1. ACLI Reference Guide
  2. ACLI Configuration Elements N-Z
  3. realm-config

realm-config

The realm-config element is used to configure realms.

Parameters

identifier
Enter the name of the realm associated with this Oracle Communications Session Border Controller. This is a required field. The identifier field value must be unique.
description
Provide a brief description of the realm-config configuration element
addr-prefix
Enter the IP address prefix used to determine if an IP address is associated with the realm. This field is entered as an IP address and number of bits in the network portion of the address in standard slash notation.
  • Default: 0.0.0.0
An IPV6 address is valid for this parameter.
network-interface
Enter the network interface through which this realm can be reached. Entries in this parameter take the form: <network-interface-ID>:<subport>.<ip_version>.

Note:

Only one network interface can be assigned to a single realm-config object.
media-realm-list
List media realm names the SBC searches to match a user-site and select a media realm for allocating Teams media IP. The first realm in the media-realm-list is the default realm for fall back functionality.
mm-in-realm
Enable or disable media being steered through the Oracle Communications Session Border Controller when the communicating endpoints are located in the same realm
  • Default: disabled
  • Values: enabled | disabled
mm-in-network
Enable or disable media being steered through the Oracle Communications Session Border Controller when the communicating endpoints are located in different realms within the same network (on the same network-interface). If this field is set to enabled, the Oracle Communications Session Border Controller will steer all media traveling between two endpoints located in different realms, but within the same network. If this field is set to disabled, then each endpoint will send its media directly to the other endpoint located in a different realm, but within the same network.
  • Default: enabled
  • Values: enabled | disabled
mm-same-ip
Enable the media to go through this Oracle Communications Session Border Controller if the mm-in-realm . When not enabled, the media will not go through the Oracle Communications Session Border Controller for endpoints that are behind the same IP.
  • Default: enabled
  • Values: enabled | disabled
mm-in-system
Set this parameter to enabled to manage/latch/steer media in the Oracle Communications Session Border Controller. Set this parameter to disabled to release media in the Oracle Communications Session Border Controller. Setting this parameter to disabled will cause the Oracle Communications Session Border Controller to NOT steer media through the system (no media flowing through this Oracle Communications Session Border Controller.
  • Default: enabled
  • Values: enabled | disabled
bw-cac-non-mm
Set this parameter to enabled to turn on bandwidth CAC for media release
  • Default: disabled
  • Values: enabled | disabled
msm-release
Enable or disable the inclusion of multi-system (multiple Oracle Communications Session Border Controllers) media release information in the SIP signaling request sent into the realm identified by this realm-config element. If this field is set to enabled, another Oracle Communications Session Border Controller is allowed to decode the encoded SIP signaling request message data sent from a SIP endpoint to another SIP endpoint in the same network to restore the original SDP and subsequently allow the media to flow directly between those two SIP endpoints in the same network serviced by multiple Oracle Communications Session Border Controllers. If this field is set to disabled, the media and signaling will pass through both Oracle Communications Session Border Controllers. If this field is set to enabled, the media is directed directly between the endpoints of a call.
  • Default: disabled
  • Values: enabled | disabled
qos-enable
Enable or disable the use of QoS in this realm
  • Default: disabled
  • Values: enabled | disabled
generate-udp-checksum
Enable or disable the realm to generate a UDP checksum for RTP/RTCP packets.
  • Default: disabled
  • Values: enabled | disabled

This parameter is visible only on Acme Packet 3800s and Acme Packet 4500s that do not have an ETC card installed. The function is enabled and not configurable on all other platforms.

max-bandwidth
Enter the total bandwidth budget in kilobits per second for all flows to/from the realm defined in this element. A max-bandwidth field value of 0 indicates unlimited bandwidth.
  • Default: 0
  • Values: Min: 0 / Max: 999999999
fallback-bandwidth
Enter the amount of bandwidth available once the Oracle Communications Session Border Controller has determined that the target (of ICMP pings) is unreachable.
  • Default: 0
  • Values: Min: 0
max-priority-bandwidth
Enter the amount of bandwidth amount of bandwidth you want to want to use for priority (emergency) calls; the system first checks the max-bandwidth parameter, and allows the call if the value you set for priority calls is sufficient.
  • Default: 0
  • Values: Min: 0 | Max: 999999999
max-latency
This parameter is unsupported.
max-jitter
This parameter is unsupported.
max-packet-loss
This parameter is unsupported.
observ-window-size
This parameter is unsupported.
parent-realm
Enter the parent realm for this particular realm. This must reference an existing realm identifier.
dns-realm
Enter the realm whose network interface’s DNS server should be used to resolve FQDNs for requests sent into the realm. If this field value is left empty, the Oracle Communications Session Border Controller will use the DNS of the realm’s network interface.
media-policy
Select a media-policy on a per-realm basis (via an association between the name field value configured in this field). When the Oracle Communications Session Border Controller first sets up a SIP or H.323 media session, it identifies the egress realm of each flow and then determines the media-policy element to apply to the flow. This parameter must correspond to a valid name entry in a media policy element.
nsep-media-policy
Enter the name of the media-policy you want to apply to this realm for traffic identified and handled as NSEP traffic. Use this parameter to establish different DSCP marking between NSEP and other media on this realm. This parameter must correspond to a valid name entry in a media policy element.
media-sec-policy

Name of default media security policy.

rtcp-mux
Select to enable RTCP multiplexing, which allows Real-Time Protocol (RTP) and Real-Time Control Protocol (RTCP) packets to use the same media port numbers.
  • Default: disabled
  • Values: enabled | disabled
ice-profile
Specify the name of an exitsing ICE profile, which enables a WebRTC client to perform connectivity checks and can provide several STUN servers to the browser.
dtls-srtp-profile
Enter the name of the dtls-srtp-profile you want to apply to DTLS traffic on this realm.
srtp-msm-passthrough
Enables multi system selective SRTP pass through in this realm.
  • Default: disabled
  • Values: enabled | disabled
class-profile
Enter the name of class-profile to use for this realm for ToS marking
in-session-translations
Enter the subelement that defines session translations to apply to incoming traffic on this realm.
out-session-translations
Enter the subelement that defines session translations to apply to outgoing traffic on this realm.
in-manipulationid
Enter the inbound SIP manipulation rule name
out-manipulationid
Enter the outbound SIP manipulation rule name
average-rate-limit
Enter the average data rate in bits per second for host path traffic from a trusted source
  • Default: 0 (disabled)
  • Values: Min: 0 | Max: 4294967295
access-control-trust-level
Select a trust level for the host within the realm
  • Default: none
  • Values:
    • high—Hosts always remains trusted
    • medium—Hosts belonging to this realm can get promoted to trusted, but can only get demoted to untrusted. Hosts will never be put in block-list.
    • low—Hosts can be promoted to trusted list or can get demoted to untrusted list
    • none—Hosts will always remain untrusted. Will never be promoted to trusted list or will never get demoted to untrusted list
invalid-signal-threshold
Enter the acceptable invalid signaling message rate falling within a tolerance window
  • Default: 0
  • Values: Min: 0 | Max: 4294967295
maximum-signal-threshold
Enter the maximum number of signaling messages allowed within the tolerance window
  • Default: 0 (disabled)
  • Values: Min: 0 | Max: 4294967295
untrusted-signal-threshold
Enter the allowed maximum signaling messages within a tolerance window.
  • Default: 0
  • Values: Min: 0 | Max: 4294967295
nat-trust-threshold
Enter maximum number of denied endpoints that set the NAT device they are behind to denied. 0 means dynamic demotion of NAT devices is disabled.
  • Default: 0
  • Values: Min: 0 | Max: 65535
max-endpoints-per-nat
Maximum number of endpoints that can exist behind a NAT before demoting the NAT device.
  • Default: 0 (disabled)
  • Values: Min: 0 | Max: 65535
nat-invalid-message-threshold
Maximum number of invalid messages that may originate behind a NAT before demoting the NAT device.
  • Default: 0 (disabled)
  • Values: Min: 0 | Max: 65535
wait-time-for-invalid-register
Period (in seconds) that the counts before considering the absence of the REGISTER message as an invalid message.
  • Default: 0 (disabled)
  • Values: Min: 0, 4-300
deny-period
Enter the length of time an entry is posted in the deny list
  • Default: 30
  • Values: Min: 0 / Max: 4294967295
cac-failure-threshold
Enter the number of CAC failures for any single endpoint that will demote it from the trusted queue to the untrusted queue for this realm.
  • Default: 0
  • Values: Min: 0 / Max:141842
untrust-cac-failure-threshold
Enter the number of CAC failures for any single endpoint that will demote it from the untrusted queue to the denied queue for this realm.
  • Default: 0
  • Values: Min: 0 / Max: 4294967295
ext-pol-server
Name of external policy server.
diam-e2-address-realm
The value inserted into a Diameter e2 Address-Realm AVP when a message is received on this realm.
symmetric-latching
Enable, disable and manage symmetric latching between endpoints for RTP traffic.
  • Default: disabled
  • enabled
  • disabled
  • pre-emptive - symmetric latching is enabled, but the SBC sends RTP packets to the received SDP connection address without waiting on the latch.
pai-strip
Enable or disable P-Asserted-Identity headers being stripped from SIP messages as they exit the Oracle Communications Session Border Controller. The PAI header stripping function is dependent on this parameter and the trust-me parameter.
  • Default: disabled
  • Values: enabled | disabled
trunk-context
Enter the default trunk context for this realm
early-media-allow
Select the early media suppression for the realm
  • Values:
    • none: No early media is allowed in either direction
    • both: Early media is allowed in both directions
    • reverse: Early media received by Oracle Communications Session Border Controller in the reverse direction is allowed
enforcement-profile
Enter the name of the enforcement profile (SIP allowed methods).
additional-prefixes
Enter one or more additional address prefixes. Not specifying the number of bits to use implies all 32 bits of the address are used to match.
add-additional-prefixes
Add one or more additional address prefixes. Not specifying the number of bits to use implies all 32 bits of the address are used to match.
remove-additional-prefixes
Remove one or more additional address prefixes. Not specifying the number of bits to use implies all 32 bits of the address are used to match.
restricted-latching
Set the restricted latching mode
  • Default: None
  • Values:
    • none: No restricted latching
    • sdp: Use the IP address specified in the SDP for latching purpose
    • peer-ip: Use the peer-ip (Layer 3 address) for the latching purpose
    • sdp-ip-port: Latch to media based on the IP Address received in the SDP c= connect address line, and the port in the mline in the offer and answer.
restriction-mask
Set the restricted latching mask value.
  • Default: 32
  • Values: Min: 1 | Max: 128
user-cac-mode
Set this parameter to the per user CAC mode that you want to use
  • Default: none
  • Values:
    • none—No user CAC for users in this realm
    • AOR—User CAC per AOR
    • IP—User CAC per IP
user-cac-bandwidth
Enter the maximum bandwidth per user for dynamic flows to and from the user. By leaving this parameter set to 0 (default), there is unlimited bandwidth and the per user CAC feature is disabled for constraint of bandwidth.
user-cac-sessions
Enter the maximum number of sessions per user for dynamic flows to and from the user. Leaving this parameter set to 0 (default), there is unlimited sessions and the CAC feature is disabled for constraint on sessions
  • Default: 0
  • Values: Min: 0 / Max: 999999999
icmp-detect-multiplier
Enter the multiplier to use when determining how long to send ICMP pings before considering a target unreachable. This number multiplied by the time set for the icmp-advertisement-interval determines the length of time
  • Default: 0
  • Values: Min: 0
icmp-advertisement-interval
Enter the time in seconds between ICMP pings the Oracle Communications Session Border Controller sends to the target.
  • Default: 0
  • Values: Min: 0
icmp-target-ip
Enter the IP address to which the Oracle Communications Session Border Controller should send the ICMP pings so that it can detect when they fail and it needs to switch to the fallback bandwidth for the realm.
  • Default: (empty)
monthly-minutes
Enter the monthly minutes allowed
  • Default: 0
  • Values: Min: 0 / Max: 71582788
options
Enter any optional features or parameters
accounting-enable
Select whether you want accounting enabled within the realm
  • Default: enabled
  • Values: enabled | disabled
net-management-control
Enable or disable network management controls for this realm
  • Default: disabled
  • Values: enabled | disabled
delay-media-update
Enable or disable media update delay
  • Default: disabled
  • Values: enabled | disabled
refer-call-transfer
REFER call transfer
  • Default: disabled
  • Values: enabled | disabled | dynamic
refer-notify-provisional
Provisional mode for sending NOTIFY message
  • Default: none
  • Values:
    • none: no intermediate NOTIFY's are to be sent
    • initial: immediate 100 Trying NOTIFY has to be sent
    • all: immediate 100 Trying NOTIFY plus a NOTIFY for each non-100 provisional received by the SD are to be sent
dyn-refer-term
Enable or disable the Oracle Communications Session Border Controller to terminate a SIP REFER and issue a new INVITE. If the dyn-refer-term value is disabled (the default), proxy the REFER to the next hop to complete REFER processing. If the dyn-refer-termvalue is enabled, terminate the REFER and issue an new INVITE to the referred party to complete REFER processing.
  • Default: disabled
  • Values: enabled | disabled
codec-policy
Select the codec policy you want to use for this realm
codec-manip-in-realm
Enable or disable codec policy in this realm
  • Default: disabled
  • Values: enabled | disabled
codec-manip-in-network
Enable or disable codec policy in this network.
  • Default: enabled
  • enabled | disabled
constraint-name
Enter the name of the constraint you want to use for this realm
call-recording-server-id
This parameter is unsupported.
session-recording-server
A maximum of four names of session-recording-servers, or session-recording-groups, or a combination of both exisiting in thein the realm associated with the session reporting client. Valid values are alpha-numeric characters. session recording groups are indicated by prepending the groupname with SRG:
session-recording-required
Determines whether calls are accepted by the SBC if recording is not available.
  • Default: disabled
  • enabled—Restricts call sessions from being initiated when a recording server is not available.
  • disabled—Allows call sessions to initiate even if the recording server is not available.
xnq-state

This parameter is unsupported.

hairpin-id

This parameter is unsupported.

manipulation-string
Enter a string to be used in header manipulation rules for this realm. 1
manipulation-pattern
Enter the regular expression to be used in header manipulation rules for this realm.
stun-enable
Enable or disable the STUN server support for this realm
  • Default: disabled
  • Values: enabled | disabled
stun-server-ip
Enter the IP address for the primary STUN server port
  • Default: 0.0.0.0
stun-server-ip
Enter the IP address for the primary STUN server port
  • Default: 0.0.0.0
stun-server-port
Enter the port to use with the stun-server-ip for primary STUN server port
  • Default: 3478
  • Values: Min. 1025 | Max. 65535
stun-changed-ip
Enter the IP address for the CHANGED-ADDRESS attribute in Binding Requests received on the primary STUN server port; must be different from than the one defined for the stun-server-ip
  • Default: 0.0.0.0
stun-changed-port
Enter the port combination to define the CHANGED-ADDRESS attribute in Binding Requests received on the primary STUN server port
  • Default: 3479
  • Values: Min. 1025 | Max. 65535
flow-time-limit
Enter the total time limit in seconds for the flow. The Oracle Communications Session Border Controller notifies the signaling application when this time limit is exceeded. This field is only applicable to dynamic flows. A value of 0 seconds disables this function and allows the flow to continue indefinitely.
  • Default: -1, which allows the system to use the global timer settings for this realm.
  • Values: Min: 0 / Max: 2147483647
initial-guard-timer
Enter the time in seconds allowed to elapse before first packet of a flow arrives. If first packet does not arrive within this time limit, Oracle Communications Session Border Controller notifies the signaling application. This field is only applicable to dynamic flows. A value of 0 seconds indicates that no flow guard processing is required for the flow and disables this function.
  • Default: -1, which allows the system to use the global timer settings for this realm.
  • Values: Min: 0 / Max: 2147483647
subsq-guard-timer
Enter the maximum time in seconds allowed to elapse between packets in a flow. The Oracle Communications Session Border Controller notifies the signaling application if this timer is exceeded. This field is only applicable to dynamic flows. A field value of zero seconds means that no flow guard processing is required for the flow and disables this function.
  • Default: -1, which allows the system to use the global timer settings for this realm.
  • Values: Min: 0 / Max: 2147483647
tcp-flow-time-limit
Enter the maximum time in seconds that a media-over-TCP flow can last
  • Default: -1, which allows the system to use the global timer settings for this realm.
  • Values: Min: 0 / Max: 2147483647
tcp-initial-guard-timer
Enter the maximum time in seconds allowed to elapse between the initial SYN packet and the next packet in a media-over-TCP flow
  • Default: -1, which allows the system to use the global timer settings for this realm.
  • Values: Min: 0 / Max: 2147483647
tcp-subsq-guard-timer
Enter the maximum time in seconds allowed to elapse between all subsequent sequential media-over-TCP packets
  • Default: -1, which allows the system to use the global timer settings for this realm.
  • Values: Min: 0 / Max: 2147483647
sip-profile
Enter the name of the sip-profile to apply to this realm.
sip-isup-profile
Enter the name of the sip-isup-profile to apply to this realm.
match-media-profiles
Enter the media profiles you would like applied to this realm in the form <name>::<subname>. See the Oracle Communications Session Border Controller Configuration Guide for information about wildcard values.
qos-constraints
Enter the name value from the QoS constraints configuration you want to apply to this realm
block-rtcp
Block RTCP from entering or leaving this realm.
  • Default: disabled
  • Values: enabled | disabled
hide-egress-media-update
Hide changes to ingress RTP egressing into this realm
  • Default: disabled
  • Values: enabled | disabled
subscription-id-type
Sets the supported Subscription ID Types and the subsequent values inserted into the Subscription-Id-Data AVP's in an AAR message for Rx transactions.
  • Default: END_USER_NONE
  • Values: END_USER_NONE | END_USER_E164 | END_USER_SIP_URI | END_USER_IMSI
tcp-media-profile
A configured tcp-media-profile name to use within this realm. Used for MSRP.
stun-server-port
Enter the port to use with the stun-server-ip for primary STUN server port
  • Default: 3478
  • Values: Min. 1025 | Max. 65535
tcp-media-profile
A configured tcp-media-profile name to use within this realm. Used for MSRP.
monitoring-filters
Comma-separated list of monitoring filters used for SIP monitor and trace.
node-functionality
Sets the value inserted into the node-functionality AVP in Rf messages going into this realm.
  • P-CSCF
  • BGCF
  • IBCF
  • E-CSCF
  • "" - This indicates that this realm should revert to the global node-functionality value.
default-location-string
Used for NPLI functionality.
alt-realm-family
The realm name of the alternate realm, from which to use an IP address in the other address family. If this parameter is within an IPv4 realm configuration, you will enter an IPv6 realm name.
pref-addr-type
Order in which the a=altc: lines suggest preference.
  • Default: none
  • Values: none | ipv4 | ipv6
dns-max-response-size
Enter the maximum size of the DNS response to queries.
  • Default: 0; disabled
  • Value: 65535
session-max-life-limit
Enter the maximum interval in seconds before the system must terminate long duration calls. This value supercedes the value of session-max-life-limit in the sip-interface and sip-config configuration elements and is itself superceded by the value of session-max-life-limit in the session-agent configuration element.
  • Default: 0; disabled
  • Values:
    • 0
    • unlimited
    • 1 - 2073600

Note:

See the Configuration Guide for the difference between 0 and unlimited.
sm-icsi-match-for-invite
The ICSI URN to match on to increment the session-based messaging counters.
  • Default: urn:rrn-7:3gpp-service.ims.icsi.oma.cpm.msg
sm-icsi-match-for-message
The ICSI URN to match on to increment the event-based messaging counters.
  • Default: urn:rrn-7:3gpp-service.ims.icsi.oma.cpm.largemsg
ringback-file
Specifies the name of the media file, stored previously in /code/media, that the system plays when triggered for this realm.
ringback-trigger
Specifies when the system triggers the local media playback function.
  • none—The system does not perform local media playback procedures. Based on precedence, however, the system may issue playback based on other element configurations. Local media playback follows the precedence session-agent, realm, then sip-interface.
  • disabled—The system does not perform media playback procedures on this flow, regardless of ensuing configurations.
  • 180-no-sdp—Defines the trigger by which the system starts local media playback to caller. This parameter causes playback trigger whenever the called leg responds with a 180 message that does not include SDP.
  • 180-force—Defines the trigger by which the system starts local media playback to caller. This parameter causes playback trigger whenever the called leg responds with a 180 message.
  • 183—Starts playback to caller when 183 is sent to call originator. The system stops the playback on the final response (either 2xx success or 4xx error). Configure this 183 value on the original INVITE ingress realm/sip-interface/session-agent.
  • refer—Starts playback to the referee when it receives a REFER. This trigger operates only if the OCSBC actually terminates and performs the refer operation. If the REFER is via proxy, playback is not a triggered. Playback stops when the refer operation is complete with a final response (200-299 or 400-699). Configure this refer value on the ingress realm/sip-interface/session-agent of the transferred call.
  • 183-and-refer—Starts playback when both 183 and refer triggers are activated.
  • playback-on-header—Starts or stops playback based on the presence of the P-Acme-Playback header and its definitions.
teams-fqdn-in-uri
Enables IP to FQDN replacement in FROM and Contact headers for SIP requests for Teams deployments. Also enables the SBC to send the proprietary X-MS-SBC header in SIP messages on egress realm.
  • Default: disabled
  • Values: enabled | disabled

Note:

This parameter uses the hostname configured under network-interface.
sdp-inactive-only
Enables the SBC to change the sendonly and recvonly attribute in SDP to inactive in outgoing SDP for Teams deployments. Also enables the SBC to perform the reverse action in incoming SDP.
  • Default: disabled
  • Values: enabled | disabled
teams-fqdn
Reserved for use with Microsoft Teams integrations only.
merge-early-dialogs
Allows or prevents the merging of early dialogs within forking scenarios.
  • Default: disabled
  • Values: enabled | disabled
user-site

Sets the user-site names corresponding to the user-site configuration set at the DR. The SBC uses this name to select the realm for allocating media IP. The match for user-site is case insensitive.

srvcc-trfo
Supports SRVCC handover events that need to occur without transcoding by forcing a re-negotiation during the handover if a non-transcodable codec is currently being used.
  • Default: empty
  • Values: EVS
sti-as
Specifies the name of an sti-server-group name or a space-separated list of sti-server (up to four allowed) to which the SBC shall send AS requests. When configuring a group name, use the prefix stg: followed by your group name. For example, stg:myStiGroupName.
sti-vs
Specifies the name of an sti-server-group name or a space-separated list of sti-server (up to four allowed) to which the SBC shall send VS requests. When configuring a group name, use the prefix stg: followed by your group name. For example, stg:myStiGroupName.
sti-orig-id
Specifies the UUID v4 to be added to STI-AS requests, if not already present, during STIR/SHAKEN functions.
sti-attest
Specifies the attestation value that is sent in AS request, during STIR/SHAKEN functions. The default is empty
  • full-attestation
  • partial-attestation
  • gateway-attestation
sti-signaling-attest
Enable this parameter to instruct the SBC to use attestation level and origination ID headers from the ingress SIP INVITE in the REST query to the STI-AS, if preferred. When enabled, the Attestation-Info and Origination-ID headers override the configured values, if present. If one of the two requested headers is present, the other value is obtained from configured parameters.
  • Default: Disable—The system does not use the attestation value and origId from SIP headers.
  • Enable—The system uses the attestation value and origId from SIP headers, when present.
feature-trfo
Configure this parameter with the feature or features with which you want to use transcoding free operation (TrFO). Configure multiple parameters by separating them with a comma.
  • Default: disable
  • rbt
  • asymmetric-preconditions
Although you can configure the feature-trfo parameter with multiple parameters, the system only acts on one of those parameters at any give time. Under the condition where more than one parameter applies, the system refers to your configuration's parameter order to determine which function to perform.
auth-attribute
Sub-element providing access to cross-realm surrogate agent management parameters.
fqdn-hostname
Enter the hostname you want to in include in the selected headers for this realm's egress traffic.
fqdn-hostname-in-header
List the headers for which the system includes the hostname that you configured in the fqdn-host-name parameter. Separate multiple values with a comma.
  • FROM
  • TO
  • CONTACT
  • R-URI
P-Asserted-Identity
Enter the string you want to use to set the identity within PAI headers for this realm's egress traffic.
P-Asserted-Identity-For
List the methods for which the system includes a PAI header using the PAI identity you set in this realm's p-asserted-identity parameter. Separate multiple values with a comma.
  • INVITE
  • BYE
  • ACK
  • REGISTER
nsep-stats
Enables the collection and reporting of NSEP statistics for this realm.
  • Default: disabled
  • Values: enabled | disabled
steering-pool-threshold
Specifies, in percent utilization, the value above which the system triggers an alarm indicating the realm is running low on steering pool ports.
  • Default: 0 (Disables alarm)
  • Range: 0 - 100%
steering-pool-lower-threshold
Specifies, in percent utilization, the value below which the system considers steering pool utilization on this realm acceptable. Operates in conjunction with the steering-pool-alarm-monitoring-time to prevent the system from issuing multiple alarms for what you consider the same issue.
  • Default: 70
  • Range: 1 - 95%
steering-pool-alarm-monitoring-time
Operates in conjunction with the steering-pool-lower-threshold, and specifies in minutes the duration for which the system considers an alarm condition triggered by the steering-pool-threshold as still in effect. After the system triggers this alarm, it uses this window as the amount of time steering pool port usage must be below the steering-pool-lower-threshold before the system can issue a new steering-pool-threshold alarm. This logic prevents the system from issuing multiple alarms for what you consider the same issue.
  • Default: 15
  • Range: 5 - 600 minutes
dos-action-at-session
Specify the system's behavior for reacting to session-based DoS attacks.
  • Default: Disabled
  • permit—If the endpoint initiates the DDoS attack at the session level, the system can demote or deny the endpoint. At first detection of a DDoS attack, the system demotes the endpoint from trusted to untrusted. If there is a second DDoS attack before the UNTRUST_TMO timer expires, the system further demotes the endpoint to deny
  • no-deny—If the endpoint initiates the DDoS attack at the session level, the system can demote the endpoint to untrusted. When the UNTRUST_TMO timer expires, the system promotes the endpoint back to the trusted state.
  • session-drop—If the endpoint initiates the DDoS attack at the session level, the system takes action on that session only. Specifically, the system terminates the existing session but does not demote or deny the endpoint.
  • inherit—When configuring this feature on a session-agent, the value "inherit" is also available. For session-agent, "inherit" is the default value for the parameter, and instructs the system to use your session-level DDoS configuration on the applicable realm-config.

Path

realm-config is an element under the media-manager path. The full path from the topmost ACLI prompt is: configure terminal , and then media-manager , and then realm-config.

Note:

This is a multiple instance configuration subelement.