[nsp] limit connections per-source-ip on pix or localdir?
Christopher McCrory
chrismcc at pricegrabber.com
Thu Jul 31 20:20:34 EDT 2003
Hello...
On Thu, 2003-07-31 at 18:49, Robert Helmer wrote:
> Hi Christopher,
>
> On Thu, Jul 31, 2003 at 06:04:27PM -0700, Christopher McCrory wrote:
> > > I would like to limit the number of open connections to (say)
> > > 1000 per source IP. I've gone through all the manuals, but the
> >
> > 1:
> > pix> shun ip.address.of.client
>
> :) I've considered putting a trigger in the monitoring system to
> do this, but I'd rather not do it that way..
>
> > 2:
> > ld> assign
> >
> > setup a real/virtual/bind to a specific server just for this client,
> > they overload it, everyone else is still happy.
>
> Yeah, we discussed this. It would work, but they are not the only client
> large enough to squish us in this way..
>
> Thanks for the reply though. It seems like what I want is a pretty
> basic method of throttling.. I am surprised that I can't do it on the
> PIX or LD.
>
> Can anyone recommend any hardware that can do connection limiting based
> on IP?
>
.. still not the answer you are looking for :) but,
talk to bean counters, explain that these important clients need to be
taken care of and you need more servers to keep them happy and bringing
in revenue ( $$$ ) :)
(this one works for me :)
>
>
> Thanks,
> Rob
>
> _______________________________________________
> cisco-nsp mailing list cisco-nsp at puck.nether.net
> http://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
--
Christopher McCrory
"The guy that keeps the servers running"
chrismcc at pricegrabber.com
http://www.pricegrabber.com
Let's face it, there's no Hollow Earth, no robots, and
no 'mute rays.' And even if there were, waxed paper is
no defense. I tried it. Only tinfoil works.
More information about the cisco-nsp
mailing list