cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1695
Views
0
Helpful
2
Replies

ACE rate limiting question

Darren Sasso
Level 1
Level 1

Good day. I'm trying to rate limit traffic on my ACE module. I see that i can do real server rate limiting and connection limiting. Is there a way to do that based upon flow or is there some way to differentiate between source addresses?

Thanks in Advance.

2 Replies 2

You can either rate limit on per Vserver basis or rserver basis.

example1: rserver based rate limiting

serverfarm host syed-farm

rserver syed-server

rate-limit connection 300

example2: Vserver based rate limiting

parameter-map type connection syed-map

rate-limit connection 300

policy-map multi-match vlanx-vips

class VIP80

connection advanced-options syed-map

Rate limiting based on any other source or destination criteria is not supported.

One option to explore would be to use a dedicate context for a particular APP and

resource limit the connections using "limit-resource rate" command.

Netpace1/Admin(config-resource)# limit-resource rate ?

bandwidth Limit bandwidth in bytes per second

connections Limit connections per second

inspect-conn Limit rtsp/ftp inspect connections per second

mac-miss Limit mac miss traffic (punted to-the-box) in

pkts/sec

mgmt-traffic Limit management traffic (to-the-box) in bytes per

second

ssl-connections Limit number of SSL connections per second

syslog Limit syslog messages per second

HTH

Syed Iftekhar Ahmed

Thanks for the advice Syed. I'll test that first.

I'm trying to prevent ddos attacks at the ACE level. I guess i can move out a bit since i think 6500's can do per flow rate limiting.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: