Versions Compared

Old Version 1

changes.mady.by.user Ribbon Communications

Saved on

compared with

New Version 2

changes.mady.by.user Ribbon Communications

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

add_docsetworkflow_for_workflowtechpubs
SBX-33405SBX-33405
AUTH2APPRJID
AUTH1
DEV2JIRAIDAUTHDEV1SBXC-33405
LDEV1REV5
SVT1REV6LSVT1
REV3
REV1AUTHJID

Panel
borderColorgreen
bgColortransparent
borderWidth2
Noprint

Back to Table of Contents

Back to Security

Back to SBC System Security

Additional sections:

Children Display
styleh6

...

The

Spacevars
0series4
supports traffic filtering and policing mechanisms to block packets that may be harmful to the network. Packet policing is done at several different levels of granularity, with all appropriate levels of policing applied to each packet. This section describes
Spacevars
0series4
policing and filtering mechanisms for providing packet level Denial Of Service (DoS) protection and access control.

IP Access Control Lists (ACLs) are filters and policers which that deals only with packets associated with SIP message arriving at the SBC. It is not concerned with SIP message leaving the SBC. ACLs protect the SBC from attacks by preventing traffic from all other IP addresses except those specified on the "white list". Only However, only signaling and management IP traffic is subjected to IP ACL filtering. Media IP traffic (such as RTCP, SRTCP, SRTP and RTP) is not subjected to IP ACL filtering. For more information on IP ACLs, see Types of ACLs.

An attack is defined as an excessive packet discard rate (of various packet types), when the rate of incoming packets exceeds the Fill Rate. Fill Rate is measured in "packets per second" or "pps". The policing is done based on fill rate and token buckets. Fill rate determines the rate in which credits are applied to the bucket.  So a 20 pps Fill Rate means one credit every in 50 millisecond.  If you have a Bucket Size of 50 packets and Fill Rate of 20 pps, the policer can handle a burst of 50 packets but if the 51st packet arrives 49 millisecond later, that packet will be dropped. This is because the Fill Rate applies credit every 50 millisecond so a packet arriving before that will get dropped. The Bucket Size allows room for sudden bursts of traffic, whereas the Fill Rate indicates the expected steady state flow of the traffic.  For more information on Token Buckets and Fill Rates, please consult Token Bucket Policers.

Once recognized, a DoS Once recognized, these attacks trigger alarms. Packet discard rate thresholds and durations duration are defined for recognizing the end of an attack which also triggers an alarm.

The policers monitor all packets.  Packet discard rates are measured against the threshold rate and duration levels configured in the Discard Rate Profile. An alarm is triggered when a a threshold discard rate (or higher) is maintained for a prescribed duration. That alarm is cleared when a lesser threshold is met and that discard rate (or lower) is maintained for a prescribed duration. These alarms are configured on a system-wide basis.

...

Once a received packet is validated by the hardware, it is placed into either a media or non-media stream. SBC decides if a packet is a media packet, signaling packet, or a management packet.

...

.

Dynamic Blacklisting

Dynamic blacklisting is a feature that detects abnormal events from end points, and blocks traffic from those end points for a configured period of time. Dynamic blacklisting is designed to detect misbehaving end points rather than prevent malicious attacks, for which the system already has other mechanisms.

...