You are viewing an old version of this page. View the current version.
Compare with Current
View Page History
« Previous
Version 2
Next »
The SBC Core enhanced Dynamic Blacklist (DBL) feature provides the ability to restrict packets and rejects the SIP messages received from endpoints based on the criteria and action, which are provided in a rule. In this way, the SBC is protected from offending or misconfigured/misbehaving endpoints.
The enhanced DBL Profile is configured to contain one or more rules. The profile is then associated with a SIP Trunk Group. The rules contain criteria and action.
- When an endpoint triggers a rule with a blacklist action, all packets from that endpoint are dropped for the effective period. When the timer expires, the entry is removed.
- When an endpoint triggers a rule with a
rejectWithResponse action, all SIP requests from that endpoint are rejected with the response configured in the rule for the configured effective period. When the timer expires, the entry is removed.
This SBC enhanced profile supports handling offending events in a flexible way apart from triggers such as the two consecutive 401s for REGISTER messages, badSipMessage, and endpoint CAC rejection.
Enhanced DBL Profile
Command Syntax
% set profiles services enhancedDblProfile <profile name>
rule <rule name>
state <disabled | enabled>
Command Parameters
The Enhanced DBL Profile parameters are described below.
Enhanced DBL Profile Parameters
| Parameter | Length/Range | Description |
|---|
enhancedDblProfile
| 1-23 characters | <profile name> – The name of the Enhanced DBL Profile. The
Unable to show "metadata-from": No such page "_space_variables" supports up to 100 Enhanced DBL Profiles. |
rule | 1-23 characters | <rule name> – The rule name for this Enhanced DBL Profile. Up to 8 rules are configurable for each profile.
See Rule Parameters table below for parameter descriptions. |
state | N/A | Administrative state of this profile. disabled (default)enabled
|
Rule
Command Syntax
% set profiles services enhancedDblProfile <profile name> rule <rule name>
action
effectivePeriod <0-86400 seconds>
type
blacklist
rejectWithResponse rejectWithResponseCode <400-699>
watch
criteria <rule criteria>
state <disabled | enabled>
Command Parameters
| Parameter | Description |
|---|
criteria | Use this parameter to define the criteria for triggering an event. See Criteria Parameters table below for parameter details. |
action | The type of action to take for this rule and its effective period.
effectivePeriod <0-86400> – The duration, in seconds, for the specified action to occur. An effectivePeriod of "0" is treated as an infinite value. Default = 60.type – The action to take when criteria is met for this rule.blacklist – All packets from the affected endpoint are dropped for the effective period.rejectWithResponse rejectWithResponseCode <400-699> – Any request from such endpoints are rejected with the configured rejection response code for the effective period.watch (default) – The SBC passively watches for offenders, and does not take any direct action. Endpoint details are observable using the 'show' command below.
NOTE: Use a valid SIP response code while configuring rejectWithResponseCode because the CLI does not validate it during the configuration. The supported response codes within 400-699 (RFC 3261 compliant) are: - For 4xx: 400, 401, 402, 403, 404, 405, 406, 407, 408, 409, 410, 411, 413, 414, 415, 416, 417, 420, 421, 422, 423, 480, 481, 482, 483, 484, 485, 486, 487, 488, 491, 493, 494.
- For 5xx: 500, 501, 502, 503, 504, 505, 513, 580.
- For 6xx: 600, 603, 604, 606.
|
state | Administrative state for this rule. disabled (default)enabled
|
Criteria
Command Syntax
% set profiles services enhancedDblProfile <profile name> rule <rule name> criteria
occurrence
aggrCountValue <1-86400>
consecutive
disabled
resetMethodResp <101-699>
resetMethodType <ALL | BYE | CANCEL | INFO | INVITE | MESSAGE | NOTIFY | OPTIONS | PRACK | PUBLISH | REFER | REGISTER | SUBSCRIBE | UPDATE>
enabled
countType aggrCount
resetCount <1-10>
timerWindow <1-86400 seconds>
offendingEvent
methodResp <all | all4xx | all5xx | all6xx | 400-699 or single value>
methodType <ALL | BYE | CANCEL | INFO | INVITE | MESSAGE | NOTIFY | OPTIONS | PRACK | PUBLISH | REFER | REGISTER | SUBSCRIBE | UPDATE>
triggerEventType <authenticationTimeout | badSipMessage | receiptOfMessage>
scope <ipAddress | ipAddress-Port | ipAddress-Port-Transport>
Command Parameters
| Parameter | Description |
|---|
occurrence
| Use this parameter to define the period over which occurrences of the offending event will match the count so that an action is triggered. aggrCountValue <1-86400> (default=10) – Use this attribute to specify the number of offending event occurrences to receive in the defined timer window to trigger a defined action.consecutive – This flag defines the resetting behavior for the offending event count. If enabled, receiving any non-offending event for the trigger increments the internal reset count value. If disabled, receiving configured (resetMethodType+resetMethodResp) event for the trigger increments the internal reset count value.
enabled (default)disabledresetMethodType <ALL | BYE | CANCEL | INFO | INVITE | MESSAGE | NOTIFY | OPTIONS | PRACK | PUBLISH | REFER | REGISTER | SUBSCRIBE | UPDATE> – The method type for resetting the offending event count.resetMethodResp <101-699> – Use to specify one or more responses for the configured method to reset the offending event counter. For example, [ 200 302 ].
NOTE: When you use more than one value, enclose the values in square brackets [ ], separating each value with a space. Entering a value without using brackets appends the value to the existing configuration.
countType aggrCount – The type of count that is used. (Only aggrCount is supported at this time)resetCount <1-10> (default=1) – The number of resetting events that are required to remove the entry from the tracking.timerWindow <1-86400 seconds> (default=60) – The specified period (in seconds) during which the offending event count must match the criteria to trigger an action.
NOTE: Once the internal reset count values reach the configured threshold (resetCount), the entry is removed from the tracking. |
offendingEvent | Use this parameter to define the offending event characteristics and the trigger event type. triggerEventType <authenticationTimeout | badSipMessage | receiptOfMessage> – The type of offending trigger events.authenticationTimeout – An authentication timeout is a trigger event where an authentication response request for the 401/407 is not received from an endpoint. badSipMessage – The bad SIP message event is a trigger event where the SBC receives a SIP PDU, which is malformed according to the parsing rules. receiptOfMessage – The receipt of a message event is a trigger event where the endpoint receives the configured response code for the configured method from the SBC.
methodType <ALL | BYE | CANCEL | INFO | INVITE | MESSAGE | NOTIFY | OPTIONS | PRACK | PUBLISH | REFER | REGISTER | SUBSCRIBE | UPDATE> (default = REGISTER) – The offending method type. This is not applicable for badSipMessage. methodResp <all | all4xx | all5xx | all6xx | 400-699 or single value> – The failure response code(s) of the offending event for the given method, which is sent towards the endpoint. This is applicable only for receiptOfMessage.- 400-699 – Enter a single code, or enter multiple codes within square brackets and separating each entry with a space. For example, [ 403 504 606 ]
all – include all response codes from 400-699 all4xx – include all 4xx response codes all5xx – include all 5xx response codes all6xx – include all 6xx response codes
NOTE: When you use more than one value, enclose the values in square brackets [ ], separating each value with a space. Entering a value without using brackets appends the value to the existing configuration.
|
scope | Use this parameter to specify from which entity the rule criteria is applied to the messages. ipAddress (default) ipAddress-PortipAddress-Port-Transport
|