The SSG always sends DHCP-Discover requests to Radius for authorization. If the client equipment starts spamming DHCP-Discover requests, it will cause a heavy load on the Radius server. To prevent such situations, an optional rate limit control mode is introduced in version 9.5.3 to limit the number of DHCP-Discover requests from a subscriber. The rate limit is enabled by a parameter in fastdpi.conf:

    # Controls the number of DHCP requests per second
    # Sets the max number of DHCP Discover requests per second for the subscriber
    # If this number is exceeded, the subscriber is banned for bras_dhcp_ratelimit_ban seconds - 
    # all his DHCP Discover requests are being silently dropped.
    # 0 - ratelimit control is disabled (this is the default value)
#bras_dhcp_ratelimit=0

    # Time to ban a subscriber if ratelimit is exceeded, in seconds
    # When ratelimit control mode is enabled (bras_dhcp_ratelimit != 0)
    # this parameter must be set different from 0.
#bras_dhcp_ratelimit_ban=0

By default, rate limit control is disabled: bras_dhcp_ratelimit=0. With rate limit enabled, once the specified limit is reached, all DHCP Discover from the subscriber is silently dropped for bras_dhcp_ratelimit_ban seconds.

CLI commands dhcp show / dhcp show stat display rate-limit metrics: the total number of requests dropped in excess of rate-limit and the current rate limit counter - how many requests are dropped in the current second.