Noprint | |||||||||
---|---|---|---|---|---|---|---|---|---|
|
The Dynamic Blacklist (DBL) Policer Profile is a collection of DBL policers applied to restrict traffic from endpoints/peers based on specific events, such as receiving excessive traffic from these entities. Dynamic blacklisting is used more as a mechanism to deal with misbehaving entities rather than preventing malicious attacks.
Code Block | ||
---|---|---|
| ||
% set profiles services dblProfile <DBL Profile name> rule <rule name> action <blacklist | watch> actionEffectivePeriod <60-86400 seconds> event <badSipMessage | epCacAggrReject | sipRegistrationFailure> eventPerDayThreshold <0-86400> state <disabled | enabled> state <disabled | enabled> type <sip> |
The DBLProfile DBL Profile parameters are as showndescribed in the table below:
Caption | ||||
---|---|---|---|---|
| ||||
|
Parameter | Length/Range | Description |
---|---|---|
| 1-23 | The administrative name of the DBL profile. |
| N/A | Specifies the DBL rule name within a DBL profile.
|
...
|
...
Each of the above events include two additional arguments:
...
|
|
...
|
...
|
...
| ||
| N/A | The administrative state of the DBL profile.
|
|
...
sip | The type of application being monitored ( |
...
"sip" is the only choice). |
The following example sets DBL profile named "DBP-1" with a rule (named "RULE-1) to watch SIP endpoints every 60 seconds for a bad SIP message. If the number of events per day to be used as a token bucket policer fillrate fill rate is 13.
Code Block | ||
---|---|---|
| ||
% set profiles services dblProfile DBP-1 rule RULE-1 action watch actionEffectivePeriod 60 event badSipMessage eventPerDayThreshold 13 state enabled % show profiles services dblProfile DBP-1 rule RULE-1 { state enabled; event badSipMessage; action watch; eventPerDayThreshold 13; actionEffectivePeriod 60; |