Limiting Sessions

Limiting sessions globally or by application prevents denial of service and improves system performance.

Session Limit Configuration for All Session Types

The combined maximum number of sessions for all session types is 150. Define the maximum number of sessions during global configuration by answering the following create_config.info question: Global:How many active sessions are allowed per device?
Important: MATRIXX Support recommends the default session limit (25) for most use cases because this limit provides good protection to prevent system overload.

Session Limit Configuration for Individual Session Types

You can configure individual limits for each of the following session types:
  • Charging Sessions (Gy for Diameter or Nchf_ConvergedCharging (N40) for 5G)
  • Policy Sessions (Sy/Gx for Diameter or Nchf_SpendingLimitControl (N28) for 5G)
  • Application Sessions (Rx)
  • TCAP Sessions
Answer the following create_config.info questions during global configuration to set individual limits for each session type:
  • Global:How many active charging sessions are allowed per device? (default = 15, maximum = 100)
  • Global:How many active policy sessions are allowed per device? (default= 5, maximum = 50)
  • Global:How many active application sessions are allowed per device? (default = 10, maximum = 75)
  • Global:How many active tcap sessions are allowed per device? (default = 5, maximum = 50)
Note: If the sum of these four limits is less than the global limit for all session types, a warning is generated in the log file because the maximum number of sessions for all session types cannot be reached. It is alright if the sum of the four different limits is more than the global limit for all session types.

Session Messages

When MATRIXX Engine gets a network task that requires the creation of a new session (such as a policy session), it checks the number of current active sessions of that type and if the limit has been reached, session creation fails.
Note: You can enable session recycling and lockout to delete the oldest session for a specific interface session to create a new session when a limit is reached. For more information, see the discussion about recycling sessions and lockout.
If an event results in the attempt to create more sessions than are allowed by the configuration, the following errors are returned:
  • Total for all session types: TOTAL_SESSION_LIMIT_REACHED
  • Per session type:
    • APPLICATION_SESSION_LIMIT_REACHED
    • POLICY_SESSION_LIMIT_REACHED
    • CHARGING_SESSION_LIMIT_REACHED
    • TCAP_SESSION_LIMIT_REACHED
The maximum number of sessions and the number of sessions per session type are logged. For example:
Exceeded the maximum number of active sessions (10) on device with OID: 0:1:5:5.
PolicySy = 1
PolicyGx = 0 
Charging = 7
Application = 2
Tcap = 0 
Repository = 0

Result Codes

If a session limit has been reached when MATRIXX Engine attempts to create a new session (for individual session limits and all session limits per device), it responds based on the answer to the following create_config.info questions:
  • Diameter / 5G — Should the same DIAMETER result code for DIAMETER messages which have been rejected because they have been in the MATRIXX system too long also be used as the result code when the number of sessions on a device exceeds the configured maximum (y/n)?
  • TCAP — Should the response when the number of TCAP sessions on a device exceeds the configured maximum use the same configured behavior as for CAMEL messages which have been rejected because they have been in the MATRIXX system too long (y/n)?
Important: The default for both questions is y (use the same response). MATRIXX Support recommends that you answer n to these questions so that the response for exceeding the configured maximum number of sessions is different than the response for time-to-live responses.
If you answer n to the these questions, you can configure if a response is sent and customize the response by answering the following questions:
  • Diameter / 5G — What is the DIAMETER result code for DIAMETER messages which have been rejected because the number of sessions on a device has exceeded the configured maximum?
    • 0 — Do not send a response.
    • Greater than 0 — The response is the number. For example: 4010 (END_USER_SERVICE_DENIED), 3004 (TOO_BUSY), or 3002 (UNABLE_TO_DELIVER).
  • TCAP — Should there be a response to CAMEL messages which have been rejected because the number of TCAP sessions has reached the configured maximum (y/n)?

    When set to y, CAMEL Gateway responds with a message.

For information about the time-to-live create_config.info questions, see the discussions about Diameter protocol configuration parameters and CAMEL Gateway configuration.

For information about 5G denial codes, see the discussion about 5G denial codes in MATRIXX Monitoring and Logging. For information about Diameter result codes, see the discussion about Diameter result codes in MATRIXX Diameter Integration.