 Advanced # timewin 1
(Set the time window for the session)
>> Layer 4 Advanced # holddur 5
(Set the hold duration for the session)
/cfg/slb/adv/fastage 1
(Fastage is set to 2 seconds)
/cfg/slb/adv/slowage 2
(Slowage is set to 8 minutes)
Web Switch
Internet
Real servers
Clients
1
2
3
4
Client 1, 2, 3, and 4 are limited
to 100 conn/sec to virtual IP address
Filter 100: 100 conn/sec
VIP: 10.10.10.100
S1
S2