unixadmin.free.fr just another IBM blog and technotes backup

11fév/11

How to use AIX TCP Traffic Regulation

The tcptr command assigns a maximum limit of incoming TCP connections to a given network port or a range of ports. You can run this command to add new pools of connection resources to be shared collectively by incoming socket requests remotely accessing the AIX TCP-layer.

Configures TCP Traffic Regulation

# no -p -o tcptr_enable=1
# shutdown -Fr
# tcptr -show
No policy defined.

Specifies a divisor to compare the number of available incoming TCP connections with the number of consumed incoming TCP connections for an IP, and corresponds to a division of the overall available connections by a power of two. The divisor is the power of two that is used in the division. This parameter is optional, and if it is not specified, the default value is one. In that case, half of the number of available connections are used.

Adds new TCP TR policies that covers only TCP port 22 with divisor = 1

# tcptr -add 22 22 10 1
# exit

TEST 1

Allow 5 connections from host1 (10/2)

connexion 1 from host1
TCP Traffic Regulation Policies:
StartPort=22    EndPort=22    MaxPool=10         Div=1  Used=1

connexion 2 from host1
TCP Traffic Regulation Policies:
StartPort=22    EndPort=22    MaxPool=10         Div=1  Used=2

connexion 3 from host1
TCP Traffic Regulation Policies:
StartPort=22    EndPort=22    MaxPool=10         Div=1  Used=3

connexion 4 from host1
TCP Traffic Regulation Policies:
StartPort=22    EndPort=22    MaxPool=10         Div=1  Used=4

connexion 5 from host1
TCP Traffic Regulation Policies:
StartPort=22    EndPort=22    MaxPool=10         Div=1  Used=5

connexion 6 from host1
Failed

Allow 3 connections from host2 (5/2)

connexion 1 from host2
TCP Traffic Regulation Policies:
StartPort=22    EndPort=22    MaxPool=10         Div=1  Used=6

connexion 2 from host2
TCP Traffic Regulation Policies:
StartPort=22    EndPort=22    MaxPool=10         Div=1  Used=7

connexion 3 from host2
TCP Traffic Regulation Policies:
StartPort=22    EndPort=22    MaxPool=10         Div=1  Used=8

connexion 4 from host2
Failed

Allow 1 connections from host3 (2/2)

connexion 1 from host3
TCP Traffic Regulation Policies:
StartPort=22    EndPort=22    MaxPool=10         Div=1  Used=9

connexion 2 from host3
Failed

Allow 1 connections from host4 (1/2)

connexion 1 from host4
TCP Traffic Regulation Policies:
StartPort=22    EndPort=22    MaxPool=10         Div=1  Used=10

connexion 2 from host4
Failed

No connection available for host5

connexion 1 from host5
Failed

Delete TCP TR policies

# tcptr -delete 22 22

TEST 2

If you want to allow only 1 connections per host you must use Divisor=0

# tcptr -add 22 22 10 0

the first host connection: used value = 0
the second host connection: used value = 1
...
the eleventh host connection: used value = 10

Source
IBM developerworks

Taggé comme: Aucun commentaire