The Dynamic Blacklist (DBL) Policer Profile is a collection of DBL policers applied to restrict traffic from endpoints/peers based on specific events, such as receiving excessive traffic from these entities. Dynamic blacklisting is used more as a mechanism to deal with misbehaving entities rather than preventing malicious attacks.

Command Syntax

% set profiles services dblProfile <DBL Profile name>
	rule <rule name> 
		action <blacklist | watch> 
		actionEffectivePeriod <60-86400 seconds> 
		event <badSipMessage | epCacAggrReject | sipRegistrationFailure> 
		eventPerDayThreshold <0-86400> 
		state <disabled | enabled> 
	state <disabled | enabled> 
	type <sip>

Command Parameters

The DBL Profile parameters are described in the table below:

DBL Profile parameters

 

Parameter

Length/Range

Description

dblProfile

1-23

The administrative name of the DBL profile.

rule

N/A

Specifies the DBL rule name within a DBL profile.
Additional parameters are shown below:

  • action – The action to take when a specified event meets the criteria. The DBL agent takes action immediately if an event occurs.
    • blacklist
    • watch
  • actionEffectivePeriod – The DBL action enforcement period (in seconds) the DBL policer entry remains effective. (range: 60-86400 / default = 60)
  • event – The type of event to either watch for or blacklist for this DBL rule.
    • badSipMessage – Bad SIP message.
    • epCacAggrReject (Endpoint CAC aggregate rejection) –
    • sipRegistrationFailure – SIP Registration failure.
  • eventPerDayThreshold – The number of events per day used as a fill rate for a token bucket policer. (value: 0-86400 / default = 0, which means zero tolerance)
  • state – The administrative state of this rule.
    • disabled (default)
    • enabled

Dynamic Blacklist for event epCacAggrReject is supported for callRate only.

state

N/A

The administrative state of the DBL profile.

  • disabled (default)
  • enabled

type

sip

The type of application being monitored ( "sip" is the only choice).

Command Examples

The following example sets DBL profile named "DBP-1" with a rule (named "RULE-1) to watch SIP endpoints every 60 seconds for a bad SIP message. If the number of events per day to be used as a token bucket policer fill rate is 13.

% set profiles services dblProfile DBP-1 rule RULE-1 action watch actionEffectivePeriod 60 event badSipMessage eventPerDayThreshold 13 state enabled 

% show profiles services dblProfile DBP-1 
	rule RULE-1 { 
		state enabled; 
		event badSipMessage; 
		action watch; 
		eventPerDayThreshold 13; 
		actionEffectivePeriod 60;
  • No labels