Configuration Guide Configuring FPM
2.4.3 Configuring the Number of Packets Permitted in a Flow
2.4.3.1 Networking Requirements
An attacker may send a large number of packets of a certain type to wage a traffic attack, in which case other types of
packets cannot be processed in time. You can configure the number of packets permitted in a flow in a certain status,
so as to solve this problem and meet the requirement for exchanging service data flows.
2.4.3.2 Notes
There is a default packet count upon system initialization, which can meet practical requirements in most scenarios.
Therefore, the configuration is optional.
The check function here is disabled by default. To enable the check function, you need to configure packet threshold
check for flows in various states first.
2.4.3.3 Configuration Steps
Optional configuration.
By default, a flow is judged according to the default number of packets permitted to pass in the flow. If the default
number of packets permittedz to pass does not meet the requirement, you can use the ip session [dev] [slot] threshold
command to change the number of packets allowed to pass in the corresponding flow. The greater the value, the more
packets permitted to pass in the flow.
Perform this configuration on each forwarding device as necessary.
ip session threshold {icmp-closed | icmp-started | rawip-closed | tcp-syn-sent | tcp-syn-receive |
tcp-closed | udp-closed } { num }
icmp-closed: Sets the number of packets permitted to pass in each ICMP flow in closed status, which is
10 by default and ranges from 1 to 2,000,000,000.
icmp-started: Sets the number of packets permitted to pass in each ICMP flow in started status, which is
300 by default and ranges from 5 to 2,000,000,000.
rawip-closed: Sets the number of packets permitted to pass in each RAWIP flow in closed status, which
is 10 by default and ranges from 1 to 2,000,000,000.
tcp-syn-sent: Sets the number of packets permitted to pass in each TCP flow in syn-send status, which
is 10 by default and ranges from 10 to 2,000,000,000.
tcp-syn-receive: Sets the number of packets permitted to pass in each TCP flow in syn-receive status,
which is 20 by default and ranges from 5 to 2,000,000,000.
tcp-closed: Sets the number of packets permitted to pass in each TCP flow in closed status, which is 20
by default and ranges from 5 to 2,000,000,000.
udp-closed: Sets the number of packets permitted to pass in each UDP flow in closed status, which is 10
by default and ranges from 1 to 2,000,000,000.
num: Sets the number of packets permitted to pass
Global configuration mode
To Next Page
Loading...
