Traffic Mgmt Action per IP
We have a DNS Proxy policy on a Watchguard M470. About 5000 clients (5000 different source ips) send DNS requests every 3 minutes. Once in a while one of the clients start sending 100s of DNS queries per second (same query) due to a router issue. This obviously overloads the DNS server.
Tp prevent this, we are considering creating a Traffic Management Action to limit the traffic. I have some questions regarding that.
The following is from Watchguard docs:
"For a Per IP Address action, you set the Maximum Instance, which is the maximum number of source IP addresses that the action can apply to. If the number of source IP addresses exceeds the maximum instance, some source IP addresses begin to share the bandwidth settings in the action.
Each instance created for a Per IP Address action can hold up to eight IPv4 addresses and two IPv6 addresses. For a Per IP Address action, you configure the maximum number of source IP addresses that the action can apply to. If you plan to limit bandwidth per client, we recommend that you configure more instances than the number of clients."
Maximum Instance has an upper limit of 256. Does that mean Watchguard can only handle 2048 ips? Since we have 5000 active clients, what happens to the rest?
When a TM instance shares 8 ips, does the max limit apply to the sum of the traffic coming from those 8 ips or is it per ip?
When a TM instance shares 8 ips and the traffic from one of the ips exceeds the max limit, does the traffic from other 7 ips also throttled/blocked?
Thanks,
Matt
Tp prevent this, we are considering creating a Traffic Management Action to limit the traffic. I have some questions regarding that.
The following is from Watchguard docs:
"For a Per IP Address action, you set the Maximum Instance, which is the maximum number of source IP addresses that the action can apply to. If the number of source IP addresses exceeds the maximum instance, some source IP addresses begin to share the bandwidth settings in the action.
Each instance created for a Per IP Address action can hold up to eight IPv4 addresses and two IPv6 addresses. For a Per IP Address action, you configure the maximum number of source IP addresses that the action can apply to. If you plan to limit bandwidth per client, we recommend that you configure more instances than the number of clients."
Maximum Instance has an upper limit of 256. Does that mean Watchguard can only handle 2048 ips? Since we have 5000 active clients, what happens to the rest?
When a TM instance shares 8 ips, does the max limit apply to the sum of the traffic coming from those 8 ips or is it per ip?
When a TM instance shares 8 ips and the traffic from one of the ips exceeds the max limit, does the traffic from other 7 ips also throttled/blocked?
Thanks,
Matt
0
Sign In to comment.
Comments
My view is:
.When a TM instance shares 8 ips, does the max limit apply to the sum of the traffic coming from those 8 ips or is it per ip? - the sum of all IPs
. When a TM instance shares 8 ips and the traffic from one of the ips exceeds the max limit, does the traffic from other 7 ips also throttled/blocked? - potentially yes
. Maximum Instance has an upper limit of 256. Does that mean Watchguard can only handle 2048 ips? - so it seems - 256 x 8
Since we have 5000 active clients, what happens to the rest? - good question