Call Admission Control

Call Admission Control (CAC) is a network management technique used in telecommunications networks to ensure the quality of service (QoS) for real-time communication sessions, such as voice and video calls. CAC helps prevent network congestion and overload by regulating the admission of new communication sessions based on available network resources and predefined quality parameters.

The primary goal of Call Admission Control is to maintain acceptable levels of network performance and QoS by preventing the addition of new communication sessions that could potentially degrade the quality of existing sessions or exceed the capacity of network resources. CAC typically considers factors such as available bandwidth, network latency, packet loss, and jitter to determine whether a new communication session can be admitted without compromising QoS for existing sessions.

CAC mechanisms vary depending on the type of network and the specific requirements of the application. Some common CAC techniques include:

1. **Bandwidth-based CAC**: This approach restricts the admission of new communication sessions based on the available bandwidth of the network link. If the requested bandwidth for a new session exceeds the available bandwidth, the session may be denied admission or subjected to lower priority.

2. **Resource-based CAC**: Resource-based CAC considers various network resources, such as CPU utilization, memory, and available ports, to determine whether the network can accommodate additional communication sessions without exceeding resource limits.

3. **Quality-based CAC**: Quality-based CAC focuses on maintaining specific QoS metrics, such as latency, packet loss, and jitter, within predefined thresholds. New communication sessions are admitted only if they meet the required QoS criteria and are unlikely to degrade the QoS of existing sessions.

4. **Adaptive CAC**: Adaptive CAC dynamically adjusts admission decisions based on real-time changes in network conditions, such as fluctuations in traffic load or network congestion. It continuously monitors network performance and adjusts admission policies to optimize resource utilization and maintain QoS.

Call Admission Control is particularly important in networks that support real-time communication services, such as Voice over IP (VoIP), video conferencing, and multimedia streaming, where maintaining consistent QoS is essential for user satisfaction and application performance. By effectively managing network resources and controlling the admission of new communication sessions, CAC helps ensure reliable and high-quality communication experiences for users.

To avoid
- TCP syn flood attack
- DDos attack

In case of ike phase1
CAC protects:
- In-negotiation limit
- SA limit

How many session we can have on any device at any given point of time.

In our topology internet is R5
on R2 :
ping 10.1.1.1 source g2/0
ping 10.3.3.3 source g2/0
ping 10.4.4.4 source g2/0
show history

show crypto isakmp sa
On R5 we have 5 active ike phase1 sa tunnel

show crypto call admission statistics
by default max in negotiation is 1000

conf t
crypto call admission limit ike sa 2
crypto call admission limit ike in-negotiation-sa 10

show crypto call admission statistics

show crypto isakmp sa

R1: create additional sa
int s1/0
shutdown
clear crypto isakmp

Do same on each router
Bring interfaces once again on all routers

R2 :
show crypto isakmp sa

show ip route eigrp

ping 10.1.1.1 source 10.2.2.2

ping 10.4.4.4 source 10.2.2.2

show crypto isakmp sa
show crypto all admission statistics
1 ike request will be rejected