R3204P16-HP Load Balancing Module Security Configuration Guide-6PW101
175
Configuring an IP address-based connection limit rule
An IP address-based connection limit rule allows you to limit the number of connections from a specified
source IP address to a specified destination IP address.
The limit rules are matched in ascending order of rule ID. When configuring connection limit rules for a
policy, check the rules and their order carefully. HP recommends arrange the rules in ascending order of
granularity and range.
An IP address-based connection limit rule can be of any of these types:
• Source-to-destination—Limits connections from a specific internal host or segment to a specific
external host or segment.
• Source-to-any—Limits connections from a specific internal host or segment to external networks.
• Any-to-destination—Limits connections from external networks to a specific internal server.
• Any-to-any: Limits the total number of connections passing through the device.
Follow these steps to configure an IP address-based connection limit rule:
To do… Use the command…
Remarks
Enter system view
system-view
—
Enter connection limit policy view connection-limit policy policy-number —
Configure an IP address-based
connection limit rule
limit limit-id { source ip { ip-address mask-length | any }
[ source-vpn src-vpn-name ]| destination ip { ip-address
mask-length | any } [ destination-vpn dst-vpn-name ] } *
protocol { dns | http | ip | tcp | udp } max-connections
max-num [ per-destination | per-source |
per-source-destination ]
Required
Applying the connection limit policy
To make a connection limit policy take effect, apply it to the LB module globally.
Follow these steps to apply a connection limit policy:
To do… Use the command…
Remarks
Enter system view system-view —
Apply a connection limit
policy
connection-limit apply policy
policy-number
Required
Only one connection limit policy
can be applied globally.
Displaying and maintaining connection limiting
To do… Use the command…
Remarks
Display information about one or all
connection limit policies
display connection-limit policy
{ policy-number | all }
Available in any view