Web OS 10.0 Application GuideChapter 7: Filtering n 183212777-A, February 2002TCP Rate Limiting Filter Based on Virtual Server IP AddressThis example defines a filter that limits clients to 100 TCP connections per second to a specificdestination (VIP 10.10.10.100). Once a client exceeds that limit, the client is not allowed tomake any new TCP connection request to that destination for 40 minutes. Figure 7-6 showshow to use this feature to limit client access to a specific destination.Figure 7-6 Limiting User Access to ServerConfigure the following on the switch:Fastage and slowage are set to 2 seconds and 8 minutes as follows:time window = timewin x fastage = 1 x 2 seconds = 2 secondshold down time = holddur x slowage = 5 x 8 minutes = 40 minutesmax rate = maxcon/time window = 200 connections/2 seconds = 100 connections/second>> # /cfg/slb/filt 100/ena (Enable the filter)>> Filter 100 # dip 10.10.10.100/dmask 255.255.255.0(Specify the virtual server IP address)>> Filter 100# adv/tcp (Select the advanced filter menu)>> TCP advanced# tcplim en (Enable TCP rate limiting)>> TCP advanced# maxconn 20 (Specify the maximum connections)>> TCP advanced# /cfg/slb/adv (Select the Layer 4 advanced menu)>> Layer 4 Advanced # timewin 1 (Set the time window for the session)>> Layer 4 Advanced # holddur 5 (Set the hold duration for the session)/cfg/slb/adv/fastage 1 (Fastage is set to 2 seconds)/cfg/slb/adv/slowage 2 (Slowage is set to 8 minutes)Web SwitchInternetReal serversClients1234Client 1, 2, 3, and 4 are limitedto 100 conn/sec to virtual IP addressFilter 100: 100 conn/secVIP: 10.10.10.100S1S2