beautypg.com

Tcp rate limiting, Tcp rate limiting 179 – Nortel Networks WEB OS 212777 User Manual

Page 179

background image

Web OS 10.0 Application Guide

Chapter 7: Filtering

n

179

212777-A, February 2002

TCP Rate Limiting

Web OS 10.0 allows you to prevent a client or a group of clients from claiming all the TCP
resources on the servers. This is done by monitoring the rate of incoming TCP connection
requests to a virtual IP address and limiting the client requests with a known set of IP
addresses.

TCP rate limiting is similar to bandwidth management. In both features, you configure filters
to limit the TCP connection requests; but in bandwidth management the limiting factor is port-
based, and in TCP rate limit it is user-based.

The TCP rate limit is defined as the maximum number of TCP connection requests within a
configured time window. The switch monitors the number of new TCP connections and when it
exceeds the configured limit, any new TCP connection request is blocked. When this occurs,
the client is said to be held down. The client is held down for a specified duration of time, after
which new TCP connection requests from the client are allowed to pass through again.

Figure 7-5 on page 180

shows four clients configured for TCP rate limits based on source IP

address. Clients 1 and 4 have the same TCP rate limit of 10 connections per second. Client 2
has a TCP rate limit of 20 connections per second. Client 3 has a TCP rate limit of 30 connec-
tions per second.

When the rate of new TCP connections from clients 1, 2, 3, and 4 reach a pre-determined
threshold, any new connection request from the client is blocked for a pre-determined amount
of time. If the client’s IP address and the configured filter do not match, then the default filter
is applied.