Manualshelf

Network Router User Manual

ManualsBrandsNortel Networks ManualsNetwork RouterWEB OS 212777
461462463464465466467468469470
Web OS 10.0 Application Guide
468
Chapter 17: Bandwidth Management
212777-A, February 2002
Security Management Example
BWM can be used to prevent Denial of Service (DoS) attacks by a flooding of necessary evil
packets and limiting the rate of TCP SYN, ping, other disruptive packets, and alerting/logging
the network manager when soft limits are exceeded.
In the following example, a filter is configured to match ping packets, and BWM is configured
to prevent DoS attacks by limiting the bandwidth policy rate of those packets:
1. Configure the switch as usual for SLB (see Server Load Balancing on page 117):
n Assign an IP address to each of the real servers in the server pool.
n Define an IP interface on the switch.
n Define each real server.
n Define a real server group.
n Define a virtual server.
n Define the port configuration.
NOTE Ensure BWM is enabled on the switch (/cfg/bwm/on).
2. Select a bandwidth policy.
Each policy must have a number from 1 to 64.
3. Set the hard, soft, and reserved rate limits for this policy in Kilobytes.
4. Set the buffer limit for the policy.
Set a parameter between 8192 and 128000 bytes. The buffer depth for a BWM contract should
be set to a multiple of the packet size.
5. On the switch, select a BWM contract and name the contract.
Each contract must have a unique number from 1 to 256.
>> # /cfg/bwm/pol 1 (Select BWM policy 1)
>> Policy 1# hard 250k (Set never exceed rate)
>> Policy 1# soft 250k (Set desired bandwidth rate)
>> Policy 1# resv 250k (Set committed information rate)
>> Policy 1# buffer 8192 (Set policy buffer limit of 8192 bytes)
>> Bandwidth Management# /cfg/bwm/cont 1 (Select BWM contract 1)
>> BWM Contract 1# name icmp (Select contract name icmp)