Web OS 10.0 Application GuideChapter 7: Filtering n 179212777-A, February 2002TCP Rate LimitingWeb OS 10.0 allows you to prevent a client or a group of clients from claiming all the TCPresources on the servers. This is done by monitoring the rate of incoming TCP connectionrequests to a virtual IP address and limiting the client requests with a known set of IPaddresses.TCP rate limiting is similar to bandwidth management. In both features, you configure filtersto limit the TCP connection requests; but in bandwidth management the limiting factor is port-based, and in TCP rate limit it is user-based.The TCP rate limit is defined as the maximum number of TCP connection requests within aconfigured time window. The switch monitors the number of new TCP connections and when itexceeds the configured limit, any new TCP connection request is blocked. When this occurs,the client is said to be held down. The client is held down for a specified duration of time, afterwhich new TCP connection requests from the client are allowed to pass through again.Figure 7-5 on page 180 shows four clients configured for TCP rate limits based on source IPaddress. Clients 1 and 4 have the same TCP rate limit of 10 connections per second. Client 2has a TCP rate limit of 20 connections per second. Client 3 has a TCP rate limit of 30 connec-tions per second.When the rate of new TCP connections from clients 1, 2, 3, and 4 reach a pre-determinedthreshold, any new connection request from the client is blocked for a pre-determined amountof time. If the client’s IP address and the configured filter do not match, then the default filteris applied.