Alteon Application Switch Operating System Application Guide
Advanced Denial of Service Protection
616 Document ID: RDWR-ALOS-V2900_AG1302
Figure 99: Limiting User Service to a Server
1. Configure the following:
— Time window = 2 seconds
— Holddown time = 40 minutes
— Max rate =
maxconn/time window = 100 connections/second
— 200 connections/2 seconds = 100 connections/second
This configuration limits all clients to 100 new TCP (or UDP/ICMP packets) per second to the
server. If a client exceeds this rate, then the client is not allowed to transmit sessions or
connections to the virtual server for 40 minutes.
2. Add the filter to the ingress port.
3. Apply and save the configuration.
>> # /cfg/slb/filt 100/ena
(Enable the filter)
>> Filter 100 # dip 10.10.10.100
>> Filter 100 # dmask 255.255.255.255
>> Filter 100 # proto <any|<number>|<name>>
(Specify TCP, UDP or ICMP protocol)
>> Filter 100 # adv/security
(Select the Security menu)
>> Security# ratelim ena
(Enable rate limiting)
>> Security# maxconn 20
(Specify the maximum connections
in multiples of 10)
>> Security# timewin 2
(Set the time window for the
session)
>> Security# holddur 40
(Set the hold duration for the
session)
>> Rate Limiting # /cfg/slb/port 2/filt ena/add 100
To Next Page
Loading...
Need help?
General