ADC CLI Commands

ns-limitIdentifier

The following operations can be performed on “ns-limitIdentifier”:

rm set show unset add stat

rm ns limitIdentifier

Removes a rate limit identifier from the appliance.

Synopsis

rm ns limitIdentifier

Arguments

limitIdentifier Name of the rate limit identifier to be removed.

Example

rm ns limitIdentifier limit_id

set ns limitIdentifier

Modifies the attributes of a rate limit identifier.

Synopsis

set ns limitIdentifier \[-threshold <positive\_integer>] \[-timeSlice <positive\_integer>] \[-mode \[-limitType \( BURSTY | SMOOTH )]] \[-selectorName ] \[-maxBandwidth <positive\_integer>] \[-trapsInTimeSlice <positive\_integer>]

Arguments

limitIdentifier Name of the rate limit identifier to be modified.

threshold Maximum number of requests that are allowed in the given timeslice when requests (mode is set as REQUEST_RATE) are tracked per timeslice. When connections (mode is set as CONNECTION) are tracked, it is the total number of connections that would be let through. Default value: 1 Minimum value: 1

timeSlice Time interval, in milliseconds, specified in multiples of 10, during which requests are tracked to check if they cross the threshold. This argument is needed only when the mode is set to REQUEST_RATE. Default value: 1000 Minimum value: 10

mode Defines the type of traffic to be tracked.

  • REQUEST_RATE - Tracks requests/timeslice.
  • CONNECTION - Tracks active transactions.

Examples

  1. To permit 20 requests in 10 ms and 2 traps in 10 ms: add limitidentifier limit_req -mode request_rate -limitType smooth -timeslice 1000 -Threshold 2000 -trapsInTimeSlice 200

  2. To permit 50 requests in 10 ms: set limitidentifier limit_req -mode request_rate -timeslice 1000 -Threshold 5000 -limitType smooth

  3. To permit 1 request in 40 ms: set limitidentifier limit_req -mode request_rate -timeslice 2000 -Threshold 50 -limitType smooth

  4. To permit 1 request in 200 ms and 1 trap in 130 ms: set limitidentifier limit_req -mode request_rate -timeslice 1000 -Threshold 5 -limitType smooth -trapsInTimeSlice 8

  5. To permit 5000 requests in 1000 ms and 200 traps in 1000 ms: set limitidentifier limit_req -mode request_rate -timeslice 1000 -Threshold 5000 -limitType BURSTY

Possible values: CONNECTION, REQUEST_RATE, NONE Default value: REQUEST_RATE

limitType Smooth or bursty request type.

  • SMOOTH - When you want the permitted number of requests in a given interval of time to be spread evenly across the timeslice
  • BURSTY - When you want the permitted number of requests to exhaust the quota anytime within the timeslice. This argument is needed only when the mode is set to REQUEST_RATE.

Possible values: BURSTY, SMOOTH Default value: BURSTY

selectorName Name of the rate limit selector. If this argument is NULL, rate limiting will be applied on all traffic received by the virtual server or the Citrix ADC (depending on whether the limit identifier is bound to a virtual server or globally) without any filtering.

maxBandwidth Maximum bandwidth permitted, in kbps. Minimum value: 0 Maximum value: 4294967287

trapsInTimeSlice Number of traps to be sent in the timeslice configured. A value of 0 indicates that traps are disabled. Minimum value: 0 Maximum value: 65535

Example

set ns limitIdentifier limit_id -threshold 2 -timeSlice 5000 -mode CONNECTION -selectorName sel_1 -maxBandwidth 24 -trapsInTimeSlice 8

show ns limitIdentifier

Displays information about a rate limit identifier.

Synopsis

show ns limitIdentifier []

Arguments

limitIdentifier Name of the rate limit identifier about which to display information. If a name is not provided, information about all rate limit identifiers is shown.

Output

ngname Nodegroup name to which this identifier belongs to.

threshold Maximum number of requests that are allowed in the given timeslice when requests (mode is set as REQUEST_RATE) are tracked per timeslice. When connections (mode is set as CONNECTION) are tracked, it is the total number of connections that would be let through.

timeSlice Defines the time interval in msecs specified in multiples of 10 msec during which the requests are tracked to see if they cross the threshold. It is used and displayed only when the mode is REQUEST_RATE while tracking request rate and for defining the trap timeslice.

mode Defines the type of traffic to be tracked.

  • REQUEST_RATE - Tracks requests/timeslice.
  • CONNECTION - Tracks active transactions.

Examples

  1. To permit 20 requests in 10 ms and 2 traps in 10 ms: add limitidentifier limit_req -mode request_rate -limitType smooth -timeslice 1000 -Threshold 2000 -trapsInTimeSlice 200

  2. To permit 50 requests in 10 ms: set limitidentifier limit_req -mode request_rate -timeslice 1000 -Threshold 5000 -limitType smooth

  3. To permit 1 request in 40 ms: set limitidentifier limit_req -mode request_rate -timeslice 2000 -Threshold 50 -limitType smooth

  4. To permit 1 request in 200 ms and 1 trap in 130 ms: set limitidentifier limit_req -mode request_rate -timeslice 1000 -Threshold 5 -limitType smooth -trapsInTimeSlice 8

  5. To permit 5000 requests in 1000 ms and 200 traps in 1000 ms: set limitidentifier limit_req -mode request_rate -timeslice 1000 -Threshold 5000 -limitType BURSTY

limitType Smooth or bursty request type.

  • SMOOTH - When you want the permitted number of requests in a given interval of time to be spread evenly across the timeslice
  • BURSTY - When you want the permitted number of requests to exhaust the quota anytime within the timeslice. This argument is needed only when the mode is set to REQUEST_RATE.

selectorName Name of the rate limit selector. If this argument is NULL, rate limiting will be applied on all traffic received by the virtual server or the Citrix ADC (depending on whether the limit identifier is bound to a virtual server or globally) without any filtering.

stateflag This is used internally to identify ip addresses returned.

hits The number of times this identifier was evaluated.

drop The number of times action was taken.

rule Rule.

time Time interval considered for rate limiting

total Maximum number of requests permitted in the computed timeslice

maxBandwidth The maximum bandwidth in kbps permitted

trapsInTimeSlice The maximum bandwidth permitted in kbps

trapsComputedInTimeSlice The number of traps that would be sent in the timeslice configured.

computedTrapTimeSlice The time interval computed for sending traps.

referenceCount Total number of transactions pointing to this entry.

devno count

Example

show ns limitIdentifier limit_id

unset ns limitIdentifier

Use this command to remove ns limitIdentifier settings.Refer to the set ns limitIdentifier command for meanings of the arguments.

Synopsis

unset ns limitIdentifier [-selectorName] [-threshold] [-timeSlice] [-mode] [-limitType] [-maxBandwidth] [-trapsInTimeSlice]

add ns limitIdentifier

Adds a limit identifier to check if the amount of traffic exceeds a specified value, within a particular time interval.

Synopsis

add ns limitIdentifier \[-threshold <positive\_integer>] \[-timeSlice <positive\_integer>] \[-mode \[-limitType \( BURSTY | SMOOTH )]] \[-selectorName ] \[-maxBandwidth <positive\_integer>] \[-trapsInTimeSlice <positive\_integer>]

Arguments

limitIdentifier Name for a rate limit identifier. Must begin with an ASCII letter or underscore (_) character, and must consist only of ASCII alphanumeric or underscore characters. Reserved words must not be used.

threshold Maximum number of requests that are allowed in the given timeslice when requests (mode is set as REQUEST_RATE) are tracked per timeslice. When connections (mode is set as CONNECTION) are tracked, it is the total number of connections that would be let through. Default value: 1 Minimum value: 1

timeSlice Time interval, in milliseconds, specified in multiples of 10, during which requests are tracked to check if they cross the threshold. This argument is needed only when the mode is set to REQUEST_RATE. Default value: 1000 Minimum value: 10

mode Defines the type of traffic to be tracked.

  • REQUEST_RATE - Tracks requests/timeslice.
  • CONNECTION - Tracks active transactions.

Examples

  1. To permit 20 requests in 10 ms and 2 traps in 10 ms: add limitidentifier limit_req -mode request_rate -limitType smooth -timeslice 1000 -Threshold 2000 -trapsInTimeSlice 200

  2. To permit 50 requests in 10 ms: set limitidentifier limit_req -mode request_rate -timeslice 1000 -Threshold 5000 -limitType smooth

  3. To permit 1 request in 40 ms: set limitidentifier limit_req -mode request_rate -timeslice 2000 -Threshold 50 -limitType smooth

  4. To permit 1 request in 200 ms and 1 trap in 130 ms: set limitidentifier limit_req -mode request_rate -timeslice 1000 -Threshold 5 -limitType smooth -trapsInTimeSlice 8

  5. To permit 5000 requests in 1000 ms and 200 traps in 1000 ms: set limitidentifier limit_req -mode request_rate -timeslice 1000 -Threshold 5000 -limitType BURSTY

Possible values: CONNECTION, REQUEST_RATE, NONE Default value: REQUEST_RATE

limitType Smooth or bursty request type.

  • SMOOTH - When you want the permitted number of requests in a given interval of time to be spread evenly across the timeslice
  • BURSTY - When you want the permitted number of requests to exhaust the quota anytime within the timeslice. This argument is needed only when the mode is set to REQUEST_RATE.

Possible values: BURSTY, SMOOTH Default value: BURSTY

selectorName Name of the rate limit selector. If this argument is NULL, rate limiting will be applied on all traffic received by the virtual server or the Citrix ADC (depending on whether the limit identifier is bound to a virtual server or globally) without any filtering.

maxBandwidth Maximum bandwidth permitted, in kbps. Minimum value: 0 Maximum value: 4294967287

trapsInTimeSlice Number of traps to be sent in the timeslice configured. A value of 0 indicates that traps are disabled. Minimum value: 0 Maximum value: 65535

Example

add ns limitIdentifier limit_id -threshold 2 -timeSlice 5000 -mode CONNECTION -selectorName sel_1 -maxBandwidth 24 -trapsInTimeSlice 8

stat ns limitIdentifier

Display statistics of a identifier.

Synopsis

stat ns limitIdentifier [ \[ ...]] \[-detail] \[-fullValues] \[-ntimes <positive\_integer>] \[-logFile <input\_filename>] \[-clearstats \( basic | full )] \[-sortBy Hits \[]]

Arguments

name The name of the identifier.

pattern Pattern for the selector field, ? means field is required, * means field value does not matter, anything else is a regular pattern

detail Specifies detailed output (including more statistics). The output can be quite voluminous. Without this argument, the output will show only a summary.

fullValues Specifies that numbers and strings should be displayed in their full form. Without this option, long strings are shortened and large numbers are abbreviated

ntimes The number of times, in intervals of seven seconds, the statistics should be displayed. Default value: 1 Minimum value: 0

logFile The name of the log file to be used as input.

clearstats Clear the statsistics / counters

Possible values: basic, full

sortBy use this argument to sort by specific key

Possible values: Hits

sortOrder use this argument to specify sort order

Possible values: ascending, descending Default value: SORT_DESCENDING

Output

count devno stateflag

Counters

Rate Limit Identifier Hits (Hits) Total hits.

Rate Limit Identifier Drops (Drops) Total drops

Rate Limit Session Hits (Hits) Total hits.

ns-limitIdentifier