ibm-information-center/dist/eclipse/plugins/i5OS.ic.rzak8_5.4.0.1/rzak8inbound.htm

131 lines
8.6 KiB
HTML
Raw Normal View History

2024-04-02 14:02:31 +00:00
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html lang="en-us" xml:lang="en-us">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<meta name="security" content="public" />
<meta name="Robots" content="index,follow" />
<meta http-equiv="PICS-Label" content='(PICS-1.1 "http://www.icra.org/ratingsv02.html" l gen true r (cz 1 lz 1 nz 1 oz 1 vz 1) "http://www.rsac.org/ratingsv01.html" l gen true r (n 0 s 0 v 0 l 0) "http://www.classify.org/safesurf/" l gen true r (SS~~000 1))' />
<meta name="DC.Type" content="concept" />
<meta name="DC.Title" content="Inbound admission policy" />
<meta name="abstract" content="The inbound admission policy is used to control connection requests coming into your network." />
<meta name="description" content="The inbound admission policy is used to control connection requests coming into your network." />
<meta name="DC.Relation" scheme="URI" content="rzak8what_is.htm" />
<meta name="DC.Relation" scheme="URI" content="rzak8cos.htm" />
<meta name="DC.Relation" scheme="URI" content="rzak8inboundlimits.htm" />
<meta name="copyright" content="(C) Copyright IBM Corporation 1998, 2006" />
<meta name="DC.Rights.Owner" content="(C) Copyright IBM Corporation 1998, 2006" />
<meta name="DC.Format" content="XHTML" />
<meta name="DC.Identifier" content="rzak8inbound" />
<meta name="DC.Language" content="en-us" />
<!-- All rights reserved. Licensed Materials Property of IBM -->
<!-- US Government Users Restricted Rights -->
<!-- Use, duplication or disclosure restricted by -->
<!-- GSA ADP Schedule Contract with IBM Corp. -->
<link rel="stylesheet" type="text/css" href="./ibmdita.css" />
<link rel="stylesheet" type="text/css" href="./ic.css" />
<title>Inbound admission policy</title>
</head>
<body id="rzak8inbound"><a name="rzak8inbound"><!-- --></a>
<!-- Java sync-link --><script language="Javascript" src="../rzahg/synch.js" type="text/javascript"></script>
<h1 class="topictitle1">Inbound admission policy</h1>
<div><p>The inbound admission policy is used to control connection requests
coming into your network.</p>
<p> The inbound policy is used to restrict traffic attempting to connect to
your server. You can restrict access by client, Uniform Resource Identifier
(URI), application, or local interface on your iSeries™ server. In addition, you can
enhance server performance by applying a class of service to inbound traffic.
You define this policy through the Inbound admission wizard in iSeries Navigator.</p>
<p>There are three components to an inbound policy which require more information.
They include URIs to restrict traffic, connection rates defined in a class
of service, and priority queues to order successful connections. For more
information, see <a href="#rzak8inbound__uri">URI</a>, <a href="#rzak8inbound__rate">Connection rate</a>,
and <a href="#rzak8inbound__wpq">Weighted priority queues</a>.</p>
<div class="section" id="rzak8inbound__uri"><a name="rzak8inbound__uri"><!-- --></a><h4 class="sectiontitle">URI</h4><p>You might consider using an inbound
policy to restrict HTTP traffic connecting to your Web server. In this circumstance,
you might create an inbound admission policy that restricts traffic by a specific
URI. URI request rate is part of a solution to help protect servers against
overload. Designating specific URIs will apply admission controls, based on
application level information, to limit the URI requests accepted by the server.
In industry, this is also referred to as <em>header-based connection request
control</em>, which uses URIs to set priorities.</p>
<p>Specifying a URI allows
the inbound policy to examine content, not just packet headers. The content
examined is a URI name. For iSeries, you can use the relative URI name (for example, <samp class="codeph"><span class="uicontrol">/products/clothing</span> </samp>).
The following examples describe the relative URI.</p>
</div>
<div class="section"><h4 class="sectiontitle">Relative URI</h4><p>The relative URI is actually a subset
of an absolute URI (similar to the old absolute URL). Consider this example:
http://www.ibm.com/software. The <em>http://www.ibm.com/software</em> segment
is considered the absolute URI. The <em>/software</em> segment is the relative
URI. All relative URI values must begin with one forward slash <samp class="codeph">(<span class="uicontrol">/</span>)</samp>.
The following segments are valid relative URI examples:</p>
<ul><li>/market/grocery#D5</li>
<li>/software</li>
<li>/market/grocery?q=green</li>
</ul>
<div class="note"><span class="notetitle">Notes:</span> <ol><li>When using a URI, you must specify the protocol as TCP. In addition, the
port and IP address must match the port and IP address configured for your
HTTP server. This is typically port 80.</li>
<li>There is an implicit wildcard when you specify a URI. For example, /software
will include anything within the software directory.</li>
<li>Do not use an * in the URI. It is not a valid character.</li>
<li>URI information can be used in either inbound policies or differentiated
service (outbound) policy.</li>
</ol>
</div>
<p>Before you set up an inbound policy that uses URIs, you must
ensure that the application port assigned for the URI matches the Listen directive
enabled for Fast Response Cache Accelerator (FRCA) in the Apache Web Server
configuration. To change or view the port for your HTTP server, see <a href="../rzaie/rzaieaddressports.htm">Manage
addresses and ports for your HTTP server (powered by Apache)</a>.</p>
</div>
<div class="section" id="rzak8inbound__rate"><a name="rzak8inbound__rate"><!-- --></a><h4 class="sectiontitle">Connection rate</h4><p>As part of the inbound
admission policy, you also must select a class of service. This class of service
defines connection rates that act as admission control to limit the connections
accepted by the server.</p>
<p>Connection rate limits accept or deny a new
packet, based on the average number of connections per second and the maximum
number of instantaneous connections defined in the policy you create. These
connection limits consist of average rate and burst limit, which the wizards
in iSeries navigator
will prompt you to enter. When incoming connection requests reach the server,
the server analyses the packet header information to determine if this traffic
is defined in a policy. The system verifies this information against the connection
limits profile. If the packet is within the policy limits, it is placed into
the queue.</p>
<p>Use the above information as you complete the Inbound admission
wizard. In iSeries Navigator,
you can also use the associated Help to refer to similar information as you
complete the policy.</p>
</div>
<div class="section" id="rzak8inbound__wpq"><a name="rzak8inbound__wpq"><!-- --></a><h4 class="sectiontitle">Weighted priority queues</h4><p> As part of inbound
control, you can specify the priority in which connection requests are handled
after they have been evaluated by the policies. By assigning a weight to a
priority queue, you are essentially controlling the queue's response time
after a connection has arrived. If queued, the connection will be handled
in order of queue priority (high, medium, low, or best effort). If you are
unsure of what weights to assign, use the default values. The sum of all the
weights must equal 100. For example, If 25 is specified for all priorities,
then all queues are treated equally. Suppose that you specify the following
weights: High (50), Medium (30), Low (15), and Best effort (5). The accepted
connections include:</p>
<ul><li>50% high priority connections</li>
<li>30 % medium priority connections</li>
<li>15% low priority connections</li>
<li>5% best effort priority connections</li>
</ul>
</div>
</div>
<div>
<div class="familylinks">
<div class="parentlink"><strong>Parent topic:</strong> <a href="rzak8what_is.htm" title="If you are new to quality of service (QoS), you can read some basic QoS concepts. This will give you an overview of how QoS works and how QoS functions work together.">Concepts</a></div>
</div>
<div class="relconcepts"><strong>Related concepts</strong><br />
<div><a href="rzak8cos.htm" title="When you create a differentiated service policy or an inbound admission policy, you also create and use a class of service.">Class of service</a></div>
<div><a href="rzak8inboundlimits.htm" title="Connection rates and burst limits, together, are known as rate limits. These rate limits help restrict inbound connections trying to enter your server. Rate limits are set in a class of service used with inbound admission policies.">Average connection rate and burst limits</a></div>
</div>
</div>
</body>
</html>