Re: max connections - source IP

donaghq_2 · ‎09-13-2006

Hello,

I would like to be able to limit the amout of connections to a particular service based on source IP address.

Thanks

Donagh

Gilles Dufour · ‎09-13-2006

you can't do it based on source-ip.

Gilles.

donaghq_2 · ‎09-13-2006

Hi Gilles

Can you tell if I could limit is by some other means?

Thanks for your swift response.

Donagh

Gilles Dufour · ‎09-13-2006

you can only limit the total number of connections. You can't say some traffic will bypass the rule.

So, all connections are taken into account and when the limit is reached all connections are blocked - no exception or bypass.

Gilles.

donaghq_2 · ‎09-13-2006

ok thanks Gilles. It would be a nice feature, although Cisco probably have another product for that. Do you know of anything? Finally my last question to you which is related. How many connections can a CSS11503 take before it falls over - I am sure there would probably need to be 100s of VI Pswith many services. Perhaps you could clarify - I have looked at the product documentation but I cant find the answer. I will rate...

Thanks

Donagh

Gilles Dufour · ‎09-13-2006

The CSS would have problem if it runs out of FCB. THe amount of FCB per CSS is dependent on how many module you have.

We usually count 200k per module.

So, 600k FCB per CSS.

Each flow consume 1 FCB.

You can do a 'flow stat' from llama mode to see how much FCB you have and howmany are being used and free.

Gilles.