Note:

The Network Processor logs discarded packets and keeps a summary of ten categories of “offenders lists”. The top 10 offenders in each category display in IP Policing “offenders list” statistics. For the rogueMediaOffendersList and mediaOffenderListstatistics, a new entry is created when the destination IP address or destination UDP port is different than the existing entries. Some offenders lists include the column “Source Unique.” If the “Source Unique” field is “notUnique”, the packets from multiple source IP addresses or source UDP ports were discarded.  If the source unique field is “unique,” the packets from a single source IP address/UDP port were discarded.

For all other “offenders list” categories, a new entry is created when the source IP address is different than the existing entries.

 

Use this window to reset the contents of a selected IP policing offender list table.

On the SBC main screen, go to All > System > IP Policing. The Commands window is displayed.

IP Policing Commands

Select Reset Offenders List from the Commands drop-down list and click Select. A pop-up window appears where you can select the Offenders List you want to reset.

resetOffendersList window

Select a list name and click resetOffendersList. The system returns a message confirming that the reset was successful.

Click OK to exit.

The following list names are displayed:

IP Policing Offenders Lists

List Name

Description

Bad Ether IP Hdr Offenders List

The table of statistics for the bad Ethernet/IP Header policer offenders list. For example:

  • Only broadcast ARP packets are allowed; all other broadcast packets are considered bad.

  • Only ICMPV6 neighbor discovery packets are allowed under multicast MAC address. Anything else is considered bad.

  • If DestMAC is zero, it is considered a bad packet.

  • Anything other than ethertype (IPV4, IPV6, VLAN) is considered bad.

  • IP Checksum error.

  • IP version other than 4 or 6 is considered bad.

  • Bad IP Header length

  • Packet that is not long enough to contain IP header.

  • TTL == 0 is considered bad.

  • IPV4 with options set is considered bad.

  • IPV6 with initial next header field of 0, 60, or 43 is considered bad.

 ARP Offenders List

The table of statistics for the ARP policer offenders list.
U Flow Offenders ListThe table of statistics for for the micro flow policer offenders list. For example:
  • Microflow packet exceeding the policing rate.
ACL Offenders ListThe table of statistics for access control (ACL) list policer offenders list.
Aggregate Offenders ListThe table of statistics for the aggregate policer offenders list.
IP Sec Decrypt Offenders List  The table of statistics for the IPSec cecrypt policer offenders list. For example:
  • Bad IPSec packet
  • Authentication error
  • Invalid SSID
  • IPSec protocol == AH
Rogue Media Offenders List The table of statistics for the rogue media policer offenders list. For example:
  • UPD packets received in the media port range, but the destination UDP port is not allocated for media call.
  • Media packets where source port, source address or destination address do not match.
Media Offenders List The table of statistics for the media policer offenders list. For example:
  • Media packets exceeding the policing value.
Discard Rule Offenders List The table of statistics for the discard rule offenders list. For example:
  • ACL discard rule packets
Srtp Decrypt Offenders List

The table of statistics for the SRTP decrypt offenders list. For example:

  • SRTP packets which failed authentication or were flagged as replay packets

Additional topics:

  • No labels