Versions Compared

Old Version 4

changes.mady.by.user Ribbon Communications

Saved on

compared with

New Version Current

changes.mady.by.user Ribbon Communications

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

The Dynamic Blacklist (DBL) Policer Profile is a collection of DBL policers applied to restrict traffic from endpoints/peers based on specific events, such as receiving excessive traffic from these entities. Dynamic blacklisting is used more as a mechanism to deal with misbehaving entities rather than preventing malicious attacks.

Command Syntax

Code Block
languagenone
% set profiles services dblProfile <DBL Profile name>
	rule <rule name> 
		action <blacklist | watch> 
		actionEffectivePeriod <60-86400 seconds> 
		event <badSipMessage | epCacAggrReject | sipRegistrationFailure> 
		eventPerDayThreshold <0-86400> 
		state <disabled | enabled> 
	state <disabled | enabled> 
	type <sip>

Command Parameters

The DBL Profile parameters are described in the table below:

...

Parameter

Length/Range

Description

dblProfile

1-23

The administrative name of the DBL profile.

rule

N/A

Specifies the DBL rule name within a DBL profile.
Additional parameters are shown below:

  • action – The action to take when a specified event meets the criteria:. The DBL agent takes action immediately if an event occurs.
    • blacklist
    • watch
  • actionEffectivePeriod – The DBL action enforcement period (in seconds) the DBL policer entry remains effective. (range: 60-86400 / default = 60)
  • event – The type of event to either watch for or blacklist for this DBL rule.
    • badSipMessage – Bad SIP message.
    • epCacAggrReject (Endpoint CAC aggregate rejection) –
    • sipRegistrationFailure – SIP Registration failure.
  • eventPerDayThreshold Number The number of events per day used as a fill rate of for a token bucket policer. (value: 0-86400 , / default = 0, which means zero tolerance)
  • state – The administrative state of this rule.
    • disabled (default)
    • enabled
Note

Dynamic Blacklist for event epCacAggrReject is supported for callRate only.

state

N/A

The administrative state of the DBL profile.

  • disabled (default)
  • enabled

type

sip

The type of application being monitored ( "sip" is the only choice).

Command Examples

The following example sets DBL profile named "DBP-1" with a rule (named "RULE-1) to watch SIP endpoints every 60 seconds for a bad SIP message. If the number of events per day to be used as a token bucket policer fill rate is 13.

...