Rate limit
The SSG always sends DHCP-Discover requests to Radius for authorization. If the client equipment starts spamming DHCP-Discover requests, it will cause a heavy load on the Radius server. To prevent such situations, an optional rate limit control mode is introduced in version 9.5.3 to limit the number of DHCP-Discover requests from a subscriber. The rate limit is enabled by a parameter in fastdpi.conf:
# Controls the number of DHCP requests per second # Sets the max number of DHCP Discover requests per second for the subscriber # If this number is exceeded, the subscriber is banned for bras_dhcp_ratelimit_ban seconds - # all his DHCP Discover requests are being silently dropped. # 0 - ratelimit control is disabled (this is the default value) #bras_dhcp_ratelimit=0 # Time to ban a subscriber if ratelimit is exceeded, in seconds # When ratelimit control mode is enabled (bras_dhcp_ratelimit != 0) # this parameter must be set different from 0. #bras_dhcp_ratelimit_ban=0
By default, rate limit control is disabled: bras_dhcp_ratelimit=0
.
With rate limit enabled, once the specified limit is reached, all DHCP Discover from the subscriber is silently dropped for bras_dhcp_ratelimit_ban
seconds.
CLI commands dhcp show / dhcp show stat display rate-limit metrics: the total number of requests dropped in excess of rate-limit and the current rate limit counter - how many requests are dropped in the current second.