beautypg.com

Brocade Virtual ADX Security Guide (Supporting ADX v03.1.00) User Manual

Page 15

background image

Brocade Virtual ADX Security Guide

3

53-1003250-01

Application Traffic Prioritization

1

The Brocade Virtual ADX offers up to eight priority levels ranging from 0 through 7. You can assign
two priority levels against each application VIP, the default priority level and attack priority level.
The probability of dropping an application packet is inversely proportional to the priority level of its
respective VIP. In other words, VIPs with higher priority value have a lower drop probability
compared to VIPs with lower priority value. Although 7 is the highest priority level, when the BP-RX
queue is full, there would be some drops for priority 7 as well if configured.

Under normal traffic conditions, all VIPs are assigned to their respective default priority levels. If the
overall traffic on the system rises above tolerable limits, such as the system CPU utilization
approaching 100%, then the Brocade Virtual ADX begins dropping packets for application VIPs that
have a lower priority.

In addition, you can specify threshold for maximum connection rate separately for TCP and UDP
traffic against each application VIP. If traffic against a given VIP exceeds its pre-specified threshold
value, then this VIP will get re-assigned to its attack priority level typically configured at a lower
value. Thus, when the Brocade Virtual ADX is subjected to attacks, it not only begins dropping
packets of lower priority VIPs but also drops packets of VIPs whose priorities have been lowered to
attack priority levels. This mechanism ensures a fair chance of service for VIPs that are assigned
lower value against their default priority level.

Use the CLI commands to configure the Brocade Virtual ADX application traffic prioritization feature
as described in the following sections.

Specifying traffic priority globally across all VIPs

Use the server priority command to configure default and attack priority values globally across all
VIPs. For example, to specify traffic priority for TCP and UDP globally across all VIPs, enter the
following commands.

Virtual ADX(config)# server priority udp 3 attack-priority 0

Virtual ADX(config)# server priority tcp 2 attack-priority 0

Syntax: [no] server priority [tcp | udp | ip] default-value [attack-priority attack-value]

The tcp option specifies TCP SLB traffic.

The udp option specifies UDP SLB traffic.

The ip option specifies remaining traffic such as ICMP.

NOTE

When using the server priority command, you are required to specify either a tcp, udp, or ip
option.

The default-value variable is the default priority value. Enter a number from 0 through 7. If you
enter 7, which is the highest priority level, when BP-RX queue is full, there would be some
packet drops as well.

The attack-priority attack-value option specifies the attack priority value. For the attack-value
variable, enter a number from 0 through 7. If you enter 7, which is the highest priority level,
when BP-RX queue is full, there would be some packet drops as well.

See also other documents in the category Brocade Computer Accessories: