Flooding limitation for multicast

This test checks that the flooding limitation for multicast is working correctly in the network. To protect the network from loops in customer equipment and from malicious DoS attacks, a limit should be imposed on the rate of multicast traffic from an individual customer port. Such a limit needs to be enforced before the traffic reaches the ISP.

Impact: DoS

Test process

  • Malicious sends IP multicast traffic at a rate twice as high as the multicast flooding limit expected to be in place.

Fail criteria

  • The rate of the received traffic at the ISP is above the expected limit.

Reference

This test conforms to SEC Access Certification ID "SEC-CM-NP-1".

Parameters

General

  • Malicious Customer: A customer interface performing malicious actions.
  • ISP: A central node on a trusted port. The test requires that the ISP Test Agent reside in the same Layer 2 network as customers.
  • Expected rate limitation (Mbit/s): Rate limit in Mbit/s expected to be imposed on multicast traffic from an individual customer. Default: 1 Mbit/s.
  • Expected packets/second limitation: Rate limit in packets/s expected to be imposed on multicast traffic from an individual customer. Default: 100 packets/s.
  • IP multicast addresses: IP multicast addresses to be tested. Default: 239.0.0.1, 224.0.0.10
Have more questions? Submit a request

Comments

Powered by Zendesk