Cisco Cisco Packet Data Gateway (PDG) Dépliant
Access Control
▀ IKE Call Admission Control
▄ Cisco StarOS IP Security (IPSec) Reference
148
IKE Call Admission Control
Call Admission Control (CAC) rate limits new IKE calls whenever a security gateway (SeGW) is experiencing an
overload. If the SeGW receives more IKE_SA_INIT requests than it can handle, already established tunnels could be
affected as system resources, such as CPU, Message Queue etc., would be utilized to handle the new calls. The SeGW
may be unable to process the Dead Peer Detections (DPDs) of existing tunnels on time, leading to their tear-off. Rate
limiting preserves enough system resources to maintain existing calls.
overload. If the SeGW receives more IKE_SA_INIT requests than it can handle, already established tunnels could be
affected as system resources, such as CPU, Message Queue etc., would be utilized to handle the new calls. The SeGW
may be unable to process the Dead Peer Detections (DPDs) of existing tunnels on time, leading to their tear-off. Rate
limiting preserves enough system resources to maintain existing calls.
In StarOs, this functionality is achieved through congestion-control threshold Global Configuration mode CLI
commands. These commands monitor a variety of parameters that indicate whether the system has gone into overload.
Parameters that can be monitored for congestion include (but are not limited to):
commands. These commands monitor a variety of parameters that indicate whether the system has gone into overload.
Parameters that can be monitored for congestion include (but are not limited to):
congestion-control threshold license-utilization <percent> – percentage of maximum number of licensed
sessions
congestion-control threshold max-sessions-per-service-utilization <percent> – percentage of maximum
subscriber sessions (congestion-control threshold per-service-<service> <percent> command)
congestion-control threshold message-queue-utilization <percent> – percentage of message queue utilization
(congestion-control threshold message-queue-utilization <percent> command)
congestion-control threshold message-queue-wait-time <time> – wait time in seconds
congestion-control threshold port-rx-utilization <percent> – average percentage of receive port utilization
congestion-control threshold port-specific { <slot/port> | all } – percentage of utilization for a specific port
congestion-control threshold port-specific-rx-utilization <percent> – percentage of receive utilization for a
specific port
congestion-control threshold port-specific-tx-utilization <percent> – transmit utilization for a specific port
congestion-control threshold port-tx-utilization <percent> – average percentage of port transmit utilization
congestion-control threshold service-control-cpu-utilization <percent> – average percentage of CPU
utilization for service control
congestion-control threshold system-cpu-utilization <percent> – average percentage of system CPU
utilization
congestion-control threshold system-memory-utilization <percent> – average percentage of CPU memory
utilization
Refer to the Command Line Interface Reference for a complete description of these commands and their keywords.