beautypg.com

Apply transaction rate limit to a vip – Brocade Virtual ADX Security Guide (Supporting ADX v03.1.00) User Manual

Page 23

background image

Brocade Virtual ADX Security Guide

11

53-1003250-01

Transaction rate limit

1

NOTE

If you configure the hold-down-time keyword with a value of 0, the incoming request is not held
down. Instead, it generates a syslog message with the source and destination IP addresses so
that you can passively observe if the transaction count exceeds a specified threshold value
rate limit.

5. The transaction rate limit policy pertaining to the protocol and the port must be applied to

either the physical or the virtual interface for pass through traffic. This will ensure that the
traffic is brought to the application processor (BP) for rate-limitation.

Applying policy on physical interface

Virtual ADX(config) # interface eth 1/1

Virtual ADX(config-if-1/1)# ip tcp trans-rate 80

Applying policy on virtual interface

Virtual ADX(config) # interface ve 20

Virtual ADX(config-vif-20)# ip udp trans-rate 53

Syntax: [no] ip tcp | udp trans-rate ports

Syntax: [no] ip icmp trans-rate

The ports parameter specifies one or more TCP or UDP ports to monitor. You can monitor up to
four ports.

Apply transaction rate limit to a VIP

After configuring transaction rate limit, you must bind transaction rate limit to a VIP. To enable
transaction rate limit, follow these steps.

1. Enable privileged EXEC mode.

Virtual ADX> enable

2. Enter global configuration mode.

Virtual ADX# configure terminal

3. Specify server virtual-name-or-ip command and VIP name to enter virtual server configuration

mode.

Virtual ADX(config)# server virtual-name-or-ip bwVIP

Syntax: [no] server virtual-name-or-ip name-or-address

4. Specify the BW parameter and BW rule set.

Virtual ADX(config-vs-bwVIP)# client-trans-rate-limit trl

Syntax: [no] client-trans-rate-limit name

5. The transaction rate limit policy pertaining to the protocol and the port must be applied to

either the physical or the virtual interface for traffic hitting the Virtual IP.

Applying policy on physical interface

Virtual ADX(config)# interface eth 1/1

Virtual ADX(config-if-1/1)# ip tcp trans-rate 80

See also other documents in the category Brocade Computer Accessories: