You are viewing an old version of this page. View the current version.

Compare with Current View Page History

Version 1 Next »

Back to Table of Contents

Back to CLI Configure Mode

Back to Profiles - CLI

Back to Services - CLI

The Dynamic Blacklist (DBL) Policer Profile is a collection of DBL policers applied to restrict traffic from endpoints/peers based on specific events, such as receiving excessive traffic from these entities. Dynamic blacklisting is used more as a mechanism to deal with misbehaving entities rather than preventing malicious attacks.

Command Syntax

% set profiles services dblProfile <DBL Profile name>
	rule <rule name> 
	action <blacklist | watch> 
	actionEffectivePeriod <60-86400 seconds> 
	event <badSipMessage | epCacAggrReject | sipRegistrationFailure> 
	eventPerDayThreshold <0-86400> 
	state <disabled | enabled> 
state <disabled | enabled> 
type <sip>

Command Parameters

The DBLProfile parameters are as shown:

DBLProfile parameters

Parameter

Length/Range

Description

dblProfile

1-23

The administrative name of the DBL profile.

rule

N/A

Specifies the DBL rule name within a DBL profile.
Additional parameters are shown below:

  • action – The action to take when a specified event meets the criteria:
    • blacklist
    • watch
  • actionEffectivePeriod – The DBL action enforcement period (in seconds) the DBL policer entry remains effective. (range: 60-86400 / default = 60)
  • event – The type of event for this DBL rule.
    • badSipMessage
    • epCacAggrReject
    • sipRegistrationFailure

 Each of the above events include two additional arguments:

      • eventPerDayThreshold – number of events per day used as fillrate of token bucket policer (value: 0-86400, default = 0)
      • eventPerDayThreshold – The number of events per day which is used as fillrate of token bucket policer. (range: 0-86400 / default = 0)
  • state – The administrative state of this rule.
    • disabled (default)
    • enabled

Dynamic Blacklist for event epCacAggrReject is supported for callRate only.


state

N/A

The administrative state of the DBL profile.

  • disabled (default)
  • enabled

type

N/A

The type of application being monitored (automatically defaults to "sip").

Command Examples

The following example sets DBL profile named "DBP-1" with a rule (named "RULE-1) to watch SIP endpoints every 60 seconds for a bad SIP message. If the number of events per day to be used as a token bucket policer fillrate is 13.

% set profiles services dblProfile DBP-1 rule RULE-1 action 
	watch actionEffectivePeriod 60 event badSipMessage 
	eventPerDayThreshold 13 state enabled 
 % show profiles services dblProfile DBP-1 
	rule RULE-1 { 
		state enabled; 
		event badSipMessage; 
		action watch; 
		eventPerDayThreshold 13; 
		actionEffectivePeriod 60;
  • No labels