Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

borderColorgreen
bgColortransparent
borderWidth2

Back to Table of Contents

Back to Security

Back to SBC System Security

Back to IP ACL Policing - Packet Filtering

...

 

Aggregate policers perform second stage policing (the first stage is controlled by individual policers) allowing policing of multiple flows/categories in aggregate. This allows first stage policers to become oversubscribed while still limiting aggregate incoming traffic from a given traffic category. The aggregate fill rate for an Aggregate policer is equal to the maximum value of the fill rates of referencing policers.

The following table defines the bucket sizes and fill rates (in packets/second) for aggregate policers.

Caption
0Table
1Aggregate Policer Bucket Sizes and Fill Rates

Aggregate Policer Name

Bucket Size

Fill Rate

Comment

routing/billing

50

2500 2,500 (SBC 5000 series)
7500 7,500 (SBC 7000 series)

Referencing ACLs include all defaulted PSX, DNS, NTP and RADIUS-accounting client rules. All clients and only clients are in this aggregate.

SFTP/Platform

50

10000 10,000 (SBC 5000 series)
30000 30,000 (SBC 7000 series)

Referencing ACLs include all defaulted rules for SFTP server (2024), EMA HTTPS server (443), and EMA server via Platform Mode access (444).  Servers that do file transfers are in this aggregate.

ICMP

50

100

Referencing ACLs include all defaulted ICMPv4 and ICMPv6 rules.

IKE

50

750

 

OAM

501000

1,000

Referencing ACLs include all defaulted EMA (port 80 and port 443), netconf (port 2022), SNMP (udp port 161), SSH CLI (port 22) server rules.

Operator configured permit rules

5020000

20,000

Referencing ACLs include all operator created permit rules.

Zone aggregate signaling

Zone CAC settings

Zone CAC settings

 

...