The Network Processor logs discarded packets and keeps a summary of nine categories of “offender’s lists”. The top 10 offenders in each category display in IP Policing “offender’s list” statistics. For the rogueMediaOffendersList and mediaOffenderListstatistics, a new entry is created when the destination IP address or destination UDP port is different than the existing entries. The rogue media offender's list includes the column “Source Unique” to identify when packets are discarded for each listed offender entry. If the “Source Unique” field is “notUnique”, the packets from multiple source IP Address or source UDP port are discarded.  If the source unique field is “unique”, the packets from a single source IP Address/UDP port are discarded.

For all other “offender’s list” categories, a new entry is created when the source IP address is different than the existing entries.

 

Use this feature to reset designated offender lists.

On the SBC main screen, go to All > System > Ip Policing.

The Commands window is displayed.

Ip Policing Commands

Select resetOffendersList from the Commands drop-down list and click Select.

A pop-up window appears seeking your choice of list for which you want to execute the resetOffendersList command.

All - System - Ip Policing Command Confirmation

The following options are displayed:

Ip Policing Commands Parameter

Parameter

Description

badEtherIpHdrOffendersList

The table of statistics for the bad Ethernet/IP Header policer offenders list. For example:

  • Only broadcast ARP packets are allowed; all other broadcast packets are considered bad.

  • Only ICMPV6 neighbor discovery packets are allowed under multicast MAC address. Anything else is considered bad.

  • If DestMAC is zero, it is considered a bad packet.

  • Anything other than ethertype (IPV4, IPV6, VLAN) is considered bad.

  • IP Checksum error.

  • IP version other than 4 or 6 is considered bad.

  • Bad IP Header length

  • Packet that is not long enough to contain IP header.

  • TTL == 0 is considered bad.

  • IPV4 with options set is considered bad.

  • IPV6 with initial next header field of 0, 60, or 43 is considered bad.

 arpOffendersList

The table of statistics for the ARP policer offenders list.
uFlowOffendersListThe table of statistics for for the micro flow policer offenders list. For example:
  • Microflow packet exceeding the policing rate.
aclOffendersListThe table of statistics for Access Control List policer offenders list.
aggregateOffendersListThe table of statistics for the aggregate policer offenders list.
ipSecDecryptOffendersList  The table of statistics for the IPSec Decrypt policer offenders list. For example:
  • Bad IPSec packet
  • Authentication error
  • Invalid SSID
  • IPSec protocol == AH
rougeMediaOffendersList The table of statistics for the rogue media policer offenders list. For example:
  • UPD packets received in the media port range, but the destination UDP port is not allocated for media call.
  • Media packets where source port, source address or destination address do not match.
mediaOffendersList The table of statistics for the media policer offenders list. For example:
  • Media packets exceeding the policing value.
discardRuleOffendersList The table of statistics for the discard rule offenders list. For example:
  • ACL discard rule packets

Select your desired option from the list and click resetOffendersList.

The result of this action is displayed:

All - System - Ip Policing Command Result

Click OK to exit.

 

Additional topics:

  • No labels