Flooding limitation for unicast

This test checks that the flooding limitation for unicast is working correctly in the network. To protect the network from loops in customer equipment and from malicious DoS attacks, a limit should be imposed on the rate of unicast traffic from an individual customer port. Such a limit needs to be enforced before the traffic reaches the ISP.

Impact: DoS

Test process

  • Malicious sends UDP unicast traffic to specific MAC addresses at a rate twice as high as the unicast flooding limit expected to be in place.

Fail criteria

  • The rate of the received traffic at the ISP is above the expected limit.

References

This test conforms to SEC Access Certification ID "SEC-CM-NP-1".

Parameters

General

  • Malicious Customer: A customer interface performing malicious actions.
  • ISP: A central node on a trusted port. The test requires that the ISP Test Agent reside in the same Layer 2 network as customers.
  • Expected rate limitation (Mbit/s): Rate limit in Mbit/s expected to be imposed on unicast traffic from an individual customer. Default: 1 Mbit/s.
  • Expected packets/second limitation: Rate limit in packets/s expected to be imposed on unicast traffic from an individual customer. Default: 100 packets/s.
Have more questions? Submit a request

Comments

Powered by Zendesk