IT Process Automation

 View Only
  • 1.  enable rate limiting on ADX 1000

    Posted Oct 13, 2019 08:05 PM
    Currently being scraped and causing a DDOS one of our websites.  I'm configuring 

    client-trans-rate-limit tcp trl_limiter

    trl 121.156.47.204 255.255.255.255 monitor-interval 5 conn-rate 10 hold-down-time 10

    !

    than applying it to the interface and the ve interface , but it doesn't seem to be applying or doing anything

    #show ver
    Copyright (c) 1996-2009 Brocade Communications Systems, Inc.
    Boot Version 12.5.00T405 Aug 14 2012 11:09:42 PDT label: dob12500
    Monitor Version 12.5.00T405 Aug 14 2012 11:09:42 PDT label: dob12500
    System Version 12.5.02pT403 Jun 22 2017 05:50:31 PDT label: ASR12502p
    AXP Version: 2.01 Dated: 2013/02/28 15:13:07
    PAX Version: 8.7 Dated: 2012/02/28 17:04:52
    MBRIDGE Version: 000b, Device ID # bebe

    ==========================================================================
    Type: ServerIron ADX 1016-2-PREM
    Backplane Serial #:
    Chassis Serial #:
    LID #: gIFKJOhFHH License: SI-1016-2-SSL-PREM
    Multi-tenancy: Disabled
    Part #: 35723-001
    SSL Card - Serial #: Part #: 40-1000373-02
    Version #: 13b626-03030303-111d8036-00
    ==========================================================================
    Active management module:
    1499 MHz Power PC processor (SVR 1.1, PVR 8021/0030) 599 MHz bus
    512 KB Boot flash
    131072 KB Code flash
    2048 MB DRAM
    The system uptime is 257 days 14 hours 39 minutes 41 seconds
    The system started at 20:00:01, Mountain, Sun Jan 27 2019

    The system - boot source: primary, mode: warm start, soft reset, total resets:31
    show flash
    Active management module:
    Compressed Pri Code size = 27972335, Version 12.5.02pT403 Jun 22 2017 05:50:31 PDT label: ASR12502p
    Compressed Sec Code size = 25873329, Version 12.4.00vT403 Jan 22 2015 17:16:09 PST label: ASR12400v
    Used Configuration Flash Size=99517, Max Configuration Flash Size=1441790

    Code flash:
    Size : 134217728 bytes
    Bytes Used : 55388800 bytes
    Bytes Free : 76021760 bytes

    USB 0 drive:
    Size : 4102352896 bytes
    Bytes Used : 552701952 bytes
    Bytes Free : 3549650944 bytes

    any help would be appreciated

    ------------------------------
    jeremy
    ------------------------------


  • 2.  RE: enable rate limiting on ADX 1000
    Best Answer

    Posted Nov 05, 2019 09:55 AM
    We are using it like this:

    client-connection-limit max-conn1
    max-conn default 10
    !
    client-trans-rate-limit tcp TRL1
    trl default monitor-interval 300 conn-rate 35 hold-down-time 20
    trl 10.0.0.200/32 exclude
    !
    ip tcp trans-rate monitor-interval 600 conn-rate 200 hold-down-time 20
    ip tcp conn-rate 2000 attack-rate 3000
    ip tcp conn-rate-change 50 attack-rate-change 100
    !
    interface ve 2
    ip tcp trans-rate 80