Cisco Cisco Packet Data Gateway (PDG)
Access Control
▀ IKE Call Admission Control
▄ IPSec Reference, StarOS Release 18
146
IKE Call Admission Control
Call Admission Control (CAC) rate limits new IKE calls whenever a security gateway (SeGW) is experiencing an
overload. If the SeGW receives more IKE_SA_INIT requests than it can handle, already established tunnels could be
affected as system resources, such as CPU, Message Queue etc., would be utilized to handle the new calls. The SeGW
may be unable to process the Dead Peer Detections (DPDs) of existing tunnels on time, leading to their tear-off. Rate
limiting preserves enough system resources to maintain existing calls.
overload. If the SeGW receives more IKE_SA_INIT requests than it can handle, already established tunnels could be
affected as system resources, such as CPU, Message Queue etc., would be utilized to handle the new calls. The SeGW
may be unable to process the Dead Peer Detections (DPDs) of existing tunnels on time, leading to their tear-off. Rate
limiting preserves enough system resources to maintain existing calls.
In StarOS, this functionality is achieved through congestion-control threshold Global Configuration mode CLI
commands. These commands monitor a variety of parameters that indicate whether the system has gone into overload.
Parameters that can be monitored for congestion include (but are not limited to):
commands. These commands monitor a variety of parameters that indicate whether the system has gone into overload.
Parameters that can be monitored for congestion include (but are not limited to):
congestion-control threshold license-utilization percent – percentage of maximum number of licensed sessions
congestion-control threshold max-sessions-per-service-utilization percent – percentage of maximum
subscriber sessions (congestion-control threshold per-service-service percent command)
congestion-control threshold message-queue-utilization percent – percentage of message queue utilization
(congestion-control threshold message-queue-utilization percent command)
congestion-control threshold message-queue-wait-time time – wait time in seconds
congestion-control threshold port-rx-utilization percent – average percentage of receive port utilization
congestion-control threshold port-specific { slot/port | all } – percentage of utilization for a specific port
congestion-control threshold port-specific-rx-utilization percent – percentage of receive utilization for a
specific port
congestion-control threshold port-specific-tx-utilization percent – transmit utilization for a specific port
congestion-control threshold port-tx-utilization percent – average percentage of port transmit utilization
congestion-control threshold service-control-cpu-utilization percent – average percentage of CPU utilization
for service control
congestion-control threshold system-cpu-utilization percent – average percentage of system CPU utilization
congestion-control threshold system-memory-utilization percent – average percentage of CPU memory
utilization
Refer to the Command Line Interface Reference for a complete description of these commands and their keywords.