09-13-2006 12:09 AM
Hello,
I would like to be able to limit the amout of connections to a particular service based on source IP address.
Thanks
Donagh
09-13-2006 03:36 AM
you can't do it based on source-ip.
Gilles.
09-13-2006 04:54 AM
Hi Gilles
Can you tell if I could limit is by some other means?
Thanks for your swift response.
Donagh
09-13-2006 05:22 AM
you can only limit the total number of connections. You can't say some traffic will bypass the rule.
So, all connections are taken into account and when the limit is reached all connections are blocked - no exception or bypass.
Gilles.
09-13-2006 07:30 AM
ok thanks Gilles. It would be a nice feature, although Cisco probably have another product for that. Do you know of anything? Finally my last question to you which is related. How many connections can a CSS11503 take before it falls over - I am sure there would probably need to be 100s of VI Pswith many services. Perhaps you could clarify - I have looked at the product documentation but I cant find the answer. I will rate...
Thanks
Donagh
09-13-2006 07:41 AM
The CSS would have problem if it runs out of FCB. THe amount of FCB per CSS is dependent on how many module you have.
We usually count 200k per module.
So, 600k FCB per CSS.
Each flow consume 1 FCB.
You can do a 'flow stat' from llama mode to see how much FCB you have and howmany are being used and free.
Gilles.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide