EasyManua.ls Logo

Cisco ASR 5000 Series - Cookie Challenge Statistics

Cisco ASR 5000 Series
992 pages
To Next Page IconTo Next Page
To Next Page IconTo Next Page
To Previous Page IconTo Previous Page
To Previous Page IconTo Previous Page
Loading...
Packet Data Interworking Function Overview
Features and Functionality - Base Software
Cisco ASR 5000 Series Product Overview
OL-22938-02
If the IKEv2 cookie feature is enabled, and the number of half-opened IPSec sessions exceeds the configured limit of
any integer between 0 and 100,000, the call setup is as shown in the figure below.
Figure 122. DoS Cookie-Challenge-Enabled IKEv2 Message Exchange
Table 66. DoS Cookie Challenge Enabled IKEv2 Message Exchange
Step
Description
1
The MS places a call to the WiFi AP.
2
The WiFi AP returns the IP address of the PDIF.
3
The MS sends an IKE_SA_INIT request. message.
4
The PDIF sends the Notify (cookie) payload to the MS to request retransmission of the IKE_SA_INIT request message to
include the Notify (cookie) payload in the message.
5
Upon receipt of the retransmitted message, the PDIF verifies the cookie payload and ensures it is the same cookie as the
one it had sent.
6
If the cookie challenge is met, setup continues as normal with an IKE_SA_INIT response message.
Cookie Challenge Statistics
Cookie challenge statistics appear in the outputs for the following commands:

Table of Contents

Other manuals for Cisco ASR 5000 Series

Preview: Administration Guide
Administration Guide508 pages
Preview: Installation Guide
Installation Guide317 pages
Preview: Thresholding Configuration Guide
Thresholding Configuration Guide163 pages
Preview: Installation And Administration Guide
Installation And Administration Guide95 pages

Related product manuals