Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Community Member

ACE rate limiting question

Good day. I'm trying to rate limit traffic on my ACE module. I see that i can do real server rate limiting and connection limiting. Is there a way to do that based upon flow or is there some way to differentiate between source addresses?

Thanks in Advance.

2 REPLIES

Re: ACE rate limiting question

You can either rate limit on per Vserver basis or rserver basis.

example1: rserver based rate limiting

serverfarm host syed-farm

rserver syed-server

rate-limit connection 300

example2: Vserver based rate limiting

parameter-map type connection syed-map

rate-limit connection 300

policy-map multi-match vlanx-vips

class VIP80

connection advanced-options syed-map

Rate limiting based on any other source or destination criteria is not supported.

One option to explore would be to use a dedicate context for a particular APP and

resource limit the connections using "limit-resource rate" command.

Netpace1/Admin(config-resource)# limit-resource rate ?

bandwidth Limit bandwidth in bytes per second

connections Limit connections per second

inspect-conn Limit rtsp/ftp inspect connections per second

mac-miss Limit mac miss traffic (punted to-the-box) in

pkts/sec

mgmt-traffic Limit management traffic (to-the-box) in bytes per

second

ssl-connections Limit number of SSL connections per second

syslog Limit syslog messages per second

HTH

Syed Iftekhar Ahmed

Community Member

Re: ACE rate limiting question

Thanks for the advice Syed. I'll test that first.

I'm trying to prevent ddos attacks at the ACE level. I guess i can move out a bit since i think 6500's can do per flow rate limiting.

1404
Views
0
Helpful
2
Replies
CreatePlease to create content