Filter
Top Products
Web OS 10.0 Application Guide
182
Chapter 7: Filtering
212777-A, February 2002
TCP Rate Limiting Filter Based on Source IP Address
This example shows how to define a filter that limits clients with IP address 30.30.30.x to 150
TCP connections per second. Once a user exceeds that limit, they are not allowed any new
TCP connections for 10 minutes.
Configure the following on the switch:
Fastage and slowage are set at their default values:
Fastage = 0 (1 sec) slowage = 0 (2 minutes).
Time window = timewin x fastage = 1 x 1 second = 1 second
Hold down time = holddur x slowage = 5 x 2 minutes = 10 minutes
Max rate = maxcon/time window = 150 connections/1 second = 150 connections/second
Any client with source IP address equal to 30.30.30.x is allowed to make 150 new TCP con-
nections per second to any single destination. When the rate limit of 150 is met, the hold down
time takes effect and the client is not allowed to make any new TCP connections to the same
destination for 10 minutes.
>> # /cfg/slb/filt 100/ena (Enable the filter)
>> Filter 100 # sip 30.30.30.0 (Specify the source IP address)
>> Filter 100 # smask 255.255.255.0 (Specify the source IP address mask)
>> Filter 100 # adv/tcp (Select the advanced filter menu)
>> TCP advanced# tcplim en (Enable TCP rate limiting)
>> TCP advanced# maxconn 15 (Specify the maximum connections)
>> TCP advanced# /cfg/slb/adv (Select the Layer 4 advanced menu)
>> Layer 4 Advanced # timewin 1 (Set the time window for the session)
>> Layer 4 Advanced # holddur 5 (Set the hold duration for the session)