Alteon Application Switch Operating System Application Guide
Advanced Denial of Service Protection
Figure 99: Limiting User Service to a Server
1. Configure the following:
>> # /cfg/slb/filt 100/ena
>> Filter 100 # dip 10.10.10.100
>> Filter 100 # dmask 255.255.255.255
>> Filter 100 # proto <any|<number>|<name>>
>> Filter 100 # adv/security
>> Security# ratelim ena
>> Security# maxconn 20
>> Security# timewin 2
>> Security# holddur 40
—
Time window = 2 seconds
—
Holddown time = 40 minutes
—
Max rate =
maxconn
—
200 connections/2 seconds = 100 connections/second
This configuration limits all clients to 100 new TCP (or UDP/ICMP packets) per second to the
server. If a client exceeds this rate, then the client is not allowed to transmit sessions or
connections to the virtual server for 40 minutes.
2. Add the filter to the ingress port.
>> Rate Limiting # /cfg/slb/port 2/filt ena/add 100
3. Apply and save the configuration.
616
/time window = 100 connections/second
(Enable the filter)
(Specify TCP, UDP or ICMP protocol)
(Select the Security menu)
(Enable rate limiting)
(Specify the maximum connections
in multiples of 10)
(Set the time window for the
session)
(Set the hold duration for the
session)
Document ID: RDWR-ALOS-V2900_AG1302