Virtual Router/ Firewall/ VPN

Reply
Occasional Contributor
Posts: 5
Registered: ‎06-02-2014

Ratelimit setup at v5600

Hello,

 

I am using v5600 with verson 4.1R3.

 

Following is the part of config with interface

 

----------------------------------------------------------

dataplane dp0p3s0f1 {
                vif 10 {
                        address 192.168.11.89/24
                        address 192.168.10.89/25
                        address 192.168.10.189/25
                        firewall {
                                in rate-limit4
                        }
                        vlan 10
                }
                vif 20 {
                        address 192.168.20.89/24
                        vlan 20
                }

 

name rate-limit4 {
                        rule 20 {
                                action accept
                                description "icmp accept for 500/sec"
                                police {
                                        ratelimit 500
                                        then {
                                                action drop
                                        }
                                }
                                protocol icmp
                        }
                }

----------------------------------------------------------

Q1. The firewall rule of rate-limit4 is correct?  My propose is want to limit 500pps of ICMP packet which in coming the vif 10

 

Q2. How can I record in the log packet is dropped?

 

Thanks!

 

Brocadian
Posts: 44
Registered: ‎02-09-2015

Re: Ratelimit setup at v5600

Your config looks okay.

 

Add 'log' under 'rule 20' and it will log to firewalls.

Occasional Contributor
Posts: 5
Registered: ‎06-02-2014

Re: Ratelimit setup at v5600

Hello,

 

Unfortunately could not see any log and be record.  It is sure that firewall rule is function dropped packet.

 

Thanks!

Brocadian
Posts: 44
Registered: ‎02-09-2015

Re: Ratelimit setup at v5600

I am sorry about the delay, I have duplicated the situation with 4.1R2 (what I have in my lab) and 4.2R1. 

 

I will be duigging further into the situation to find out if the config is wrong or if there is a problem with the vRouter.

Join the Community

Get quick and easy access to valuable resource designed to help you manage your Brocade Network.

vADC is now Pulse Secure
Download FREE NVMe eBook