Configure rate limit at packet level

September 14, 2021

Contributed by:

S C

You can configure a stream selector and a responder policy to collect statistics at the packet level flowing through all the connections identified by the selector. If the number of packets per second exceed the configured threshold, the policy applies the configured action (RESET or DROP). You can configure these policies for all types of virtual servers. Packets of all sizes are considered.

To configure rate limiting at packet level, perform the following tasks

Enable load balancing
Add stream selector
Add stream identifier
Add responder policy
Add load balancing virtual server
Bind responder policy

To enable load balancing feature

At the command prompt, type:

enable ns feature lb

To add a stream selector

At the command prompt, type:

              add stream selector packetlimitselector client.ip.src client.tcp.srcport client.ip.dst client.tcp.dstport 
             

To add a stream identifier

At the command prompt, type:

add stream identifier packetlimitidentifier packetlimitselector -interval 1

To enable tracking of ACK only packets

At the command prompt, type:

set stream identifier packetlimitidentifier –trackAckOnlyPackets ENABLED

To add a responder policy

At the command prompt, type:

              add responder policy packet_rate_sessionpolicy "ANALYTICS.STREAM(\"packetlimitidentifier\").COLLECT_STATS(\"PACKET_LIMIT\", , ACTION, 0/1)" NOOP 
             

Where,

is the maximum number of packets allowed through the connection per second.
行动可以减少或重置。
0 or 1 represents the limit type; 0 represents the BURSTY limit type and 1 represents the SMOOTH limit type.

Example:

              add responder policy packet_rate_sessionpolicy "ANALYTICS.STREAM(\"packetlimitidentifier\").COLLECT_STATS(\"PACKET_LIMIT\", 40, RESET, 0)" NOOP 
             

To add a load balancing virtual server

At the command prompt, type:

add lb vserver     add lb vserver Vserver-lb-1 HTTP 10.102.20.200 80

To bind a responder policy

After the selector and the responder policy are configured, the policy can be bound globally or to the specific virtual server.

At the command prompt, type either of the following commands:

bind responder global   [] [-type ] [-invoke ( ) ]

bind lb vserver @ (-policyName @ [-priority ]

Examples:

              bind responder global packet_rate_sessionpolicy 101 END -type REQ_DEFAULT bind responder global packet_rate_sessionpolicy 102 END -type bind lb vserver v1 -policyname packet_rate_sessionpolicy -priority 10 
             

The official version of this content is in English. Some of the Cloud Software Group documentation content is machine translated for your convenience only. Cloud Software Group has no control over machine-translated content, which may contain errors, inaccuracies or unsuitable language. No warranty of any kind, either expressed or implied, is made as to the accuracy, reliability, suitability, or correctness of any translations made from the English original into any other language, or that your Cloud Software Group product or service conforms to any machine translated content, and any warranty provided under the applicable end user license agreement or terms of service, or any other agreement with Cloud Software Group, that the product or service conforms with any documentation shall not apply to the extent that such documentation has been machine translated. Cloud Software Group will not be held responsible for any damage or issues that may arise from using machine-translated content.

Configure rate limit at packet level

September 14, 2021

Contributed by:

S C

September 14, 2021

Contributed by:

S C

在this article

To configure rate limiting at packet level, perform the following tasks