131 lines
8.6 KiB
HTML
131 lines
8.6 KiB
HTML
|
<?xml version="1.0" encoding="UTF-8"?>
|
||
|
<!DOCTYPE html
|
||
|
PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
|
||
|
<html lang="en-us" xml:lang="en-us">
|
||
|
<head>
|
||
|
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
|
||
|
<meta name="security" content="public" />
|
||
|
<meta name="Robots" content="index,follow" />
|
||
|
<meta http-equiv="PICS-Label" content='(PICS-1.1 "http://www.icra.org/ratingsv02.html" l gen true r (cz 1 lz 1 nz 1 oz 1 vz 1) "http://www.rsac.org/ratingsv01.html" l gen true r (n 0 s 0 v 0 l 0) "http://www.classify.org/safesurf/" l gen true r (SS~~000 1))' />
|
||
|
<meta name="DC.Type" content="concept" />
|
||
|
<meta name="DC.Title" content="Inbound admission policy" />
|
||
|
<meta name="abstract" content="The inbound admission policy is used to control connection requests coming into your network." />
|
||
|
<meta name="description" content="The inbound admission policy is used to control connection requests coming into your network." />
|
||
|
<meta name="DC.Relation" scheme="URI" content="rzak8what_is.htm" />
|
||
|
<meta name="DC.Relation" scheme="URI" content="rzak8cos.htm" />
|
||
|
<meta name="DC.Relation" scheme="URI" content="rzak8inboundlimits.htm" />
|
||
|
<meta name="copyright" content="(C) Copyright IBM Corporation 1998, 2006" />
|
||
|
<meta name="DC.Rights.Owner" content="(C) Copyright IBM Corporation 1998, 2006" />
|
||
|
<meta name="DC.Format" content="XHTML" />
|
||
|
<meta name="DC.Identifier" content="rzak8inbound" />
|
||
|
<meta name="DC.Language" content="en-us" />
|
||
|
<!-- All rights reserved. Licensed Materials Property of IBM -->
|
||
|
<!-- US Government Users Restricted Rights -->
|
||
|
<!-- Use, duplication or disclosure restricted by -->
|
||
|
<!-- GSA ADP Schedule Contract with IBM Corp. -->
|
||
|
<link rel="stylesheet" type="text/css" href="./ibmdita.css" />
|
||
|
<link rel="stylesheet" type="text/css" href="./ic.css" />
|
||
|
<title>Inbound admission policy</title>
|
||
|
</head>
|
||
|
<body id="rzak8inbound"><a name="rzak8inbound"><!-- --></a>
|
||
|
<!-- Java sync-link --><script language="Javascript" src="../rzahg/synch.js" type="text/javascript"></script>
|
||
|
<h1 class="topictitle1">Inbound admission policy</h1>
|
||
|
<div><p>The inbound admission policy is used to control connection requests
|
||
|
coming into your network.</p>
|
||
|
<p> The inbound policy is used to restrict traffic attempting to connect to
|
||
|
your server. You can restrict access by client, Uniform Resource Identifier
|
||
|
(URI), application, or local interface on your iSeries™ server. In addition, you can
|
||
|
enhance server performance by applying a class of service to inbound traffic.
|
||
|
You define this policy through the Inbound admission wizard in iSeries Navigator.</p>
|
||
|
<p>There are three components to an inbound policy which require more information.
|
||
|
They include URIs to restrict traffic, connection rates defined in a class
|
||
|
of service, and priority queues to order successful connections. For more
|
||
|
information, see <a href="#rzak8inbound__uri">URI</a>, <a href="#rzak8inbound__rate">Connection rate</a>,
|
||
|
and <a href="#rzak8inbound__wpq">Weighted priority queues</a>.</p>
|
||
|
<div class="section" id="rzak8inbound__uri"><a name="rzak8inbound__uri"><!-- --></a><h4 class="sectiontitle">URI</h4><p>You might consider using an inbound
|
||
|
policy to restrict HTTP traffic connecting to your Web server. In this circumstance,
|
||
|
you might create an inbound admission policy that restricts traffic by a specific
|
||
|
URI. URI request rate is part of a solution to help protect servers against
|
||
|
overload. Designating specific URIs will apply admission controls, based on
|
||
|
application level information, to limit the URI requests accepted by the server.
|
||
|
In industry, this is also referred to as <em>header-based connection request
|
||
|
control</em>, which uses URIs to set priorities.</p>
|
||
|
<p>Specifying a URI allows
|
||
|
the inbound policy to examine content, not just packet headers. The content
|
||
|
examined is a URI name. For iSeries, you can use the relative URI name (for example, <samp class="codeph"><span class="uicontrol">/products/clothing</span> </samp>).
|
||
|
The following examples describe the relative URI.</p>
|
||
|
</div>
|
||
|
<div class="section"><h4 class="sectiontitle">Relative URI</h4><p>The relative URI is actually a subset
|
||
|
of an absolute URI (similar to the old absolute URL). Consider this example:
|
||
|
http://www.ibm.com/software. The <em>http://www.ibm.com/software</em> segment
|
||
|
is considered the absolute URI. The <em>/software</em> segment is the relative
|
||
|
URI. All relative URI values must begin with one forward slash <samp class="codeph">(<span class="uicontrol">/</span>)</samp>.
|
||
|
The following segments are valid relative URI examples:</p>
|
||
|
<ul><li>/market/grocery#D5</li>
|
||
|
<li>/software</li>
|
||
|
<li>/market/grocery?q=green</li>
|
||
|
</ul>
|
||
|
<div class="note"><span class="notetitle">Notes:</span> <ol><li>When using a URI, you must specify the protocol as TCP. In addition, the
|
||
|
port and IP address must match the port and IP address configured for your
|
||
|
HTTP server. This is typically port 80.</li>
|
||
|
<li>There is an implicit wildcard when you specify a URI. For example, /software
|
||
|
will include anything within the software directory.</li>
|
||
|
<li>Do not use an * in the URI. It is not a valid character.</li>
|
||
|
<li>URI information can be used in either inbound policies or differentiated
|
||
|
service (outbound) policy.</li>
|
||
|
</ol>
|
||
|
</div>
|
||
|
<p>Before you set up an inbound policy that uses URIs, you must
|
||
|
ensure that the application port assigned for the URI matches the Listen directive
|
||
|
enabled for Fast Response Cache Accelerator (FRCA) in the Apache Web Server
|
||
|
configuration. To change or view the port for your HTTP server, see <a href="../rzaie/rzaieaddressports.htm">Manage
|
||
|
addresses and ports for your HTTP server (powered by Apache)</a>.</p>
|
||
|
</div>
|
||
|
<div class="section" id="rzak8inbound__rate"><a name="rzak8inbound__rate"><!-- --></a><h4 class="sectiontitle">Connection rate</h4><p>As part of the inbound
|
||
|
admission policy, you also must select a class of service. This class of service
|
||
|
defines connection rates that act as admission control to limit the connections
|
||
|
accepted by the server.</p>
|
||
|
<p>Connection rate limits accept or deny a new
|
||
|
packet, based on the average number of connections per second and the maximum
|
||
|
number of instantaneous connections defined in the policy you create. These
|
||
|
connection limits consist of average rate and burst limit, which the wizards
|
||
|
in iSeries navigator
|
||
|
will prompt you to enter. When incoming connection requests reach the server,
|
||
|
the server analyses the packet header information to determine if this traffic
|
||
|
is defined in a policy. The system verifies this information against the connection
|
||
|
limits profile. If the packet is within the policy limits, it is placed into
|
||
|
the queue.</p>
|
||
|
<p>Use the above information as you complete the Inbound admission
|
||
|
wizard. In iSeries Navigator,
|
||
|
you can also use the associated Help to refer to similar information as you
|
||
|
complete the policy.</p>
|
||
|
</div>
|
||
|
<div class="section" id="rzak8inbound__wpq"><a name="rzak8inbound__wpq"><!-- --></a><h4 class="sectiontitle">Weighted priority queues</h4><p> As part of inbound
|
||
|
control, you can specify the priority in which connection requests are handled
|
||
|
after they have been evaluated by the policies. By assigning a weight to a
|
||
|
priority queue, you are essentially controlling the queue's response time
|
||
|
after a connection has arrived. If queued, the connection will be handled
|
||
|
in order of queue priority (high, medium, low, or best effort). If you are
|
||
|
unsure of what weights to assign, use the default values. The sum of all the
|
||
|
weights must equal 100. For example, If 25 is specified for all priorities,
|
||
|
then all queues are treated equally. Suppose that you specify the following
|
||
|
weights: High (50), Medium (30), Low (15), and Best effort (5). The accepted
|
||
|
connections include:</p>
|
||
|
<ul><li>50% high priority connections</li>
|
||
|
<li>30 % medium priority connections</li>
|
||
|
<li>15% low priority connections</li>
|
||
|
<li>5% best effort priority connections</li>
|
||
|
</ul>
|
||
|
</div>
|
||
|
</div>
|
||
|
<div>
|
||
|
<div class="familylinks">
|
||
|
<div class="parentlink"><strong>Parent topic:</strong> <a href="rzak8what_is.htm" title="If you are new to quality of service (QoS), you can read some basic QoS concepts. This will give you an overview of how QoS works and how QoS functions work together.">Concepts</a></div>
|
||
|
</div>
|
||
|
<div class="relconcepts"><strong>Related concepts</strong><br />
|
||
|
<div><a href="rzak8cos.htm" title="When you create a differentiated service policy or an inbound admission policy, you also create and use a class of service.">Class of service</a></div>
|
||
|
<div><a href="rzak8inboundlimits.htm" title="Connection rates and burst limits, together, are known as rate limits. These rate limits help restrict inbound connections trying to enter your server. Rate limits are set in a class of service used with inbound admission policies.">Average connection rate and burst limits</a></div>
|
||
|
</div>
|
||
|
</div>
|
||
|
</body>
|
||
|
</html>
|