HPE Community
WAN Routing
1752569 Members
5224 Online
108788 Solutions
New Discussion

Connection limit with NAT

 
SOLVED
Go to solution
Johan de Greef
Occasional Contributor

‎07-06-2011 02:08 AM

‎07-06-2011 02:08 AM

Connection limit with NAT

Hey Guys,

 

I am studying for my HP ASE Network infrastructure 2011 and came across a short introduction to connection limits and applying them to NAT.

 

In the studentguide the following config is made:

 

limit 0 acl 2002 per-destination amount 1000 200.

 

I get the limit 0 acl 2002 per-destionation amout 1000 part, but I can't figure out what the purpose of the lower limit in the config is. The connection limit should limit connection when it reaches 1000, but does the 200 lower limit mean it also doenst allow less than 200 connection, or does the rule simply not apply when the 200 connection aren't reached? If that is the case, what is the purpose of the lower limit if the rule isn't actually applied until the 1000 connections are reached?

 

Thanks in advance!

 

Kind regards,

Johan de Greef

3 REPLIES 3
LucianoCarvalho
Respected Contributor

‎07-06-2011 08:03 AM

‎07-06-2011 08:03 AM

Solution

Re: Connection limit with NAT

Hello Johan,

 

See the explanation about connection limit:

 

Configuring the default connection limit action/parameters

For user connections not specifically limited by the connection limit policy, the default connection limit action applies.

  • If the default connection limit action is deny, the user connections are not counted or limited.
  • If the default connection limit action is permit, the user connections are limited according to the configured default connection limit parameters. When the number of connections reaches the upper limit, the user cannot establish new connections; when the connection number goes below the lower limit, the user can establish new connections.

To validate default connection limit parameters, the connection limit policy must be applied.

 

http://www.h3c.com/portal/Technical_Support___Documents/Technical_Documents/Switches/H3C_S12500_Series_Switches/Configuration/Operation_Manual/H3C_S12500_CG-Release1335-5W130/06/201104/712712_1285_0.htm

Johan de Greef
Occasional Contributor

‎07-06-2011 08:48 AM

‎07-06-2011 08:48 AM

Re: Connection limit with NAT

Hello Luciano,

 

Thank you for your reply.

 

If I understand it correctly the lower limit will be used when the upper limit has been reached and connections can only be established again when the connections have dropped below the lower limit?

 

For example 800 200, the 800 connections limit is reached and no new connections can be established until the connections fall below 200.

 

Kind regards,

Johan de Greef

0 Kudos
LucianoCarvalho
Respected Contributor

‎07-06-2011 12:32 PM

‎07-06-2011 12:32 PM

Re: Connection limit with NAT

That's right Johan..

 

Regards.

0 Kudos
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.