Configuring transaction rate limit, Prerequisites, Configure transaction rate limit rule set – Brocade Communications Systems ServerIron ADX 12.4.00a User Manual

Page 22

Advertising
background image

8

ServerIron ADX Security Guide

53-1002440-03

Transaction Rate Limit (TRL)

1

Ability to operate on a per VIP basis, whereby a different rate limit can be applied to traffic
coming to a different VIP.

Configuring transaction rate limit

To enable transaction rate limit, you must configure parameters for each client address/prefix and
apply the transaction rate limit configuration to a specific VIP.

Prerequisites

Before you can configure transaction rate limit, you must configure a virtual server. The following
example shows how to configure a virtual server.

ServerIronADX> enable

ServerIronADX# config terminal

ServerIronADX(config)# server virtual-name-or-ip bwVIP 1.1.1.33

Syntax: [no] server virtual-name-or-ip <vip-name-or-address> <ip address>

Configure transaction rate limit rule set

The transaction rate limit parameters are grouped into a set and each set is associated with a
name. To create a set of transaction rate limit rules, follow these steps.

1. Enable privileged EXEC mode.

ServerIronADX> enable

2. Enter global configuration mode.

ServerIronADX# configure terminal

3. Configure name of a transaction rate limit rule set and enter client transaction rate limit

configuration mode.

ServerIronADX(config)#client-trans-rate-limit tcp TRL1

Syntax: [no] client-trans-rate-limit tcp | udp | icmp <name>

4. Specify the trl keyword for client subnet and set connection rate.

For IPv4:

ServerIronADX(config-client-trl-trl1)# trl 100.1.1.0 255.255.255.0

monitor-interval 3 conn-rate 10 hold-down-time 1

For IPv6:

ServerIronADX(config-client-trl-trl1)# trl 100::1/128 monitor-interval 3

conn-rate 10 hold-down-time 1

Syntax: [no] trl { <client-IPv4> <client-mask> | <client-IPv6> <prefix> } monitor-interval

<mon-value> conn-rate <con-value> hold-down-time <hold-down-value>

Configure transaction rate limit to exclude a client

You can configure a client address/prefix to be excluded from transaction rate limiting within a
transaction rate limit configuration group.

To exclude a client from transaction rate limit, follow these steps.

Advertising
Popular Brands
Popular manuals