[SR-Users] pike parameters doup when have dinamyc ip clients and scanners

Daniel-Constantin Mierla miconda at gmail.com
Thu Aug 15 11:16:56 CEST 2019 

On 15.08.19 11:05, Daniel Tryba wrote:
> On Wed, Aug 14, 2019 at 02:52:45PM -0400, PICCORO McKAY Lenz wrote:
>>> In my setups I have a limit of 64 requests per 2s. But I also have
>>> whitelist (with/via the permissions module) for known high traffic
>>> ipaddresses. Dimensioning the pike module for the known high traffic
>>> hosts kind of defeats the purpose of using pike to detect strange
>>> unwanted traffic. The correct numbers depend on your endpoints.
>>>
>> i cannot use whitelist due my experiment are for all dinamyc ip clients
>> so what its the meaning of "depend on your endpoints" ?
> You need to dimension pike to at least normal expected traffic from your
> endpoints (and the max number of concurrent channels). If all your
> endpoints are residential phonelines, you might expect 1 or 2 active
> calls. In the worst case scenario you might "a few" call setups per
> second, so maybe bursts of 10 messages per second.
>
> But if you know you have a call center with 50 phones, with a queue to
> accept bursts you might have more than 50 call setups in a worst case
> scenario in a second so you might get 150 messages per second from this
> endpoint (the queue answers directly, so 1 invite might result in a 100
> trying, 180 ringing and a 200 OK within a second)
>
> Since there is only 1 setting for pike you have to account for the
> highest number of legit messages possible.
>
> If you want to keep the pike max number of message lower, you'll need to
> be creative. Like dynamically create a whitelist of known "excessive"
> trunks (by username) and exclude the ipaddresses they register from from
> pike.

Jumping in to point that pipelimit can be an alternative to pike for
more dynamic needs. Pike is optimized for source IP addresses, but not
as flexible as pipelimit, which can track traffic rates per
what-ever-defined key, like user id, ip address, method type, etc ...
With pipelimit one can define new "pipe" on-the-fly in routing block,
not restricted to static definition via modparam.

Cheers,
Daniel

-- 
Daniel-Constantin Mierla -- www.asipto.com
www.twitter.com/miconda -- www.linkedin.com/in/miconda

More information about the sr-users mailing list