CPS average for DDos protection configuration

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

CPS average for DDos protection configuration

L2 Linker

Hello Team,

 

I have a problem with the choice of CPS average value. When i made the command show session info which parameter I have to consider to calculate my CPS rate average ? Number of allocated sessions or packet rate or New connection establish rate.

 

Number of sessions supported:                    196606
        Number of allocated sessions:             28883
        Number of active TCP sessions:          13509
        Number of active UDP sessions:          14892
        Number of active ICMP sessions:         480
        Number of active GTPc sessions:         0
        Number of active GTPu sessions:         0
        Number of pending GTPu sessions                0
        Number of active BCAST sessions:                 0
        Number of active MCAST sessions:                 0
        Number of active predict sessions:               48
        Number of active SCTP sessions:                  0
        Number of active SCTP associations:              0
        Session table utilization:                       14%
        Number of sessions created since bootup:         1841876180
        Packet rate:                                      38578/s
        Throughput:                                      214833 kbps
        New connection establish rate:    366 cps

 

Thank you in advance.

6 REPLIES 6

Community Team Member

Hi @Mamoudou ,

 

The following article explains how to calculate CPS:

How to measure CPS

 

Cheers,

-Kiwi.

LIVEcommunity team member, CISSP
Cheers,
Kiwi
Please help out other users and “Accept as Solution” if a post helps solve your problem !

Read more about how and why to accept solutions.

Thanks for your response.

I have already read this document but I'm still confused about which value I have to choose for DDos profile. If I made show session info which one to choose between :

Number of allocated sessions or packet rate or New connection establish rate.

 

Regards

Community Team Member

Hi @Mamoudou ,

 

For classified DoS Protection profiles, measure the average and peak CPS of the individual devices you want to protect.

 

New connection establish rate: 366 cps

 

Cheers,

-Kiwi.

 

 

 
LIVEcommunity team member, CISSP
Cheers,
Kiwi
Please help out other users and “Accept as Solution” if a post helps solve your problem !

Read more about how and why to accept solutions.

Hello,

 

Thank you for your response.

 

We want to use aggregate DoS Protection profiles what about this ?

If I get you I have to measure the average of "New connection establish rate" ?

 

Kind regards

Community Team Member

Hi @Mamoudou ,

 

For aggregate DoS Protection profiles, measure the combined average and peak CPS for each group of devices you want to protect.

Source: CPS Measurements to Take

 

Cheers,

-Kiwi.

 

 
LIVEcommunity team member, CISSP
Cheers,
Kiwi
Please help out other users and “Accept as Solution” if a post helps solve your problem !

Read more about how and why to accept solutions.

Ok great.

My last question is :

Should measure average with New connection establish rate: 366 cps ?

 

Thanks

  • 4026 Views
  • 6 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!