Brocade Communications Systems 12.4.00a Home Theater Server User Manual


  Open as PDF
of 226
 
8 ServerIron ADX Security Guide
53-1002440-03
Transaction Rate Limit (TRL)
1
Ability to operate on a per VIP basis, whereby a different rate limit can be applied to traffic
coming to a different VIP.
Configuring transaction rate limit
To enable transaction rate limit, you must configure parameters for each client address/prefix and
apply the transaction rate limit configuration to a specific VIP.
Prerequisites
Before you can configure transaction rate limit, you must configure a virtual server. The following
example shows how to configure a virtual server.
ServerIronADX> enable
ServerIronADX# config terminal
ServerIronADX(config)# server virtual-name-or-ip bwVIP 1.1.1.33
Syntax: [no] server virtual-name-or-ip <vip-name-or-address> <ip address>
Configure transaction rate limit rule set
The transaction rate limit parameters are grouped into a set and each set is associated with a
name. To create a set of transaction rate limit rules, follow these steps.
1. Enable privileged EXEC mode.
ServerIronADX> enable
2. Enter global configuration mode.
ServerIronADX# configure terminal
3. Configure name of a transaction rate limit rule set and enter client transaction rate limit
configuration mode.
ServerIronADX(config)#client-trans-rate-limit tcp TRL1
Syntax: [no] client-trans-rate-limit tcp | udp | icmp <name>
4. Specify the trl keyword for client subnet and set connection rate.
For IPv4:
ServerIronADX(config-client-trl-trl1)# trl 100.1.1.0 255.255.255.0
monitor-interval 3 conn-rate 10 hold-down-time 1
For IPv6:
ServerIronADX(config-client-trl-trl1)# trl 100::1/128 monitor-interval 3
conn-rate 10 hold-down-time 1
Syntax: [no] trl { <client-IPv4> <client-mask> | <client-IPv6> <prefix> } monitor-interval
<mon-value> conn-rate <con-value> hold-down-time <hold-down-value>
Configure transaction rate limit to exclude a client
You can configure a client address/prefix to be excluded from transaction rate limiting within a
transaction rate limit configuration group.
To exclude a client from transaction rate limit, follow these steps.
 previous next