Filter
Top Products
14 ServerIron ADX Security Guide
53-1002440-03
Transaction Rate Limit (TRL)
1
Syntax: trl {default | { <client-IPv4> <client-mask> | <client-IPv6> <prefix> } {exclude |
monitor-interval
<monitor-value> conn-rate <connection-value> hold-down-time <hold-down-value>}}
default - Specifies default transaction rate limit parameter.
<client-IPv4> - Specifies IPv4 client subnet and <client-mask> - Specifies the IPv4 client mask.
<client-IPv6> - Specifies IPv6 client subnet and <prefix> - Specifies the IPv6 client mask bits.
exclude - Specifies to exclude the prefix from transaction rate limit.
monitor-interval - Specifies time interval for monitoring in 100ms.
<monitor-value> - Specifies value of time interval for monitoring.
conn-rate - Specifies connection rate.
<connection-value> - Specifies value of connection rate for client.
hold-down-time - Specifies time for holding down source.
<hold-down-value> - Specifies hold down time in minutes.
Command modes
Global configuration mode.
Global TRL
If TRL per client subnet is not needed, Global TRL can be used to create a configuration to apply to
all the incoming traffic.
Use ip [tcp | udp | icmp] trans-rate to enable TRL on the ServerIron for TCP, UDP, or ICMP traffic. If
any more than a specified number packets per second come from the same IP address over a
specified interval, then all traffic from that IP address is held down for a specified number of
minutes.
Syntax: [no] ip [tcp | udp | icmp] trans-rate monitor-interval <interval> conn-rate <rate>
hold-down-time <minutes>
monitor-interval <interval> Amount of time used to measure incoming traffic. This parameter is
specified in increments of 100ms. For example, to measure traffic over a 1 second interval, you
would specify 10 for this.
conn-rate <rate> Threshold for the number of connections per second from any one IP address.
Traffic exceeding this rate over the specified interval is subject to hold down.
hold-down-time <minutes> Number of minutes that traffic from an IP address that has sent
packets at rate higher than the configured threshold is to be held down.
Example
ServerIronADX(config)# ip tcp trans-rate monitor-interval 600 conn-rate 100
hold-down-time 5
This command configures the ServerIron to monitor incoming TCP traffic. If more than 100 TCP
connections per second arrive from the same IP address over a 60-second interval (600 X 100ms),
then all TCP traffic from that IP address is held down for 5 minutes.
To apply TRL to TCP traffic coming into port 80 on interface 1/1.