Figure 7-6: Limiting User Access To Server - Nortel Web OS Switch Software Application Manual

TCP Rate Limiting Filter Based on Virtual Server IP Address
This example defines a filter that limits clients to 100 TCP connections per second to a specific
destination (VIP 10.10.10.100). Once a client exceeds that limit, the client is not allowed to
make any new TCP connection request to that destination for 40 minutes.
how to use this feature to limit client access to a specific destination.
Clients
2
3
Figure 7-6 Limiting User Access to Server
Configure the following on the switch:
>> # /cfg/slb/filt 100/ena
>> Filter 100 # dip 10.10.10.100/dmask 255.255.255.0
>> Filter 100# adv/tcp
>> TCP advanced# tcplim en
>> TCP advanced# maxconn 20
>> TCP advanced# /cfg/slb/adv
>> Layer 4 Advanced # timewin 1
>> Layer 4 Advanced # holddur 5
Fastage and slowage are set to 2 seconds and 8 minutes as follows:
/cfg/slb/adv/fastage 1
/cfg/slb/adv/slowage 2
time window = timewin x fastage = 1 x 2 seconds = 2 seconds
hold down time = holddur x slowage = 5 x 8 minutes = 40 minutes
max rate = maxcon/time window = 200 connections/2 seconds = 100 connections/second
212777-A, February 2002
Client 1, 2, 3, and 4 are limited
to 100 conn/sec to virtual IP address
1
Internet
4
Web OS 10.0 Application Guide
Web Switch
VIP: 10.10.10.100
Filter 100: 100 conn/sec
(Enable the filter)
(Specify the virtual server IP address)
(Select the advanced filter menu)
(Enable TCP rate limiting)
(Specify the maximum connections)
(Select the Layer 4 advanced menu)
(Set the time window for the session)
(Set the hold duration for the session)
(Fastage is set to 2 seconds)
(Slowage is set to 8 minutes)
Chapter 7: Filtering
Figure 7-6 shows
Real servers
S1
S2
n
183