Tempesta Technologies
  • Home
  • Tempesta FW
    • Features
      • Web acceleration
      • Load balancing
      • Application performance monitoring
    • Performance
    • How it works
    • Deployment
    • Support
    • Knowledge base
  • Services
    • Software development
      • High performance
      • Networking
      • Databases
      • Linux kernel
      • Machine learning
      • How we work
      • Case studies
    • Performance analysis
    • Network security
      • DDoS protection
      • Application security
      • Cryptography
      • Security assessment
      • How we work
      • Case Studies
  • Solutions
    • DDoS Protection
    • Web Acceleration
  • Blog
  • Company
    • Research
    • Careers
    • Contact
Tempesta Technologies

Rate Limits

Sections such as src, dst, icmp, and tcp_flags can be configured with a named rate limit attribute:

icmp ip6 : ratelimit=whitelist_ratelimit {10, 12}

dst=microservice1/replace ip4.udp : ratelimit=microservice1_ratelimit;

tcp_flags syn : ratelimit=default_ratelimit;

src ip4.udp : ratelimit=large_limit {
    10.0.0.0/9,
    1.1.1.1,
    :50,
    uk
}

In this cases, the referenced rate limits must be defined as separate rules:

ratelimit=microservice1_ratelimit pps=100 bps=30000;
ratelimit=default_ratelimit pps=10 bps=30000;
ratelimit=large_limit pps=5000 bps=30000;

A rate limit can be removed from the configuration using the following patch command:

ratelimit=large_limit/del;

The default values for both pps and bps are 0. As a result, a rule such as ratelimit=foo pps=100 effectively blocks all traffic due to a zero bytes-per-second limit. Always specify both pps and bps when defining a rate limit

If any configuration rule still references a rate limit, the server will reject an attempt to delete it. Ensure that no rules use the rate limit before removing it.

Currently, the maximum number of rate limits supported is 255.

  • Home
  • XFW
    • Basic Administration
    • Quick start
    • DNS DDoS protection
    • Observability
    • Performance
  • XFW Filtration Rules
    • Chaining
    • Evaluation Mode
    • IP Filter
    • ICMP Filter
    • DNS Filter
    • UDP Anomaly Filter
    • TCP Anomaly Filter
    • TCP Authentication Filter
    • TCP SYN Cookies
    • TCP Flags Filter
    • Destination Filter
    • Source Filter
    • Protected Network Definition
    • Rate Limits
    • Default Rules
  • Manager
    • Management daemon
    • Client library
    • Command line interface
  • DDoS Protection Use Cases
    • DNS server
    • Web server
    • Advanced Protection
  • Troubleshooting
    • Troubleshooting System Description
    • Troubleshooting System Verification Script
    • Troubleshooting Netconsole Configuration
    • Troubleshooting Server
    • Troubleshooting Support Server

Powered by Tempesta FW

Stay up to date with our latest developments

Useful Links

Home
Blog

Tempesta® FW

Features
Performance
Deployment
Support
Knowledge Base

Services

Software Development
Performance analysis
Network Security

Solutions

DDoS Protection

Web Acceleration

Company

Research
Careers
Contact