Nortel Web OS Switch Software Application Manual page 182

Web OS 10.0 Application Guide
TCP Rate Limiting Filter Based on Source IP Address
This example shows how to define a filter that limits clients with IP address 30.30.30.x to 150
TCP connections per second. Once a user exceeds that limit, they are not allowed any new
TCP connections for 10 minutes.
Configure the following on the switch:
>> # /cfg/slb/filt 100/ena
>> Filter 100 # sip 30.30.30.0
>> Filter 100 # smask 255.255.255.0
>> Filter 100 # adv/tcp
>> TCP advanced# tcplim en
>> TCP advanced# maxconn 15
>> TCP advanced# /cfg/slb/adv
>> Layer 4 Advanced # timewin 1
>> Layer 4 Advanced # holddur 5
Fastage and slowage are set at their default values:
Fastage = 0 (1 sec) slowage = 0 (2 minutes).
Time window = timewin x fastage = 1 x 1 second = 1 second
Hold down time = holddur x slowage = 5 x 2 minutes = 10 minutes
Max rate = maxcon/time window = 150 connections/1 second = 150 connections/second
Any client with source IP address equal to 30.30.30.x is allowed to make 150 new TCP con-
nections per second to any single destination. When the rate limit of 150 is met, the hold down
time takes effect and the client is not allowed to make any new TCP connections to the same
destination for 10 minutes.
n
182 Chapter 7: Filtering
(Enable the filter)
(Specify the source IP address)
(Specify the source IP address mask)
(Select the advanced filter menu)
(Enable TCP rate limiting)
(Specify the maximum connections)
(Select the Layer 4 advanced menu)
(Set the time window for the session)
(Set the hold duration for the session)
212777-A, February 2002