4000 Router Series Security Configuration Guide

266

Configuring connection limits

As shown in Figure 75, the following types of network problems are commonly encountered:

• An internal user initiates large numbers of connections to external networks in a short period of time,

consuming large amounts of system resources and causing other internal users unable to access

network resources correctly.

• An internal server receives large numbers of connection requests in a short period of time, making

the server unable to accept other normal requests.

To solve these problems, you can configure connection limits to collect statistics on and limit the number

of connections. This feature collects statistics only on new connections.

Figure 75 Network diagram

Connection limit configuration task list

Tasks at a

lance

(Required.) Creating a connection limit policy

(Required.) Configuring the connection limit policy

(Required.) Applying the connection limit policy

Creating a connection limit policy

A connection limit policy comprises a set of connection limit rules, which define the valid range and

parameters for the policy.

To create a connection limit policy:

Ste

Command

Remarks

1. Enter system view.

system-view N/A

2. Create a connection limit

policy and enter its view.

connection-limit { ipv6-policy |

policy } policy-id

By default, no connection limit

policy exists.