RedMax EXtreme EX-LRT Guía para resolver problemas Pagina 35
- Pagina / 142
- Tabla de contenidos
- SOLUCIÓN DE PROBLEMAS
- MARCADORES
Valorado. / 5. Basado en revisión del cliente
Oracle SBC Security Guide
The session-agent's max-burst-rate and max-sustain-rate are used to throttle the calls per second (CPS) of
traffic sent to and by that session-agent. Each of these parameters has its own configurable window by
which the statistics are gauged for constraint exceptions.
For the sustained-rate, the average is calculated over the previous window (equal to the sustained-rate-
window) and current "window fragment." The "window fragment" will be between 0 and the configured
sustained-rate-window upon receipt of an Invite. Once the window fragment increments and reaches the
sustained-rate-window, this rotates and becomes the "previous window" -- and a new window fragment
begins at 0. At this point all calculations are recalibrated accordingly.
For example, consider the case where the sustain-rate is set to 15 and the sustain-rate-window is set to 10
seconds. When an invite is received the SD will add the amount of Invites received in the current window
fragment and the previous window and divide by the number of seconds to get the average for that period.
This average is then compared to the 15 CPS derived from the sustain-rate and the sustain-rate window. If
the session-agent per the previous and current window is above 15 CPS when the Invite is received, the
Invite will be rejected.
The max-burst-rate and burst-rate-window interact by limiting the CPS rate for a burst of traffic over the
window. Using the example below, with a max-burst-rate of 20 and a burst-rate-window of 10, the SD
will permit 200 sessions within the first 10 seconds and then reject all new sessions until it exits
constraint mode.
Burst rate is much easier to understand and configure, so it is preferable over sustain rate.
As for a session-agent in constraint, it does not come out of constraint mode when traffic drops below its
constraint thresholds; it comes out of constraint mode after 60 seconds, unless a configured time-to-
resume value dictates otherwise. Even though the session-agent is out of the constraint mode after time-
to-resume seconds “show sipd agent” will show it back into In-Service mode only if the traffic flows to or
from that session-agent. On exceeding its constraint the session-agent is marked “C”.
Core registrars should have a max registration burst rate configured to the maximum rate (or just below)
what the registrar can handle.
Configuration is detailed in Section 5 “SIP Signaling Services” and Section 12 “Admission Control and
Quality of Service Reporting” of the ACLI Configuration Guide.
Media Policing
Media policing controls the throughput of individual session media flows (RTP and RTCP) in the SBC. It
also allows the SBC to police static flows. It is recommended to enable media policing to protect against
RTP media flooding and bandwidth piracy.
For each individual codec being used in sessions, a media-profile must be created with average-rate-limit
thresholds configured.
Configuration is detailed in Section 15 “Security” of the ACLI Configuration Guide.
DoS/DDoS Prevention
DoS and DDoS settings can protect against malicious and non-malicious SIP flooding attacks from
untrusted sources without adversely affecting service to trusted peers.
- SECURITY GUIDE 1
- Contents 3
- Related Documentation 7
- Part 1: Overview 8
- Figure 1: Net-SAFE Framework 9
- General Security Principles 10
- Monitor System Activity 11
- Session Border Controller 13
- Unified Session Manager 14
- Core Session Manager 15
- Session Router 16
- Realm Design Considerations 16
- Management Interfaces 17
- Passwords 18
- Boot Flags 18
- System ACLs 19
- Telnet/SSH 19
- FTP/SFTP 19
- GUI Management 19
- Resiliency 20
- Physical Link Redundancy 21
- Part 3: Security Features 22
- Security Specific Licenses 24
- Features 26
- Configuring AAA Integration 27
- SIP Interface Security 28
- Service ACLs 29
- TLS for SIP 31
- IPsec for SIP 33
- Call Admission Control (CAC) 34
- Media Policing 35
- DoS/DDoS Prevention 35
- Attack Tool Prevention 36
- Lawful Interception 36
- Part 4: Appendices 37
- Appendix B: Port Matrix 38
- Configuration Models: 40
- Supported platforms 40
- Configuration Parameters 40
- Realm Configuration 41
- SIP Interface 41
- Observations/Limitations 49
- Overview 61
- Deployment Archetypes 61
- Scanner Mitigation 63
- Peering Environments 68
- IDS License Details 70
- Dependencies 70
- Statistics 71
- SNMP MIB OIDS 71
- SNMP Traps 72
- Constraints Limiting 75
- Session-Constraints 75
- Rate constraints 76
- Message Rejections 78
- SNMP support 79
- Log Action 79
- Blacklist Table Maintentance 86
- SNMP OIDs 88
- System Management Statistics 88
- Realm Statistics 89
- Environmental Statistics 90
- Enterprise SNMP Traps 90
- SNMP Traps in HA environment 93
- Appendix I: Syslog 94
- Call Detail Records (CDR) 102
- Oracle SBC Security Guide 103
- System Statistics 106
- Application Statistics 106
- Introduction 108
- SRTP Topologies 108
- Requirements 110
- Design Aspects 111
- Secured/Unsecured Network 114
- Troubleshooting 122
- References 142
Relacionado con productos y manuales para Cortadoras De Césped RedMax EXtreme EX-LRT
Cortadoras De Césped RedMax GZ25N Especificaciones
(32 paginas)
(32 paginas)
Cortadoras De Césped RedMax CHT2301 Especificaciones
(36 paginas)
(36 paginas)
Cortadoras De Césped RedMax BC250 Especificaciones
(52 paginas)
(52 paginas)
Cortadoras De Césped RedMax HE2601 Especificaciones
(26 paginas)
(26 paginas)
Cortadoras De Césped RedMax CHT2200 Especificaciones
(32 paginas)
(32 paginas)
Cortadoras De Césped RedMax LRT2300 Especificaciones
(26 paginas)
(26 paginas)
© 2020, manymanuals.es. Todos los derechos reservados | 0.088 s |
Manymanuals.com
Manymanuals.de
Manymanuals.fr
Manymanuals.it
Manymanuals.pl
Manymanuals.cz
Manymanuals.es
Manymanuals-pt.com
Comentarios a estos manuales