DDoS Configuration Settings per Platform in Access Environments
Changes under media-manager require system reboot to take effect. Be sure to follow precautions to reboot SBC(s) to unnecessary service outage during this execution.
Acme Packet 1100 720 Flow Table 4G memory –copper single GigE
| Platform: | AP 1100 |
| Flow Table: | 720 |
| Memory: | 4 GB |
| Software Release: | ECZ8.1.0 |
The following table lists the five parameters germane to DDoS Configuration Settings Access Environments for the Acme Packet 1100 and their settings in the Not-denied and denied realms.
| Parameter | Not Denied realm | Denied realm |
|---|---|---|
| access-control-trust-level | Medium | low |
| invalid-signal-threshold | 2 | 1 |
| maximum-signal-threshold | 25 | 25 |
| untrusted-signal-threshold | 10 | 1 |
| nat-trust-threshold | 0 | 0 |
| deny-period | 30 | 1800 |
The media-manager configuration should be set as suggested in the following table for the Acme Packet 1100.
| Parameter | value |
|---|---|
| max-signaling-packets | 10000 |
| max-untrusted-signaling | 7 |
| min-untrusted-signaling | 4 |
| tolerance-window | 30 |
Acme Packet 3900 16K Flow Table 16G memory – copper single GigE
| Platform: | AP 3900 |
| Flow Table: | 16000 |
| Memory: | 16 GB |
| Software Release: | ECZ8.1.0 |
The following table lists the five parameters germane to DDoS Configuration Settings Access Environments for the Acme Packet 3900 and their settings in the Not-denied and denied realms.
| Parameter | Not Denied realm | Denied realm |
|---|---|---|
| access-control-trust-level | Medium | low |
| invalid-signal-threshold | 2 | 1 |
| maximum-signal-threshold | 25 | 25 |
| untrusted-signal-threshold | 10 | 1 |
| nat-trust-threshold | 0 | 0 |
| deny-period | 30 | 1800 |
The media-manager configuration should be set as suggested in the following table for the Acme Packet 3900.
| Parameter | value |
|---|---|
| max-signaling-packets | 40000 |
| max-untrusted-signaling | 7 |
| min-untrusted-signaling | 7 |
| tolerance-window | 30 |
Acme Packet 4600 1000000 Flow Table 16G memory –copper single GigE
| Platform: | AP 4600 |
| Flow Table: | 1000000 |
| Memory: | 16 GB |
| Software Release: | SCZ8.1.0 |
The following table lists the five parameters germane to DDoS Configuration Settings Access Environments for the Acme Packet 4600 and their settings in the Not-denied and denied realms.
| Parameter | no-Denied | Denied |
|---|---|---|
| access-control-trust-level | Medium | low |
| invalid-signal-threshold | 2 | 1 |
| maximum-signal-threshold | 25 | 25 |
| untrusted-signal-threshold | 10 | 2 |
| nat-trust-threshold | 0 | 0 |
| deny-period | 30 | 1800 |
The media-manager configuration should be set as suggested in the following table for the Acme Packet 4600.
| Parameter | value |
|---|---|
| max-signaling-bandwidth | 2651610 |
| max-untrusted-signaling | 15 |
| min-untrusted-signaling | 12 |
| app-signaling-bandwidth | 0 |
| tolerance-window | 30 |
Acme Packet 6100 1000000 Flow Table 16G memory –copper single GigE
| Platform: | AP 6100 |
| Flow Table: | 1000000 |
| Memory: | 16 GB |
| Software Release: | SCZ8.1.0 |
The following table lists the five parameters germane to DDoS Configuration Settings Access Environments for the Acme Packet 6100 and their settings on the core and peer realms.
| parameter | Core realm-config | Peer Realm-config |
|---|---|---|
| access-control-trust-level | high | low |
| average-rate-limit | 0 | 0 |
| invalid-signal-threshold | 0 | 1 |
| maximum-signal-threshold | 0 | 4000 |
| untrusted-signal-threshold | 0 | 1 |
The media-manager configuration should be set as suggested in the following table for the Acme Packet 6100 in the respective model.
| Parameter | PBRB Model | SSNHTN Model | SNB Model |
|---|---|---|---|
| max-signaling-bandwidth | 7070960 | 7070960 | 7070960 |
| max-untrusted-signaling | 1 | 1 | 1 |
| min-untrusted-signaling | 1 | 1 | 1 |
| tolerance-window | 30 | 30 | 30 |
Acme Packet 6300 1000000 Flow Table 16G memory - copper single GigE
| Platform: | AP 6300 |
| Flow Table: | 1000000 |
| Memory: | 16 GB |
| Software Release: | SCZ8.1.0 |
The following table lists the five parameters germane to DDoS Configuration Settings Access Environments for the Acme Packet 6300 and their settings on the core and peer realms.
| parameter | Core realm-config | Peer Realm-config |
|---|---|---|
| access-control-trust-level | high | low |
| average-rate-limit | 0 | 0 |
| invalid-signal-threshold | 0 | 1 |
| maximum-signal-threshold | 0 | 4000 |
| untrusted-signal-threshold | 0 | 1 |
The media-manager configuration should be set as suggested in the following table for the Acme Packet 6300 in the respective model.
| Parameter | PBRB Model | SSNHTN Model | SNB Model |
|---|---|---|---|
| max-signaling-bandwidth | 7070960 | 7070960 | 7070960 |
| max-untrusted-signaling | 1 | 1 | 1 |
| min-untrusted-signaling | 1 | 1 | 1 |
| tolerance-window | 30 | 30 | 30 |
Acme Packet 6350 2000000 Flow Table 48GB memory -copper single GigE
| Platform: | AcmePacket 6350 |
| Flow Table: | 2000000 |
| Memory: | 48 GB |
| Software Release: | SCZ8.1.0 |
The following table lists the five parameters germane to DDoS Configuration Settings Access Environments for the Acme Packet 6350 and their settings on the core and peer realms.
| parameter | Core realm-config | Peer Realm-config |
|---|---|---|
| access-control-trust-level | high | low |
| average-rate-limit | 0 | 0 |
| invalid-signal-threshold | 0 | 1 |
| maximum-signal-threshold | 0 | 4000 |
| untrusted-signal-threshold | 0 | 2 |
The media-manager configuration should be set as suggested in the following table for the Acme Packet 6350 in the respective model.
| Parameter | PBRB Model | SSNHTN Model | SNB Model |
|---|---|---|---|
| max-signaling-bandwidth | 7070960 | 7070960 | 7070960 |
| max-untrusted-signaling | 15 | 13 | 12 |
| min-untrusted-signaling | 14 | 12 | 11 |
| tolerance-window | 30 | 30 | 30 |
VME 720 Flow Table 4G memory
| Platform: | VME |
| Flow Table: | 720 |
| Memory: | 4 GB |
| Software Release: | SCZ8.1.0 |
The following table lists the five parameters germane to DDoS Configuration Settings Access Environments for the VME and their settings in the Not-denied and denied realms.
| Parameter | Not Denied realm | Denied realm |
|---|---|---|
| access-control-trust-level | Medium | low |
| invalid-signal-threshold | 2 | 1 |
| maximum-signal-threshold | 25 | 25 |
| untrusted-signal-threshold | 10 | 1 |
| nat-trust-threshold | 0 | 0 |
| deny-period | 30 | 1800 |
The media-manager configuration should be set as suggested in the following table for the VME.
| Parameter | value |
|---|---|
| max-signaling-bandwidth | 100000 |
| max-untrusted-signaling | 7 |
| min-untrusted-signaling | 4 |
| tolerance-window | 30 |