Network Router User Manual

Web OS 10.0 Application Guide

Chapter 7: Filtering

183

212777-A, February 2002

TCP Rate Limiting Filter Based on Virtual Server IP Address

This example defines a filter that limits clients to 100 TCP connections per second to a specific

destination (VIP 10.10.10.100). Once a client exceeds that limit, the client is not allowed to

make any new TCP connection request to that destination for 40 minutes. Figure 7-6 shows

how to use this feature to limit client access to a specific destination.

Figure 7-6 Limiting User Access to Server

Configure the following on the switch:

Fastage and slowage are set to 2 seconds and 8 minutes as follows:

time window = timewin x fastage = 1 x 2 seconds = 2 seconds

hold down time = holddur x slowage = 5 x 8 minutes = 40 minutes

max rate = maxcon/time window = 200 connections/2 seconds = 100 connections/second

>> # /cfg/slb/filt 100/ena (Enable the filter)

>> Filter 100 # dip 10.10.10.100/dmask 255.255.255.0

(Specify the virtual server IP address)

>> Filter 100# adv/tcp (Select the advanced filter menu)

>> TCP advanced# tcplim en (Enable TCP rate limiting)

>> TCP advanced# maxconn 20 (Specify the maximum connections)

>> TCP advanced# /cfg/slb/adv (Select the Layer 4 advanced menu)

>> Layer 4 Advanced # timewin 1 (Set the time window for the session)

>> Layer 4 Advanced # holddur 5 (Set the hold duration for the session)

/cfg/slb/adv/fastage 1 (Fastage is set to 2 seconds)

/cfg/slb/adv/slowage 2 (Slowage is set to 8 minutes)

Web Switch

Internet

Real serversClients

Client 1, 2, 3, and 4 are limited

to 100 conn/sec to virtual IP address

Filter 100: 100 conn/sec

VIP: 10.10.10.100