Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Panel

In this section:

Table of Contents
maxLevel4

Multiexcerpt include
MultiExcerptNameEnhanced DBL
PageWithExcerptIP ACL Policing - Packet Filtering

Enhanced DBL Profile

...

Command Syntax

Code Block

...

% set profiles services enhancedDblProfile <profile name>
    rule <rule name>
    state <disabled | enabled> 

Command Parameters

The

...

Enhanced DBL Profile parameters are described below.

Info
titleNote

Use the request addressContext <addressContext name> enhancedDBL removeEnhancedDblEntry removeIpEntry commands to remove any Enhanced DBL IP-based entries matching specific criteria.
Refer to Request Address Context - CLI for details.

Info
titleNote

Use the show status/table addressContext <addressContext name> enhancedDBL commands to view Enhanced DBL Profile status details.
Refer to Show Table Address Context for details.

Caption
0Table
1

...

Enhanced DBL Profile Parameters
3Enhanced DBL Profile Parameters
ParameterLength/RangeDescription

enhancedDblProfile

1-23 characters

<profile name> – The name of the Enhanced DBL Profile. The

Spacevars
0series4
supports up to 100 Enhanced DBL Profiles.

rule1-23 characters

<rule name> – The rule name for this Enhanced DBL Profile. Up to 8 rules are configurable for each profile.

See Rule Parameters table below for parameter descriptions.

stateN/A

Administrative state of this profile.

  • disabled (default)
  • enabled

Rule

Command Syntax

Code Block
languagenone
% set profiles services enhancedDblProfile <profile name> rule <rule name> 
	action
		effectivePeriod <0-86400 seconds>
        type 
			blacklist
			rejectWithResponse rejectWithResponseCode <400-699>
			watch
	criteria <rule criteria>
	state <disabled | enabled>

Command Parameters

Caption
0Table
1Rule Parameters
3Rule Parameters
ParameterDescription
criteriaUse this parameter to define the criteria for triggering an event. See Criteria Parameters table below for parameter details.
actionThe type of action to take for this rule and its effective period.
  • effectivePeriod <0-86400> – The duration, in seconds, for the specified action to occur. An effectivePeriod of "0" is treated as an infinite value. Default = 60.
  • type – The action to take when criteria is met for this rule.
    • blacklist – All packets from the affected endpoint are dropped for the effective period.
    • rejectWithResponse rejectWithResponseCode <400-699> Any request from such endpoints are rejected with the configured rejection response code for the effective period.
    • watch (default)– The SBC passively watches for offenders, and does not take any direct action. Endpoint details are observable using the 'show' command below.

NOTE: Use a valid SIP response code while configuring rejectWithResponseCode because the CLI does not validate it during the configuration. 

...

The supported response codes within 400-699 (RFC 3261 compliant) are:

  • For 4xx: 400, 401, 402, 403, 404, 405, 406, 407, 408, 409, 410, 411, 413, 414, 415, 416, 417, 420, 421, 422, 423, 480, 481, 482, 483, 484, 485, 486, 487, 488, 491, 493, 494.
  • For 5xx: 500, 501, 502, 503, 504, 505, 513, 580.
  • For 6xx: 600, 603, 604, 606.
state

Administrative state for this rule.

  • disabled (default)
  • enabled

Criteria

Command Syntax

Code Block
languagenone
% set profiles services enhancedDblProfile <profile name> rule <rule name> criteria
	occurrence
		aggrCountValue <1-86400>
		consecutive 
			disabled
				resetMethodResp <101-699>
				resetMethodType <ALL | BYE | CANCEL | INFO | INVITE | MESSAGE | NOTIFY | OPTIONS | PRACK | PUBLISH | REFER | REGISTER | SUBSCRIBE | UPDATE> 
            enabled
		 countType aggrCount 
		 resetCount <1-10>
		 timerWindow <1-86400 seconds>
	offendingEvent
		methodResp <all | all4xx | all5xx | all6xx | 400-699 or single value>
		methodType <ALL | BYE | CANCEL | INFO | INVITE | MESSAGE | NOTIFY | OPTIONS | PRACK | PUBLISH | REFER | REGISTER | SUBSCRIBE | UPDATE>
		triggerEventType <authenticationTimeout | badSipMessage | receiptOfMessage>
	scope <ipAddress | ipAddress-Port | ipAddress-Port-Transport>

Command Parameters

Caption
0Table
1Criteria Parameters
3Criteria Parameters
ParameterDescription

occurrence

Use this parameter to define the period over which occurrences of the offending event will match the count so that an action is triggered.

  • aggrCountValue <1-86400> (default=10) – Use this attribute to specify the number of offending event occurrences to receive in the defined timer window to trigger a defined action.
  • consecutive – This flag defines the resetting behavior for the offending event count. If enabled, receiving any non-offending event for the trigger increments the internal reset count value. If disabled, receiving configured (resetMethodType+resetMethodResp) event for the trigger increments the internal reset count value.
    • enabled (default)
    • disabled
      • resetMethodType <ALL | BYE | CANCEL | INFO | INVITE | MESSAGE | NOTIFY | OPTIONS | PRACK | PUBLISH | REFER | REGISTER | SUBSCRIBE | UPDATE> – The method type for resetting the offending event count.
      • resetMethodResp <101-699> – Use to specify one or more responses for the configured method to reset the offending event counter. For example, [ 200 302 ].
        NOTE: When you use more than one value, enclose the values in square brackets [ ], separating each value with a space. Entering a value without using brackets appends the value to the existing configuration.
  • countType aggrCount – The type of count that is used. (Only aggrCount is supported at this time)
  • resetCount <1-10> (default=1) – The number of resetting events that are required to remove the entry from the tracking.
  • timerWindow <1-86400 seconds> (default=60) – The specified period (in seconds) during which the offending event count must match the criteria to trigger an action.

NOTE: Once the internal reset count values reach the configured threshold (resetCount), the entry is removed from the tracking.

offendingEvent

Use this parameter to define the offending event characteristics and the trigger event type.

  • triggerEventType <authenticationTimeout | badSipMessage | receiptOfMessage> – The type of offending trigger events.
    • authenticationTimeout – An authentication timeout is a trigger event where an authentication response request for the 401/407 is not received from an endpoint.   
    • badSipMessage The bad SIP message event is a trigger event where the SBC receives a SIP PDU, which is malformed according to the parsing rules.  
    • receiptOfMessage The receipt of a message event is a trigger event where the endpoint receives the configured response code for the configured method from the SBC. 
  • methodType <ALL | BYE | CANCEL | INFO | INVITE | MESSAGE | NOTIFY | OPTIONS | PRACK | PUBLISH | REFER | REGISTER | SUBSCRIBE | UPDATE> (default = REGISTER) – The offending method type. This is not applicable for badSipMessage.
  •  methodResp <all | all4xx | all5xx | all6xx | 400-699 or single value> – The failure response code(s) of the offending event for the given method, which is sent towards the endpoint. This is applicable only for receiptOfMessage.
    • 400-699 – Enter a single code, or enter multiple codes within square brackets and separating each entry with a space. For example, [ 403 504 606 ]
    • all – include all response codes from 400-699

    • all4xx – include all 4xx response codes

    • all5xx – include all 5xx response codes

    • all6xx – include all 6xx response codes

    NOTE: When you use more than one value, enclose the values in square brackets [ ], separating each value with a space. Entering a value without using brackets appends the value to the existing configuration.

scope 

Use this parameter to specify from which entity the rule criteria is applied to the messages.

  • ipAddress (default) 
  • ipAddress-Port
  • ipAddress-Port-Transport
 

Pagebreak