[SR-Users] Pike Module Clarification

Daniel-Constantin Mierla miconda at gmail.com
Sun Mar 22 10:37:26 CET 2020 

Hello,

I am not very familiar with the code as I haven't written the module,
but iirc, if it is an isolated IP, then it takes 3 x sampling_time_unit
to block that IP if there is traffic from it at a rate of more than 30
requests (can be even 1000+ requests).

Then, an IP can be blocked after the first sampling_time_unit if it is
part of a subnetwork (/24) that has other IP addresses already blocked.

As a simple rule, any IP is blocked for sure after 3 x
sampling_time_unit with higher rate than the density and is kept block
if it continues to send high volume of requests.

Cheers,
Daniel

On 21.03.20 15:18, JR Richardson wrote:
>
> Hi All,
>
>  
>
> Please clarify the pike settings for SIP message count, the module Doc
> reports:
>
>  
>
> ----
> modparam("pike", "sampling_time_unit", 10)
>
> modparam("pike", "reqs_density_per_unit", 30)
>
>  
>
> How many requests should be allowed per |sampling_time_unit| before
> blocking all the incoming request from that IP. Practically, the
> blocking limit is between ( let's have x=reqs_density_per_unit) x and
> 3*x for IPv4 addresses and between x and 8*x for IPv6 addresses.
>
> -----
>
>  
>
> So the example above the SIP message rate is 30 messages within 10
> seconds triggers an pike alert?
>
>  
>
> The description I’m confused on is “Practically, the blocking ‘*limit
> is between’*(let's have x=reqs_density_per_unit) x and 3*x for IPv4”
>
>  
>
> The way this reads to me is the Pike alert could be triggered anywhere
> between 30 and 90 (3*30) messages within 10 second period. Am I
> reading this correctly? What determines when the pike trigger actually
> happens, could the trigger happen at say 56 messages within 10 seconds?
>
>  
>
> Thanks.
>
>  
>
> JR Richardson
>
> Engineering for the Masses
>
> Chasing the Azeotrope
>
> JRx DistillCo
>
> 1’st Place Brisket
>
> 1’st Place Chili
>
>
> _______________________________________________
> Kamailio (SER) - Users Mailing List
> sr-users at lists.kamailio.org
> https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users

-- 
Daniel-Constantin Mierla -- www.asipto.com
www.twitter.com/miconda -- www.linkedin.com/in/miconda

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.kamailio.org/pipermail/sr-users/attachments/20200322/55325197/attachment-0001.html>

More information about the sr-users mailing list