How to use AIX TCP Traffic Regulation
The tcptr command assigns a maximum limit of incoming TCP connections to a given network port or a range of ports. You can run this command to add new pools of connection resources to be shared collectively by incoming socket requests remotely accessing the AIX TCP-layer.
Configures TCP Traffic Regulation
# shutdown -Fr
# tcptr -show
No policy defined.
Specifies a divisor to compare the number of available incoming TCP connections with the number of consumed incoming TCP connections for an IP, and corresponds to a division of the overall available connections by a power of two. The divisor is the power of two that is used in the division. This parameter is optional, and if it is not specified, the default value is one. In that case, half of the number of available connections are used.
Adds new TCP TR policies that covers only TCP port 22 with divisor = 1
# exit
TEST 1
Allow 5 connections from host1 (10/2)
TCP Traffic Regulation Policies:
StartPort=22 EndPort=22 MaxPool=10 Div=1 Used=1
connexion 2 from host1
TCP Traffic Regulation Policies:
StartPort=22 EndPort=22 MaxPool=10 Div=1 Used=2
connexion 3 from host1
TCP Traffic Regulation Policies:
StartPort=22 EndPort=22 MaxPool=10 Div=1 Used=3
connexion 4 from host1
TCP Traffic Regulation Policies:
StartPort=22 EndPort=22 MaxPool=10 Div=1 Used=4
connexion 5 from host1
TCP Traffic Regulation Policies:
StartPort=22 EndPort=22 MaxPool=10 Div=1 Used=5
connexion 6 from host1
Failed
Allow 3 connections from host2 (5/2)
TCP Traffic Regulation Policies:
StartPort=22 EndPort=22 MaxPool=10 Div=1 Used=6
connexion 2 from host2
TCP Traffic Regulation Policies:
StartPort=22 EndPort=22 MaxPool=10 Div=1 Used=7
connexion 3 from host2
TCP Traffic Regulation Policies:
StartPort=22 EndPort=22 MaxPool=10 Div=1 Used=8
connexion 4 from host2
Failed
Allow 1 connections from host3 (2/2)
TCP Traffic Regulation Policies:
StartPort=22 EndPort=22 MaxPool=10 Div=1 Used=9
connexion 2 from host3
Failed
Allow 1 connections from host4 (1/2)
TCP Traffic Regulation Policies:
StartPort=22 EndPort=22 MaxPool=10 Div=1 Used=10
connexion 2 from host4
Failed
No connection available for host5
Failed
Delete TCP TR policies
TEST 2
If you want to allow only 1 connections per host you must use Divisor=0
the first host connection: used value = 0
the second host connection: used value = 1
...
the eleventh host connection: used value = 10
Source
IBM developerworks
Aucun trackbacks pour l'instant