The document says it's for H.323, but if it's using the total call count it may work with MGCP as well. 'show call active voice brief' still shows MGCP calls in the call history/information. It's a global command not on a dial peer so it's all going through the same voice stack. <br>
<br><br>In terms of the numbers to use it's a matter of figuring out the CPS. You could figure that out from the BHCA. It will probably be a number between 1 and 30 CPS depending on how busy your environment is. Most ISRs can handle between 1-10ish and the AS5x00 and larger boxes ( 3900s) handle much more than that.<br>
<br>If you say your CPS is 4, if the maximum interval is 250ms, then if your calls are 1 per 250ms. So if you say you should never receive 5x that in an interval you would say no more than 5 calls per 250 ms. You may want to account for things like if you send out a large distribution voicemail many people may check voicemail at the same time, etc. <br>
<br>Otherwise you could do something a little bit dirtier, like create a policer on the signaling traffic. It's really dirty, but it may be less of an issue than bringing down a subscriber.<br><br>-nick<br><br><div class="gmail_quote">
On Fri, Oct 14, 2011 at 1:17 PM, Wes Sisk <span dir="ltr"><<a href="mailto:wsisk@cisco.com">wsisk@cisco.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex;">
<div style="word-wrap:break-word">ASA can rate limit based on protocol and message type. We've recommended and used this in deployments before where a malicious device DoS's the system:<div><a href="http://www.cisco.com/en/US/docs/security/asa/asa82/configuration/guide/inspect_voicevideo.html#wp1514402" target="_blank">http://www.cisco.com/en/US/docs/security/asa/asa82/configuration/guide/inspect_voicevideo.html#wp1514402</a></div>
<div><br></div><div>think along the lines of rate limiting h323 setup messages. You could even do it by TCP session rate as every call is a new TCP session.</div><div><br></div><div>The same works for analog MGCP. This also works for SCCP (this is where I've seen the most usage).</div>
<div><br></div><div><br></div><div>For digital MGCP (PRI and CAS mgcp backhaul) I am not aware of a similar ASA inspection feature. Perhaps IOS can police the rate at the endpoint? Nick or others may chime in with options.</div>
<div><br></div><div><br></div><div><br></div><div>One oddity does stand out. I've pushed ccm above 43 calls per second before without entering code yellow. At 43 cps the ICTCallThrottlingStart alarm fires and CM begins limiting calls to/from this specific h.323 device. </div>
<div><br></div><div>A "well tuned system" is likely to hit that rate limiter on a malicious h.323 gateway prior to entering code yellow. I'm still stumped on how to handle this for MGCP Backhaul.</div><div>
<br></div><div><br></div><div>Regards,</div><div>Wes</div><div><br><div><div><div></div><div class="h5"><div>On Oct 14, 2011, at 12:56 PM, Casper, Steven wrote:</div><br></div></div><div link="blue" vlink="purple" lang="EN-US">
<div><div></div><div class="h5"><div><div style="margin-top:0in;margin-right:0in;margin-left:0in;margin-bottom:0.0001pt;font-size:11pt;font-family:Calibri, sans-serif">We recently had an incident where a power dialer inadvertently was programmed to dial thousands of our numbers. The rate of dialing was such that two of our subscribers went into a code yellow condition so in effect created a Denial of Service condition. Both of these servers (7845H2) have a lot of MGCP and H323 PRIs associated with them. I am looking for ways to prevent this in the future. I see there is a call spike command available on gateways but I am not sure what thresholds would be used. Any ideas…..What would be a good threshold to set to prevent a denial of service condition but still support normal heavy inbound calling?<u></u><u></u></div>
<div style="margin-top:0in;margin-right:0in;margin-left:0in;margin-bottom:0.0001pt;font-size:11pt;font-family:Calibri, sans-serif"><u></u> <u></u></div><div style="margin-top:0in;margin-right:0in;margin-left:0in;margin-bottom:0.0001pt;font-size:11pt;font-family:Calibri, sans-serif">
<b><span style="font-size:10pt;font-family:Arial, sans-serif;color:rgb(51, 102, 102)">call spike<u></u><u></u></span></b></div><div style="margin-top:0in;margin-right:0in;margin-left:0in;margin-bottom:0.0001pt;font-size:11pt;font-family:Calibri, sans-serif">
<a name="13303709b97b2585_wp1212235"></a><span style="font-size:9.5pt;font-family:Arial, sans-serif;color:black">To configure the limit on the number of incoming calls received in a short period of time (a call spike), use the<span> </span><b>call spike</b><span> </span>command in global or dial peer voice configuration mode. To disable this command, use the<b><span> </span>no</b><span> </span>form of this command.<u></u><u></u></span></div>
<div style="margin-top:0in;margin-right:0in;margin-left:0in;margin-bottom:0.0001pt;font-size:11pt;font-family:Calibri, sans-serif"><a name="13303709b97b2585_wp1212236"></a><b><span style="font-size:9.5pt;font-family:Arial, sans-serif;color:black">call spike</span></b><span style="font-size:9.5pt;font-family:Arial, sans-serif;color:black"><span> </span><i>call</i>-<i>number</i><span> </span>[<b>steps</b><span> </span><i>number</i>-<b><i>of</i></b>-<i>steps</i><span> </span><b>size</b><span> </span><i>milliseconds</i>]<u></u><u></u></span></div>
<div style="margin-top:0in;margin-right:0in;margin-left:0in;margin-bottom:0.0001pt;font-size:11pt;font-family:Calibri, sans-serif"><a name="13303709b97b2585_wp1212237"></a><b><span style="font-size:9.5pt;font-family:Arial, sans-serif;color:black">no</span></b><span style="font-size:9.5pt;font-family:Arial, sans-serif;color:black"><span> </span><b>call spike</b><u></u><u></u></span></div>
<div style="margin-top:0in;margin-right:0in;margin-left:0in;margin-bottom:0.0001pt;font-size:11pt;font-family:Calibri, sans-serif"><a name="13303709b97b2585_wp1212238"></a><span style="font-size:9.5pt;font-family:Arial, sans-serif;color:black">Dial Peer Voice Configuration Mode<u></u><u></u></span></div>
<div style="margin-top:0in;margin-right:0in;margin-left:0in;margin-bottom:0.0001pt;font-size:11pt;font-family:Calibri, sans-serif"><a name="13303709b97b2585_wp1212239"></a><b><span style="font-size:9.5pt;font-family:Arial, sans-serif;color:black">call spike</span></b><span style="font-size:9.5pt;font-family:Arial, sans-serif;color:black"><span> </span><i>threshold<span> </span></i>[<b>steps</b><span> </span><i>number-of-steps</i><span> </span><b>size</b><span> </span><i>milliseconds</i>]<u></u><u></u></span></div>
<div style="margin-top:0in;margin-right:0in;margin-left:0in;margin-bottom:0.0001pt;font-size:11pt;font-family:Calibri, sans-serif"><a name="13303709b97b2585_wp1212257"></a><b><span style="font-size:10pt;font-family:Arial, sans-serif;color:rgb(51, 102, 102)">Syntax Description<u></u><u></u></span></b></div>
<table style="width:676px;border-top-style:outset;border-right-style:outset;border-bottom-style:outset;border-left-style:outset;border-top-color:gray;border-right-color:gray;border-bottom-color:gray;border-left-color:gray;border-top-width:1pt;border-right-width:1pt;border-bottom-width:1pt;border-left-width:1pt" border="1" cellpadding="0" cellspacing="0" width="80%">
<tbody><tr><td style="border-top-style:inset;border-right-style:inset;border-bottom-style:inset;border-left-style:inset;border-top-color:gray;border-right-color:gray;border-bottom-color:gray;border-left-color:gray;border-top-width:1pt;border-right-width:1pt;border-bottom-width:1pt;border-left-width:1pt;padding-top:2.25pt;padding-right:2.25pt;padding-bottom:2.25pt;padding-left:2.25pt" valign="top">
<div style="margin-top:0in;margin-right:0in;margin-left:0in;margin-bottom:0.0001pt;font-size:11pt;font-family:Calibri, sans-serif"><a name="13303709b97b2585_wp1212242"></a><i><span style="font-size:9.5pt;font-family:Arial, sans-serif;color:black">call</span></i><span style="font-size:9.5pt;font-family:Arial, sans-serif;color:black">-<i>number</i><u></u><u></u></span></div>
</td><td style="border-top-style:inset;border-right-style:inset;border-bottom-style:inset;border-left-style:inset;border-top-color:gray;border-right-color:gray;border-bottom-color:gray;border-left-color:gray;border-top-width:1pt;border-right-width:1pt;border-bottom-width:1pt;border-left-width:1pt;padding-top:2.25pt;padding-right:2.25pt;padding-bottom:2.25pt;padding-left:2.25pt" valign="top">
<div style="margin-top:0in;margin-right:0in;margin-left:0in;margin-bottom:0.0001pt;font-size:11pt;font-family:Calibri, sans-serif"><a name="13303709b97b2585_wp1212244"></a><span style="font-size:9.5pt;font-family:Arial, sans-serif;color:black">Incoming call count for the spiking threshold. Range is 1 to <a href="tel:2147483647" value="+12147483647" target="_blank">2147483647</a>.<u></u><u></u></span></div>
</td></tr><tr><td style="border-top-style:inset;border-right-style:inset;border-bottom-style:inset;border-left-style:inset;border-top-color:gray;border-right-color:gray;border-bottom-color:gray;border-left-color:gray;border-top-width:1pt;border-right-width:1pt;border-bottom-width:1pt;border-left-width:1pt;padding-top:2.25pt;padding-right:2.25pt;padding-bottom:2.25pt;padding-left:2.25pt" valign="top">
<div style="margin-top:0in;margin-right:0in;margin-left:0in;margin-bottom:0.0001pt;font-size:11pt;font-family:Calibri, sans-serif"><a name="13303709b97b2585_wp1212246"></a><b><span style="font-size:9.5pt;font-family:Arial, sans-serif;color:black">steps</span></b><i><span style="font-size:9.5pt;font-family:Arial, sans-serif;color:black">number</span></i><span style="font-size:9.5pt;font-family:Arial, sans-serif;color:black">-<i>of</i>-<i>steps</i><u></u><u></u></span></div>
</td><td style="border-top-style:inset;border-right-style:inset;border-bottom-style:inset;border-left-style:inset;border-top-color:gray;border-right-color:gray;border-bottom-color:gray;border-left-color:gray;border-top-width:1pt;border-right-width:1pt;border-bottom-width:1pt;border-left-width:1pt;padding-top:2.25pt;padding-right:2.25pt;padding-bottom:2.25pt;padding-left:2.25pt" valign="top">
<div style="margin-top:0in;margin-right:0in;margin-left:0in;margin-bottom:0.0001pt;font-size:11pt;font-family:Calibri, sans-serif"><a name="13303709b97b2585_wp1212248"></a><span style="font-size:9.5pt;font-family:Arial, sans-serif;color:black">(Optional) Specifies the number of steps for the spiking sliding window. Range is from 3 to 10. The default is 5.steps for the spiking sliding window.<u></u><u></u></span></div>
</td></tr><tr><td style="border-top-style:inset;border-right-style:inset;border-bottom-style:inset;border-left-style:inset;border-top-color:gray;border-right-color:gray;border-bottom-color:gray;border-left-color:gray;border-top-width:1pt;border-right-width:1pt;border-bottom-width:1pt;border-left-width:1pt;padding-top:2.25pt;padding-right:2.25pt;padding-bottom:2.25pt;padding-left:2.25pt" valign="top">
<div style="margin-top:0in;margin-right:0in;margin-left:0in;margin-bottom:0.0001pt;font-size:11pt;font-family:Calibri, sans-serif"><a name="13303709b97b2585_wp1212250"></a><b><span style="font-size:9.5pt;font-family:Arial, sans-serif;color:black">size</span></b><i><span style="font-size:9.5pt;font-family:Arial, sans-serif;color:black">milliseconds</span></i><span style="font-size:9.5pt;font-family:Arial, sans-serif;color:black"><u></u><u></u></span></div>
</td><td style="border-top-style:inset;border-right-style:inset;border-bottom-style:inset;border-left-style:inset;border-top-color:gray;border-right-color:gray;border-bottom-color:gray;border-left-color:gray;border-top-width:1pt;border-right-width:1pt;border-bottom-width:1pt;border-left-width:1pt;padding-top:2.25pt;padding-right:2.25pt;padding-bottom:2.25pt;padding-left:2.25pt" valign="top">
<div style="margin-top:0in;margin-right:0in;margin-left:0in;margin-bottom:0.0001pt;font-size:11pt;font-family:Calibri, sans-serif"><a name="13303709b97b2585_wp1212252"></a><span style="font-size:9.5pt;font-family:Arial, sans-serif;color:black">(Optional) Specifies step size in milliseconds. Range is from 100 to 250. The default is 200.<u></u><u></u></span></div>
</td></tr><tr><td style="border-top-style:inset;border-right-style:inset;border-bottom-style:inset;border-left-style:inset;border-top-color:gray;border-right-color:gray;border-bottom-color:gray;border-left-color:gray;border-top-width:1pt;border-right-width:1pt;border-bottom-width:1pt;border-left-width:1pt;padding-top:2.25pt;padding-right:2.25pt;padding-bottom:2.25pt;padding-left:2.25pt" valign="top">
<div style="margin-top:0in;margin-right:0in;margin-left:0in;margin-bottom:0.0001pt;font-size:11pt;font-family:Calibri, sans-serif"><a name="13303709b97b2585_wp1212254"></a><i><span style="font-size:9.5pt;font-family:Arial, sans-serif;color:black">threshold</span></i><span style="font-size:9.5pt;font-family:Arial, sans-serif;color:black"><u></u><u></u></span></div>
</td><td style="border-top-style:inset;border-right-style:inset;border-bottom-style:inset;border-left-style:inset;border-top-color:gray;border-right-color:gray;border-bottom-color:gray;border-left-color:gray;border-top-width:1pt;border-right-width:1pt;border-bottom-width:1pt;border-left-width:1pt;padding-top:2.25pt;padding-right:2.25pt;padding-bottom:2.25pt;padding-left:2.25pt" valign="top">
<div style="margin-top:0in;margin-right:0in;margin-left:0in;margin-bottom:0.0001pt;font-size:11pt;font-family:Calibri, sans-serif"><a name="13303709b97b2585_wp1212256"></a><span style="font-size:9.5pt;font-family:Arial, sans-serif;color:black">Threshold for the incoming call count for spiking. Range is 1 to <a href="tel:2147483647" value="+12147483647" target="_blank">2147483647</a>.<u></u><u></u></span></div>
</td></tr></tbody></table><div style="margin-top:0in;margin-right:0in;margin-left:0in;margin-bottom:0.0001pt;font-size:11pt;font-family:Calibri, sans-serif"><u></u> <u></u></div><div style="margin-top:0in;margin-right:0in;margin-left:0in;margin-bottom:0.0001pt;font-size:11pt;font-family:Calibri, sans-serif">
<b><span style="font-size:10pt;font-family:Arial, sans-serif;color:rgb(51, 102, 102)">Usage Guidelines<u></u><u></u></span></b></div><div style="margin-top:0in;margin-right:0in;margin-left:0in;margin-bottom:0.0001pt;font-size:11pt;font-family:Calibri, sans-serif">
<a name="13303709b97b2585_wp1212297"></a><span style="font-size:9.5pt;font-family:Arial, sans-serif;color:black">A call spike occurs when a large number of incoming calls arrive from the Public Switched Telephone Network (PSTN) in a short period of time (for example, 100 incoming calls in 10 milliseconds). Setting this command allows you to control the number of call requests that can be received in a configured time period. The sliding window buffers the number of calls that get through. The counter resets according to the specified step size.<u></u><u></u></span></div>
<div style="margin-top:0in;margin-right:0in;margin-left:0in;margin-bottom:0.0001pt;font-size:11pt;font-family:Calibri, sans-serif"><a name="13303709b97b2585_wp1212298"></a><span style="font-size:9.5pt;font-family:Arial, sans-serif;color:black">The period of the sliding window is calculated by multiplying the number of steps by the size. If an incoming call exceeds the configured call number during the period of the sliding window the call is rejected.<u></u><u></u></span></div>
<div style="margin-top:0in;margin-right:0in;margin-left:0in;margin-bottom:0.0001pt;font-size:11pt;font-family:Calibri, sans-serif"><a name="13303709b97b2585_wp1212299"></a><span style="font-size:9.5pt;font-family:Arial, sans-serif;color:black">If the<span> </span><b>call spike</b><span> </span>is configured at both the global and dial-peer levels, the dial-peer level takes precedence and the call spike is calculated. If the call spike threshold is exceeded the call gets rejected, and the call spike calculation is done at the global level.<u></u><u></u></span></div>
<div style="margin-top:0in;margin-right:0in;margin-left:0in;margin-bottom:0.0001pt;font-size:11pt;font-family:Calibri, sans-serif"><u></u> <u></u></div><div style="margin-top:0in;margin-right:0in;margin-left:0in;margin-bottom:0.0001pt;font-size:11pt;font-family:Calibri, sans-serif">
<u></u> <u></u></div><div style="margin-top:0in;margin-right:0in;margin-left:0in;margin-bottom:0.0001pt;font-size:11pt;font-family:Calibri, sans-serif"><u></u> <u></u></div></div></div></div><font face="monospace"><div><div>
</div><div class="h5">************************************<br>This email may contain privileged and/or confidential information that is intended solely for the use of the addressee. If you are not the intended recipient or entity, you are strictly prohibited from disclosing, copying, distributing or using any of the information contained in the transmission. If you received this communication in error, please contact the sender immediately and destroy the material in its entirety, whether electronic or hard copy. This communication may contain nonpublic personal information about consumers subject to the restrictions of the Gramm-Leach-Bliley Act and the Sarbanes-Oxley Act. You may not directly or indirectly reuse or disclose such information for any purpose other than to provide the services for which you are receiving the information.<br>
There are risks associated with the use of electronic transmission. The sender of this information does not control the method of transmittal or service providers and assumes no duty or obligation for the security, receipt, or third party interception of this transmission.<br>
</div></div>************************************</font><span> </span>_______________________________________________<br>cisco-voip mailing list<br><a href="mailto:cisco-voip@puck.nether.net" style="color:blue;text-decoration:underline" target="_blank">cisco-voip@puck.nether.net</a><br>
<a href="https://puck.nether.net/mailman/listinfo/cisco-voip" style="color:blue;text-decoration:underline" target="_blank">https://puck.nether.net/mailman/listinfo/cisco-voip</a><br></div></div><br></div></div><br>_______________________________________________<br>
cisco-voip mailing list<br>
<a href="mailto:cisco-voip@puck.nether.net">cisco-voip@puck.nether.net</a><br>
<a href="https://puck.nether.net/mailman/listinfo/cisco-voip" target="_blank">https://puck.nether.net/mailman/listinfo/cisco-voip</a><br>
<br></blockquote></div><br>