Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2393
Views
0
Helpful
5
Replies

VCS EXCEEDING LICENSE LIMIT ERROR ???

charles cronin
Level 1
Level 1

‎09-23-2015 08:06 PM - edited ‎03-18-2019 05:01 AM

I have a VCSe running X8.5.1 with license with 10 Non Traversal and 15 Traversal call limit.

No calls are up on the system at this time and when their is it's usually one or two calls on it at any given time. 

In the last few days I have started seeing the following alarm kick in:

"Resource Limit Reached - The system has reached the limit of resources (calls/traversal calls/registrations) as given by option key(s). Note that this ticket will not be cleared automatically and must either be acknowledge or deleted. "

I restart the system to clear the alarm but after a while the alarm returns.

I do have a few neighbor zones up with other sites.

Any ideas to help isolate the cause and fix action to stop it would be appreciated .

thanks.

 

Labels:
0 Helpful
5 Replies 5

Jens Didriksen
Level 9
Level 9

‎09-23-2015 08:31 PM

Look at the call history when you see the alarm, that should give you a better idea as to what's going on as it's otherwise plain guesswork.

/jens

Please rate replies and mark question(s) as "answered" if applicable.

Please rate replies and mark question(s) as "answered" if applicable.
0 Helpful

shawnangelo
Level 1
Level 1

‎09-25-2015 09:49 AM

In my experience, this is usually due to "spam" calls from things like SIP-Vicous etc. These are scripts that scan public IP addresses for open port 5060 (SIP) and attempt to commit toll fraud.

 

Check call history and you will likely see several calls with a source address of "100@1.1.1.1", "200@1.1.1.1", "cisco", or random public IP addresses. The will likely have international destination addresses. The goal of the attacker is that the SIP gateway port 5060 that it has located is connected to the PSTN and will allow these types of calls to succeed.

 

The reason your license limit is getting hit is that these attacks happen very quickly with several dial strings and often from multiple sources, and while the VCS is searching for a match to the destination dial string, a call license is consumed.

 

My first suggestion is to implement a CPL (Call Policy List), and also well as review your search rule and registration authentication settings. The approach really depends on your environment, as certain settings can keep legitimate users from making calls if not implemented properly. However you can build a open and basic CPL based on blocking the current "spam" calls taking place and go from there.

 

You can also require that call searches are only allowed from authenticated devices (if authentication is in use strictly), and also create search rules that quickly match unknown and "spam" sources and destinations that route the cals to nowhere and fail them.

 

I for one prefer using CPL's however they can be a pain to maintain as as soon as an attacker changes their source from "200@1.1.1.1" to "300@2.2.2.2" another rule will need to be added. In my experience however, this does not happen often enough to be a concern.

 

If you need help building a CPL please share your search history and I can help out.

0 Helpful

shawnangelo
Level 1
Level 1
In response to shawnangelo

‎10-02-2015 03:03 PM

Did the information in this thread help resolve your situation?

0 Helpful

charles cronin
Level 1
Level 1
In response to shawnangelo

‎10-08-2015 06:37 AM

Sorry for delay... crazy busy... I will get you a screen shot ... Appreciate the offer to assist in the CPL ....

VR

Chet

0 Helpful

shawnangelo
Level 1
Level 1
In response to charles cronin

‎10-13-2015 10:41 AM

No worries!

0 Helpful
Customers Also Viewed These Support Documents