DDOS - Rate Limiting Adjustment Explanation

When configuring rate limits (connections per second and packets per second) for DDoS prevention, the system enforces limits based on internal timing mechanisms. These mechanisms align your configured rate with system timing intervals, which can result in slight adjustments to the actual enforced rate.

Examples of Adjustment:

Configured RateEnforced RateAdjustment Impact
1-999NAMinimal (up to 5%)
1000/sec1000/secNone
1001 -> 1111/sec1111/secMinimal (up to 10%)
1112 -> 1250/sec1250/secModerate (up to 12%)
1251 -> 1428/sec1428/secModerate (up to 14%)
1429 -> 1666/sec1666/secModerate (up to 16%)
1667 -> 2000/sec2000/secModerate (up to 20%)
2001 -> 2500/sec2500/secSignificant (up to 25%)
2501 -> 3333/sec3333/secSignificant (up to 33%)
3334 -> 5000/sec5000/secSignificant (up to 50%)
5001/sec -> 9999/sec10000/secSignificant (up to 100%)

This adjustment applies exclusively to Routing Mode and not to Transparent Mode.

Recommendation:

  • Verify the enforced rate after configuration to ensure it aligns with your security goals.
  • Test and adjust limits iteratively to find an optimal balance between performance and protection.
  • Regularly monitor traffic to adapt configurations to evolving needs.
Type to search, ESC to discard
Type to search, ESC to discard
Type to search, ESC to discard