access-speed

Function

The access-speed command sets the access rate limitation on the device.

The undo access-speed command cancels the access rate limitation.

By default, users access the device at a lower rate between that limited by the CPU usage and that limited by the memory usage. The limitations on the user access rate can be as follows:

  • CPU usage < 85%: subject to the device specification; 85% ≤ CPU usage < 100%: 100 per second; CPU usage = 100%: 20 per second.
  • Memory usage < 65%: subject to the device specification; 65% ≤ CPU usage < 75%: 200 per second; 75% ≤ Memory usage < 85%: 100 per second; Memory usage ≥ 85%: 20 per second.

This command is supported only on the NetEngine 8000 F1A.

Format

access-speed access-number access-period [ forced | adjustment system-state level level ]

undo access-speed

Parameters

Parameter Description Value
access-number

Specifies the number of access users during the statistics period.

The value ranges from 1 to 65535.
access-period

Specifies the period of access user statistics.

The value ranges from 1 to 65535, in seconds.
forced

Indicates that users access the device at the configured access rate, regardless of the CPU or memory usage.

-
adjustment

Adjust the user access rate.

-
system-state

Indicates that the device adjusts the user access rate based on the system status.

-
level level

Indicates the level based on which the device adjusts the user access rate. level1 indicates that the access rate is limited by the memory usage. Memory usage < 65%: not limited; 65% ≤ Memory usage < 80%: 500 per second; 80% ≤ Memory usage < 85%: 450 per second; 85% ≤ Memory usage ≤ 90%: 400 per second; Memory usage > 90%: 100 per second.level2 specifies the decrease of the limit on the access rate for the memory. After the memory usage of AAA reaches 85%, the rate limit for user logout will be increased to 50 users per second. The RADIUS server starts discarding real-time accounting packets after the memory usage reaches the threshold for restart.

The value is an integer that ranges from 1 to 2.

Views

AAA view

Default Level

2: Configuration level

Task Name and Operations

Task Name Operations
aaa-access write

Usage Guidelines

Usage Scenario

To protect the AAA server, the rate of user access to the AAA server should be limited because:

  • The AAA server needs to provide authentication and accounting for multiple access servers at the same time.
  • The performance of the AAA server is lower than that of the device.

    If you run the access-speed <access-number> <access-period> command, the user access rate is the lowest among that limited by the CPU usage, by the memory usage, and the configured one.

    If you run the access-speed <access-number> <access-period> forced command, the user access rate is the configured one, regardless of the CPU and memory usage.

Precautions

In VS mode, this command is supported only by the admin VS.

Example

# Set the access rate to 500 users every 5 seconds.
<HUAWEI> system-view
[~HUAWEI] aaa
[~HUAWEI-aaa] access-speed 500 5
Parent Topic: AAA and User Management Configuration (Access User)
Copyright © Huawei Technologies Co., Ltd.
Copyright © Huawei Technologies Co., Ltd.
< Previous topic Next topic >