Broadcast loop detection

This test checks that a switch detects loops in customer equipment and disables the looping port. If such a port is not disabled, the loop will consume resources in the network.

Loops of the following types need detecting:

  • Loop in customer home/CPE: A customer has bridged two ports together in equipment at home, creating a forwarding loop.
  • Loop between two ports in the same access switch: Two customers have connected their networks by a cable.
  • Loop between two ports in different access switches: Two customers have connected their networks by a cable.

Impact: DoS

Test process

  • Malicious creates a loop mirroring all incoming packets.

Fail criteria

  • Malicious can answer incoming requests 20 seconds after the loop was created.
  • Customer cannot answer an incoming request.

Reference

This test conforms to SEC Access Certification ID "SEC-CM-LD-1".

Parameters

General

  • Malicious Customer: A customer interface performing malicious actions.
  • Customer: One or more customers that Malicious will affect.
  • ISP: A central node on a trusted port.

Advanced

  • Source UDP port: Source UDP port for traffic sent from ISP to customers. Range: 1 ... 65535. Default: 41234.
  • Destination UDP port: Destination UDP port for traffic sent from ISP to customers. Range: 1 ... 65535. Default: 24567.
Have more questions? Submit a request

Comments

Powered by Zendesk