81 lines
5.3 KiB
HTML
81 lines
5.3 KiB
HTML
|
<?xml version="1.0" encoding="UTF-8"?>
|
||
|
<!DOCTYPE html
|
||
|
PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
|
||
|
<html lang="en-us" xml:lang="en-us">
|
||
|
<head>
|
||
|
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
|
||
|
<meta name="security" content="public" />
|
||
|
<meta name="Robots" content="index,follow" />
|
||
|
<meta http-equiv="PICS-Label" content='(PICS-1.1 "http://www.icra.org/ratingsv02.html" l gen true r (cz 1 lz 1 nz 1 oz 1 vz 1) "http://www.rsac.org/ratingsv01.html" l gen true r (n 0 s 0 v 0 l 0) "http://www.classify.org/safesurf/" l gen true r (SS~~000 1))' />
|
||
|
<meta name="DC.Type" content="concept" />
|
||
|
<meta name="DC.Title" content="Scenario: Limit inbound connections" />
|
||
|
<meta name="abstract" content="If you need to control the inbound connection requests made to your server, use an inbound admission policy." />
|
||
|
<meta name="description" content="If you need to control the inbound connection requests made to your server, use an inbound admission policy." />
|
||
|
<meta name="DC.Relation" scheme="URI" content="rzak8examples.htm" />
|
||
|
<meta name="DC.Relation" scheme="URI" content="rzak8scenariodetailsexample5step1.htm" />
|
||
|
<meta name="DC.Relation" scheme="URI" content="rzak8scenariodetailsexample5step2.htm" />
|
||
|
<meta name="DC.Relation" scheme="URI" content="rzak8scenariodetailsexample5step3.htm" />
|
||
|
<meta name="DC.Relation" scheme="URI" content="rzak8scenariodetailsexample5step4.htm" />
|
||
|
<meta name="DC.Relation" scheme="URI" content="rzak8monitoring.htm" />
|
||
|
<meta name="copyright" content="(C) Copyright IBM Corporation 1998, 2006" />
|
||
|
<meta name="DC.Rights.Owner" content="(C) Copyright IBM Corporation 1998, 2006" />
|
||
|
<meta name="DC.Format" content="XHTML" />
|
||
|
<meta name="DC.Identifier" content="rzak8scenario_5" />
|
||
|
<meta name="DC.Language" content="en-us" />
|
||
|
<!-- All rights reserved. Licensed Materials Property of IBM -->
|
||
|
<!-- US Government Users Restricted Rights -->
|
||
|
<!-- Use, duplication or disclosure restricted by -->
|
||
|
<!-- GSA ADP Schedule Contract with IBM Corp. -->
|
||
|
<link rel="stylesheet" type="text/css" href="./ibmdita.css" />
|
||
|
<link rel="stylesheet" type="text/css" href="./ic.css" />
|
||
|
<title>Scenario: Limit inbound connections</title>
|
||
|
</head>
|
||
|
<body id="rzak8scenario_5"><a name="rzak8scenario_5"><!-- --></a>
|
||
|
<!-- Java sync-link --><script language="Javascript" src="../rzahg/synch.js" type="text/javascript"></script>
|
||
|
<h1 class="topictitle1">Scenario: Limit inbound connections</h1>
|
||
|
<div><p>If you need to control the inbound connection requests made to
|
||
|
your server, use an inbound admission policy.</p>
|
||
|
<div class="section" id="rzak8scenario_5__qoscensituation"><a name="rzak8scenario_5__qoscensituation"><!-- --></a><h4 class="sectionscenariobar">Situation</h4><p>Your
|
||
|
Web server's resources are being overloaded by client requests entering your
|
||
|
network. You are asked to slow incoming HTTP traffic to your Web server on
|
||
|
the local interface 192.168.1.1. Quality of service (QoS) can
|
||
|
help you restrict the accepted inbound connection attempts, based on connection
|
||
|
attributes (For example, IP address) to your server. To achieve this, you
|
||
|
decide to do an inbound admission policy, which will restrict the number of
|
||
|
accepted inbound connections.</p>
|
||
|
<p>The figure shows your company and a client
|
||
|
company. This QoS policy can only control traffic flow in one direction.</p>
|
||
|
<div class="fignone"><span class="figcap">Figure 1. Restricting inbound TCP connections</span><br /><img src="rzak8507.gif" alt="Restricting inbound TCP connections" /><br /></div>
|
||
|
</div>
|
||
|
<div class="section" id="rzak8scenario_5__qoscenobjective"><a name="rzak8scenario_5__qoscenobjective"><!-- --></a><h4 class="sectionscenariobar">Objectives</h4><p>To
|
||
|
configure an inbound policy, you must decide whether you are restricting traffic
|
||
|
to a local interface or a specific application and whether you are restricting
|
||
|
it from a particular client. In this case, you want to create a policy that
|
||
|
restricts connection attempts from Their_Company going to port 80 (HTTP protocol)
|
||
|
on your local interface 192.168.1.1.</p>
|
||
|
</div>
|
||
|
<div class="section" id="rzak8scenario_5__qoscenconfig"><a name="rzak8scenario_5__qoscenconfig"><!-- --></a><h4 class="sectionscenariobar">Configuration</h4><p>These
|
||
|
topics show how to create an inbound admission policy.</p>
|
||
|
</div>
|
||
|
</div>
|
||
|
<div>
|
||
|
<ol>
|
||
|
<li class="olchildlink"><a href="rzak8scenariodetailsexample5step1.htm">Scenario details: Create the inbound admission policy</a><br />
|
||
|
</li>
|
||
|
<li class="olchildlink"><a href="rzak8scenariodetailsexample5step2.htm">Scenario details: Start or update the QoS server</a><br />
|
||
|
</li>
|
||
|
<li class="olchildlink"><a href="rzak8scenariodetailsexample5step3.htm">Scenario details: Use the monitor to verify your policy is working</a><br />
|
||
|
</li>
|
||
|
<li class="olchildlink"><a href="rzak8scenariodetailsexample5step4.htm">Scenario details: Change properties (if needed)</a><br />
|
||
|
</li>
|
||
|
</ol>
|
||
|
|
||
|
<div class="familylinks">
|
||
|
<div class="parentlink"><strong>Parent topic:</strong> <a href="rzak8examples.htm" title="These quality of service (QoS) policy scenarios can help you understand why and how to use QoS.">Scenarios</a></div>
|
||
|
</div>
|
||
|
<div class="relref"><strong>Related reference</strong><br />
|
||
|
<div><a href="rzak8monitoring.htm" title="You can use the quality of service (QoS) monitor to analyze your IP traffic through the server.">Monitor QoS</a></div>
|
||
|
</div>
|
||
|
</div>
|
||
|
</body>
|
||
|
</html>
|