This test checks that the flooding limitation for unicast is working correctly in the network. To protect the network from loops in customer equipment and from malicious DoS attacks, a limit should be imposed on the rate of unicast traffic from an individual customer port. Such a limit needs to be enforced before the traffic reaches the ISP.
- Malicious sends UDP unicast traffic to specific MAC addresses at a rate twice as high as the unicast flooding limit expected to be in place.
- The rate of the received traffic at the ISP is above the expected limit.
This test conforms to SEC Access Certification ID "SEC-CM-NP-1".
- Malicious Customer: A customer interface performing malicious actions.
- ISP: A central node on a trusted port. The test requires that the ISP Test Agent reside in the same Layer 2 network as customers.
- Expected rate limitation (Mbit/s): Rate limit in Mbit/s expected to be imposed on unicast traffic from an individual customer. Default: 1 Mbit/s.
- Expected packets/second limitation: Rate limit in packets/s expected to be imposed on unicast traffic from an individual customer. Default: 100 packets/s.