R3303-HP HSR6800 Routers Security Configuration Guide
367
Configuring connection limits
Overview
An internal user initiating a large quantity of connections to external networks in a short period of time
occupies large amounts of system resources on the device, limiting access to network resources for other
users. An internal server that receives large numbers of connection requests within a short period of time
cannot process them in time or accept other normal connection requests.
To avoid such situations, you can configure connection limit policies to limit the number of connections.
Connection limit configuration task list
Task Remarks
Creating a connection limit policy Required.
Configuring the connection limit policy Required.
Applying the connection limit policy Required.
Creating a connection limit policy
A connection limit policy is a set of connection limit rules that define the valid range and parameters for
the policy.
To create a connection limit policy:
Ste
p
Command
1. Enter system view.
system-view
2. Create a connection limit policy and enter its
view.
connection-limit policy policy-number
Configuring the connection limit policy
A connection limit policy contains one or more connection limit rules, each specifying an object or range
for the limit. A user connection that matches a rule is limited based on the parameters in the rule. For user
connections not matching any connection limit rule, the device does not limit them.
An IP address-based connection limit rule allows you to limit the number of connections from a specific
source IP address to a specific destination IP address.
The limit rules are matched in ascending order of rule ID. When you configure connection limit rules for
a policy, carefully check the rules and their order. HP recommends that you arrange the rules in
ascending order of scale and range.