10-20-2009 02:01 PM
Good day. I'm trying to rate limit traffic on my ACE module. I see that i can do real server rate limiting and connection limiting. Is there a way to do that based upon flow or is there some way to differentiate between source addresses?
Thanks in Advance.
10-20-2009 04:21 PM
You can either rate limit on per Vserver basis or rserver basis.
example1: rserver based rate limiting
serverfarm host syed-farm
rserver syed-server
rate-limit connection 300
example2: Vserver based rate limiting
parameter-map type connection syed-map
rate-limit connection 300
policy-map multi-match vlanx-vips
class VIP80
connection advanced-options syed-map
Rate limiting based on any other source or destination criteria is not supported.
One option to explore would be to use a dedicate context for a particular APP and
resource limit the connections using "limit-resource rate" command.
Netpace1/Admin(config-resource)# limit-resource rate ?
bandwidth Limit bandwidth in bytes per second
connections Limit connections per second
inspect-conn Limit rtsp/ftp inspect connections per second
mac-miss Limit mac miss traffic (punted to-the-box) in
pkts/sec
mgmt-traffic Limit management traffic (to-the-box) in bytes per
second
ssl-connections Limit number of SSL connections per second
syslog Limit syslog messages per second
HTH
Syed Iftekhar Ahmed
10-20-2009 08:08 PM
Thanks for the advice Syed. I'll test that first.
I'm trying to prevent ddos attacks at the ACE level. I guess i can move out a bit since i think 6500's can do per flow rate limiting.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide