Manualshelf

Product specifications

ManualsBrandsDialogic ManualsMusical equipment4000 Session
21222324252627282930
Dialogic® BorderNet™ 4000 SBC Product Description Document
23
Advanced Packet Rate-Limiting
The BorderNet 4000 SBC provides packet rate limiting to protect against legitimate but
misbehaving hosts or DoS attacks from spoofed sources. The incoming traffic is classified
into flows based on the combination of parameters, including:
Layer 3 protocol
Layer 4 protocol, local IP, local port and remote IP
The flows are subject to rate control as determined by the application or as configured by
the operator. From an application perspective, these flows correspond to traffic from remote
entities.
Traffic flows are classified into two buckets: white list traffic and grey list traffic. Traffic from
a trusted source uses the white list path. Traffic from an untrusted source initially uses the
grey list path and is promoted to the white list path based on application feedback. Each of
the traffic classes has a pre-determined bandwidth to the BorderNet 4000 SBC. The grey list
path uses a small percentage of total available bandwidth. The flows within a traffic class
share the bandwidth for that class, and the individual flows have their own bandwidth limits
within a class.
Separating traffic into classified flows and the additional verification required from untrusted
sources ensures that no single remote entity can compromise the BorderNet 4000 SBC.
Dynamic Packet Rate Adjustment
The packet rate for traffic flows can be controlled by the operator or dynamically adjusted
by the BorderNet 4000 SBC based on session constraints, configuration, and call patterns.
The BorderNet 4000 monitors each session and determines the expected packet rate, which
is used by the flow classifier to police traffic.
Traffic Priority and Overload Protection
Each flow is assigned a priority between zero (0) and (8), with zero being the highest
priority. Unclassified packets are assigned the lowest priority.
The BorderNet 4000 SBC protects itself during overload by selectively dropping traffic until
the overload condition subsides. It has an adaptive protection mechanism that includes
throttling low priority traffic during overloads while guaranteeing higher priority traffic is
serviced.
Media Security
Pinholes ensure media security. The BorderNet 4000 SBC dynamically opens and closes
pinholes for RTP traffic based on session signaling. When a pinhole is open, the BorderNet
4000 SBC accepts the RTP/RTCP traffic from a specified end-point. Bandwidth is monitored
based on the signaled codec to prevent bandwidth theft or DoS attacks on the media ports.
Application Security
IPsec Support
Internet Protocol Security (IPsec) is a suite of IETF-defined protocols for securing
communications over IP networks. IPsec protocols offer a range of security functions,
including data integrity, anti-replay protection and confidentiality via authenticating and
encrypting packets in each IP session. The BorderNet 4000 SBC supports the IPsec
Authentication Header (AH), which is used to authenticate and validate IP packets, and the