Virtual Router/ Firewall/ VPN

Reply
Occasional Contributor
Posts: 5
Registered: ‎06-02-2014

Ratelimit setup at v5600

Hello,

 

I am using v5600 with verson 4.1R3.

 

Following is the part of config with interface

 

----------------------------------------------------------

dataplane dp0p3s0f1 {
                vif 10 {
                        address 192.168.11.89/24
                        address 192.168.10.89/25
                        address 192.168.10.189/25
                        firewall {
                                in rate-limit4
                        }
                        vlan 10
                }
                vif 20 {
                        address 192.168.20.89/24
                        vlan 20
                }

 

name rate-limit4 {
                        rule 20 {
                                action accept
                                description "icmp accept for 500/sec"
                                police {
                                        ratelimit 500
                                        then {
                                                action drop
                                        }
                                }
                                protocol icmp
                        }
                }

----------------------------------------------------------

Q1. The firewall rule of rate-limit4 is correct?  My propose is want to limit 500pps of ICMP packet which in coming the vif 10

 

Q2. How can I record in the log packet is dropped?

 

Thanks!

 

Brocadian
Posts: 44
Registered: ‎02-09-2015

Re: Ratelimit setup at v5600

Your config looks okay.

 

Add 'log' under 'rule 20' and it will log to firewalls.

Highlighted
Occasional Contributor
Posts: 5
Registered: ‎06-02-2014

Re: Ratelimit setup at v5600

Hello,

 

Unfortunately could not see any log and be record.  It is sure that firewall rule is function dropped packet.

 

Thanks!

Brocadian
Posts: 44
Registered: ‎02-09-2015

Re: Ratelimit setup at v5600

I am sorry about the delay, I have duplicated the situation with 4.1R2 (what I have in my lab) and 4.2R1. 

 

I will be duigging further into the situation to find out if the config is wrong or if there is a problem with the vRouter.

Join the Community

Get quick and easy access to valuable resource designed to help you manage your Brocade Network.

Click to Register
Download FREE NVMe eBook