Enhanced DBL Profile

In this section:

Command Syntax

% set profiles services enhancedDblProfile <profile name>
    rule <rule name>
    state <disabled | enabled>

Command Parameters

The Enhanced DBL Profile parameters are described below.

Note

Use the request addressContext <addressContext name> enhancedDBL removeEnhancedDblEntry removeIpEntry commands to remove any Enhanced DBL IP-based entries matching specific criteria.
Refer to Request Address Context - CLI for details.

Note

Use the show status/table addressContext <addressContext name> enhancedDBL commands to view Enhanced DBL Profile status details.
Refer to Show Table Address Context for details.

Enhanced DBL Profile Parameters

Parameter Length/Range Description

enhancedDblProfile

1-23 characters

<profile name> – The name of the Enhanced DBL Profile. The SBC Core supports up to 100 Enhanced DBL Profiles.

rule

1-23 characters

<rule name> – The rule name for this Enhanced DBL Profile. Up to 8 rules are configurable for each profile.

See Rule Parameters table below for parameter descriptions.

state

N/A

Administrative state of this profile.

disabled (default)
enabled

Rule

Command Syntax

% set profiles services enhancedDblProfile <profile name> rule <rule name> 
	action
		effectivePeriod <0-86400 seconds>
        type 
			blacklist
			rejectWithResponse rejectWithResponseCode <400-699>
			watch
	criteria <rule criteria>
	state <disabled | enabled>

Command Parameters

Rule Parameters

Parameter Description

criteria Use this parameter to define the criteria for triggering an event. See Criteria Parameters table below for parameter details.

action

The type of action to take for this rule and its effective period.

effectivePeriod <0-86400> – The duration, in seconds, for the specified action to occur. An effectivePeriod of "0" is treated as an infinite value. Default = 60.
type – The action to take when criteria is met for this rule.
- blacklist – All packets from the affected endpoint are dropped for the effective period.
- rejectWithResponse rejectWithResponseCode <400-699> – Any request from such endpoints are rejected with the configured rejection response code for the effective period.
- watch (default) – The SBC passively watches for offenders, and does not take any direct action. Endpoint details are observable using the 'show' command below.

NOTE: Use a valid SIP response code while configuring rejectWithResponseCode because the CLI does not validate it during the configuration.

The supported response codes within 400-699 (RFC 3261 compliant) are:

For 4xx: 400, 401, 402, 403, 404, 405, 406, 407, 408, 409, 410, 411, 413, 414, 415, 416, 417, 420, 421, 422, 423, 480, 481, 482, 483, 484, 485, 486, 487, 488, 491, 493, 494.
For 5xx: 500, 501, 502, 503, 504, 505, 513, 580.
For 6xx: 600, 603, 604, 606.

state

Administrative state for this rule.

disabled (default)
enabled

Criteria

Command Syntax

% set profiles services enhancedDblProfile <profile name> rule <rule name> criteria
	occurrence
		aggrCountValue <1-86400>
		consecutive 
			disabled
				resetMethodResp <101-699>
				resetMethodType <ALL | BYE | CANCEL | INFO | INVITE | MESSAGE | NOTIFY | OPTIONS | PRACK | PUBLISH | REFER | REGISTER | SUBSCRIBE | UPDATE> 
            enabled
		 countType aggrCount 
		 resetCount <1-10>
		 timerWindow <1-86400 seconds>
	offendingEvent
		methodResp <all | all4xx | all5xx | all6xx | 400-699 or single value>
		methodType <ALL | BYE | CANCEL | INFO | INVITE | MESSAGE | NOTIFY | OPTIONS | PRACK | PUBLISH | REFER | REGISTER | SUBSCRIBE | UPDATE>
		triggerEventType <authenticationTimeout | badSipMessage | receiptOfMessage>
	scope <ipAddress | ipAddress-Port | ipAddress-Port-Transport>

Command Parameters

Criteria Parameters

Parameter Description

occurrence

Use this parameter to define the period over which occurrences of the offending event will match the count so that an action is triggered.

aggrCountValue <1-86400> (default=10) – Use this attribute to specify the number of offending event occurrences to receive in the defined timer window to trigger a defined action.
consecutive – This flag defines the resetting behavior for the offending event count. If enabled, receiving any non-offending event for the trigger increments the internal reset count value. If disabled, receiving configured (resetMethodType+resetMethodResp) event for the trigger increments the internal reset count value.
- enabled (default)
- disabled
  - resetMethodType <ALL | BYE | CANCEL | INFO | INVITE | MESSAGE | NOTIFY | OPTIONS | PRACK | PUBLISH | REFER | REGISTER | SUBSCRIBE | UPDATE> – The method type for resetting the offending event count.
  - resetMethodResp <101-699> – Use to specify one or more responses for the configured method to reset the offending event counter. For example, [ 200 302 ].
    NOTE: When you use more than one value, enclose the values in square brackets [ ], separating each value with a space. Entering a value without using brackets appends the value to the existing configuration.
countType aggrCount – The type of count that is used. (Only aggrCount is supported at this time)
resetCount <1-10> (default=1) – The number of resetting events that are required to remove the entry from the tracking.
timerWindow <1-86400 seconds> (default=60) – The specified period (in seconds) during which the offending event count must match the criteria to trigger an action.

NOTE: Once the internal reset count values reach the configured threshold (resetCount), the entry is removed from the tracking.

offendingEvent

Use this parameter to define the offending event characteristics and the trigger event type.

triggerEventType <authenticationTimeout | badSipMessage | receiptOfMessage> – The type of offending trigger events.
- authenticationTimeout – An authentication timeout is a trigger event where an authentication response request for the 401/407 is not received from an endpoint.
- badSipMessage – The bad SIP message event is a trigger event where the SBC receives a SIP PDU, which is malformed according to the parsing rules.
- receiptOfMessage – The receipt of a message event is a trigger event where the endpoint receives the configured response code for the configured method from the SBC.
methodType <ALL | BYE | CANCEL | INFO | INVITE | MESSAGE | NOTIFY | OPTIONS | PRACK | PUBLISH | REFER | REGISTER | SUBSCRIBE | UPDATE> (default = REGISTER) – The offending method type. This is not applicable for badSipMessage.
methodResp <all | all4xx | all5xx | all6xx | 400-699 or single value> – The failure response code(s) of the offending event for the given method, which is sent towards the endpoint. This is applicable only for receiptOfMessage.
- 400-699 – Enter a single code, or enter multiple codes within square brackets and separating each entry with a space. For example, [ 403 504 606 ]
- all – include all response codes from 400-699
- all4xx – include all 4xx response codes
- all5xx – include all 5xx response codes
- all6xx – include all 6xx response codes
NOTE: When you use more than one value, enclose the values in square brackets [ ], separating each value with a space. Entering a value without using brackets appends the value to the existing configuration.

scope

Use this parameter to specify from which entity the rule criteria is applied to the messages.

ipAddress (default)
ipAddress-Port
ipAddress-Port-Transport

Space shortcuts

Page tree