Configuring The Connection Limit Policy; Applying The Connection Limit Policy - HP MSR2000 Configuration Manual
Hide thumbs
Also See for MSR2000:
- Configuration manual (455 pages) ,
- Manual (73 pages) ,
- High availability configuration manual (91 pages)
Table of Contents
Advertisement
Configuring the connection limit policy
A connection limit policy contains one or more connection limit rules, each of which specifies a range for
the limit. Connections in the range will be limited based on the parameters in the rule. When the number
of connections reaches the upper limit max-amount, the device does not accept new connections until the
number of connections goes below the lower limit min-amount. Connections not matching any
connection limit rule are not limited.
Connection limit references an ACL to specify the user range, and collect statistics on and limit the
number of user connections.
User connections in a range can be limited by the following types of connection limit rules:
per-destination—Limits user connections by destination IP address.
•
per-service—Limits user connections by service (transport layer protocol or application layer
•
protocol).
•
per-source—Limits user connections by source IP address.
If you specify multiple limit types in a limit rule, they take effect at the same time. For example, if you
specify both per-destination and per-service, the user connections using the same service and destined
to the same IP address are limited. If you do not specify any limit type in a limit rule, all user connections
in the range are limited.
When the connections established on a device are matched against a connection limit policy, all the limit
rules in the policy are matched in ascending order of rule ID. HP recommends that you arrange the rules
in ascending order of range.
To configure the connection limit policy:
Step
1.
Enter system view.
2.
Enter connection limit policy
view.
3.
Configure a connection limit
rule.
Applying the connection limit policy
To make a connection limit policy take effect, apply it globally or to different interfaces. The connection
limit policy applied to an interface takes effect only for the specified connections on the interface, and the
connection limit policy applied globally takes effect for all the specified connections on the device.
If different connection limit policies are applied to the inbound interface, outbound interface, and
globally, the connections processed by the device are limited by the inbound interface connection limit
policy, outbound interface connection limit policy, and global connection limit policy, respectively. Once
any upper limit of the connection is reached, the device cannot accept any new connections.
To apply a connection limit policy to an interface:
Command
system-view
connection-limit { ipv6-policy |
policy } policy-id
limit limit-id acl [ ipv6 ]
{ acl-number | name acl-name }
[ per-destination | per-service |
per-source ] * amount max-amount
min-amount
267
Remarks
N/A
N/A
By default, no connection limit rule
exists.
The keyword ipv6 is available only
in IPv6 connection limit policy
view.
Advertisement
Table of Contents
Troubleshooting
