DDOS - Rate Limiting Adjustment Explanation
When configuring rate limits (connections per second and packets per second) for DDoS prevention, the system enforces limits based on internal timing mechanisms. These mechanisms align your configured rate with system timing intervals, which can result in slight adjustments to the actual enforced rate.
Examples of Adjustment:
| Configured Rate | Enforced Rate | Adjustment Impact |
|---|---|---|
| 1-999 | NA | Minimal (up to 5%) |
| 1000/sec | 1000/sec | None |
| 1001 -> 1111/sec | 1111/sec | Minimal (up to 10%) |
| 1112 -> 1250/sec | 1250/sec | Moderate (up to 12%) |
| 1251 -> 1428/sec | 1428/sec | Moderate (up to 14%) |
| 1429 -> 1666/sec | 1666/sec | Moderate (up to 16%) |
| 1667 -> 2000/sec | 2000/sec | Moderate (up to 20%) |
| 2001 -> 2500/sec | 2500/sec | Significant (up to 25%) |
| 2501 -> 3333/sec | 3333/sec | Significant (up to 33%) |
| 3334 -> 5000/sec | 5000/sec | Significant (up to 50%) |
| 5001/sec -> 9999/sec | 10000/sec | Significant (up to 100%) |
This adjustment applies exclusively to Routing Mode and not to Transparent Mode.
Recommendation:
- Verify the enforced rate after configuration to ensure it aligns with your security goals.
- Test and adjust limits iteratively to find an optimal balance between performance and protection.
- Regularly monitor traffic to adapt configurations to evolving needs.
Was this page helpful?