How to Configure Service Set Limits for Next Gen Services
To configure service set limits:
- Set the maximum number of session setups allowed per second
for the service set. After this setup rate is reached, any additional
session setup attempts are dropped. If you do not include the
max-session-creation-ratestatement, the session setup rate is not limited.[edit services service-set service-set-name ] user@host# set max-session-setup-rate (number | numberk)
If you use the numberk format, 1k=1000.
- Enable packets to bypass without creating a new session
when the flow in the service set exceeds the limit that is set by
the
max-flowsstatement at the[edit services service-set service-set-name]hierarchy level.[edit services service-set service-set-name service-set-options] user@host# bypass-traffic-on-exceeding-flow-limits
- To limit the session open information in you system logs,
you can disable it from being collected.
[edit services service-set service-set-name service-set-options] user@host# set disable-session-open-syslog
- Configure the maximum number of sessions allowed from
a single subscriber.
[edit services service-set service-set-name service-set-options] user@host# set max-sessions-per-subscriber session-number
- Specify the maximum number of sessions allowed simultaneously
on the service set. If you specify the maximum number of sessions
to be zero, it indicates that the configuration is not effective.
You must specify a value higher than zero for the maximum number of
sessions.
[edit services service-set service-set-name service-set-options] user@host# set session-limit maximum number
- Configure the session lifetime for the service set in
seconds. The session is closed after this amount of time, even if
traffic is running on the session.
[edit services service-set service-set-name service-set-options] user@host# set session-timeout seconds
- Specify the inactivity timeout period for non-TCP established
sessions.
user@host# set inactivity-non-tcp-timeout seconds
- Configure the TCP session parameters for the service-set.
Set the timeout period for the Transmission Control Protocol (TCP) session tear-down.
[edit services service-set-name services-options] user@host# set close-timout seconds
The default value is 1 second. The range is 2 through 300 seconds.
Configure the inactivity timeout period for asymmetric TCP established sessions
[edit services service-set service-set-name service-set-options tcp-session] user@host# set inactivity-asymm-tcp-timeout seconds
Configure the number of seconds that a unidirectional TCP session can be inactive before it is closed.
[edit services service-set service-set-name service-set-options tcp-session] user@host# set inactivity-tcp-timeout seconds
The default value is 30 seconds. The range is 4 through 86,400 seconds. Any value you configure in the application protocol definition overrides the value specified here; for more information, see Configuring Application Properties for Next Gen Services.
Set the timeout period for Transmission Control Protocol (TCP) session establishment, for use with SYN-cookie defenses against network intrusion.
[edit services service-set-name service-set-options ] user@host# set open-timeout seconds
The default value is 5 seconds. The range of possible values is from 4 through 224 seconds. Any value you configure in the intrusion detection service (IDS) definition overrides the value specified here; for more information, see Configuring Network Attack Protection With IDS Screens for Next Gen Services.