Flooding limitation for broadcast

This test checks that the flooding limitation for broadcast is working correctly in the network. To protect the network from loops in customer equipment, a limit should be imposed on the rate of broadcast traffic from an individual customer port. Such a limit needs to be enforced before the traffic reaches the ISP.

Impact: DoS

Test process

  • Malicious sends ARP broadcasts at a rate twice as high as the broadcast flooding limit expected to be in place.

Fail criteria

  • The rate of the received traffic at the ISP is above the expected limit.

References

This test conforms to SEC Access Certification ID "SEC-CM-NP-1" and to SAVI RFC 6959 section 3.1.2.

Parameters

General

  • Malicious Customer: A customer interface performing malicious actions.
  • ISP: A central node on a trusted port. The test requires that the ISP Test Agent reside in the same Layer 2 network as customers.
  • Expected rate limitation (Mbit/s): Rate limit in Mbit/s expected to be imposed on broadcast traffic from an individual customer. Default: 1 Mbit/s.
  • Expected packets/second limitation: Rate limit in packets/s expected to be imposed on broadcast traffic from an individual customer. Default: 100 packets/s.
Have more questions? Submit a request

Comments

Powered by Zendesk