Scenario: Limiting inbound connections

 

If you need to control the inbound connection requests that are made to your system, use an inbound admission policy.

 

Situation

Your Web server's resources are being overloaded by client requests entering your network. You are asked to slow incoming HTTP traffic to your Web server on the local interface 192.168.1.1. Quality of service (QoS) can help you restrict the accepted inbound connection attempts, based on connection attributes (for example, IP address) to your system. To achieve this, you decide to do an inbound admission policy, which restricts the number of accepted inbound connections.

The figure shows your company and a client company. This QoS policy can only control traffic flow in one direction.

Figure 1. Restricting inbound TCP connections

 

Objectives

To configure an inbound policy, decide whether you are restricting traffic to a local interface or a specific application and whether you are restricting it from a particular client. In this case, you want to create a policy that restricts connection attempts from Their_Company going to port 80 (HTTP protocol) on your local interface 192.168.1.1.

 

Configuration

These topics show how to create an inbound admission policy.

  1. Scenario details: Creating the inbound admission policy
    This topic contains information about creating the inbound admission policy on the system.
  2. Scenario details: Starting or updating the QoS server
    This topic contains information about starting or updating the QoS server.
  3. Scenario details: Verifying your policy is working
    This topic contains information about using the monitor to verify that your policy is working as you configured it to work.
  4. Optional: Scenario details: Changing properties
    After looking at the monitor results, you can change any policy or class of service properties to achieve the results you expect.

 

Parent topic:

Scenarios: Quality of service policies
Related reference
Monitoring QoS