In this section:

Scenario

Barring/throttling of traffic sources causing malicious attack or large call volumes using the SBC to ensure that the network continues to process its design-rated capacity of calls as long/ close as possible.

Background Information

  • Refer to the background information in Basic Service Availability - DNS.
  • Other subscribers (behaving normally) should receive normal service in the core of the network.
  • The SBC uses specialized hardware and policing software to deal with high traffic volumes and protect the core network from attacks (intentional or otherwise).
  • Prioritization must apply to all policing and control points through the SBC.

Description

Denial of Service (DoS) Protection

  1. A rogue subscriber either intentionally or due to malfunction generates a large volume of traffic. If all sessions are admitted it can cause resource contention at various points in the network and the service is denied to other subscribers.
  2. The AS is generally a Commercial Off-The-Shelf (COTS) platform with minimal hardware assist to protect against very high packet/request rates. It gets overloaded and becomes unresponsive with rates much higher than its rated capacity.
  3. If the excess traffic is coming from one (or a few) sources, the SBC limits it in order to ensure good service to the remaining subscribers.

  • No labels