In this section:
- It is highly advisable not to create rules with overlapping criteria (that is, rule R1 criteria overlaps with criteria of rule R2) to avoid any unexpected results.
- The SBC can track up to 4,000 entries at a time.
- The SBC supports up to eight rules per Enhanced DBL Profile.
- The administrative state of the rule must be disabled before modifying the parameters of that rule.
- Either DBL Profile or enhanced DBL Profile can be attached to a SIP IPTG at a given time.
Use this example to provision an enhanced Dynamic Blacklist Profile (DBL):
- Creating an Enhanced DBL Profile
- Enabling the Enhanced DBL Profile
- Creating a Rule
- Defining the Required Criteria in the Rule
- Defining the Required Action in the Rule
- Enabling the Rule
- Attaching the Enhanced DBL Profile to SIP Trunk Group
- Removing the Enhanced DBL Entry
Creating an Enhanced DBL Profile
To create an enhanced DBL profile, enter the following command:
set profiles services enhancedDblProfile test commit
Enabling the Enhanced DBL Profile
To enable the enhanced DBL profile, enter the following command:
set profiles services enhancedDblProfile test state enabled commit
Creating a Rule
To create a rule, enter the following command:
set profiles services enhancedDblProfile test rule r1 commit
Defining the Required Criteria in the Rule
set profiles services enhancedDblProfile test state enabled rule r1 criteria Possible completions: occurrence - Identifies period over which occurrences of the offending event should match the count so that action is triggered. offendingEvent - It identifies the offending event and on the given occurrence can potentially trigger a given action. scope - This field identifies on messages from which entity the criteria will be applied.
Configuring "occurrence"
If the flag consecutive
is in disabled state:
If the flag consecutive
is in disabled state, the resetMethodResp
and resetMethodType
are displayed.
set profiles services enhancedDblProfile test state enabled rule r1 criteria occurrence aggrCountValue 10 consecutive disabled countType aggrCount resetCount 1 resetMethodResp 101 resetMethodType INVITE timerWindow 60 commit
or
If the flag consecutive
is in enabled state:
set profiles services enhancedDblProfile test state enabled rule r1 criteria occurrence aggrCountValue 10 consecutive enabled countType aggrCount resetCount 1 timerWindow 60 commit
Configuring "scope"
set profiles services enhancedDblProfile test state enabled rule r1 criteria scope ipAddress commit
Configuring "offendingEvent"
set profiles services enhancedDblProfile test state enabled rule r1 criteria offendingEvent triggerEventType receiptOfMessage methodResp [ 401 403 ] methodType INVITE commit
Defining the Required Action in the Rule
To define the required action, enter the following command:
set profiles services enhancedDblProfile test state enabled rule r1 action effectivePeriod 10 type rejectWithResponse rejectWithResponseCode 403 commit
Enabling the Rule
To enable the rule, enter the following command:
set profiles services enhancedDblProfile test rule r1 state enabled commit
Attaching the Enhanced DBL Profile to SIP Trunk Group
The enhanced DBL profile must be attached to the ingress SIP Trunk Group.
To attach the enhanced DBL profile to the ingress SIP Trunk Group, enter the following command:
set addressContext default zone ZONE1 sipTrunkGroup INGRESS_TG services enhancedDblProfile test commit
Removing the Enhanced DBL Entry
To remove the endpoint from the enhanced DBL entry, enter the following command:
% request addressContext default enhancedDBL removeEnhancedDblEntry removeIpEntry sourceIpAddress 10.54.80.8 sourcePort 8000 transport tcp commit