Denial of Service (DoS) Calculations

DoS provisioning is accomplished in the media-manager configuration mode. Three new parameters supported in VM Edition define DoS thresholds.

  • max-trusted-packet-rate specifies the maximum trusted packet rate in packets/second
  • max-untrusted-packet-rate specifies the maximum untrusted packet rate in packets/second
  • max-arp-packet-rate specifies the maximum ARP packet rate in packets/second

While the configured rate is expressed as packets/second, the actual rate is measured as packets/millisecond. The following illustration shows configured rates and actual rates. 

	                         Configured       Actual 
                          Rate             Rate
max-trusted-packet-rate   3200 pkts/sec    3 pkts/ms
max-untrusted-packet-rate 1700 pkts/sec    1 pkt/ms
max-arp-packet-rate       1200 pkts/sec    1 pkt/ms

Displays for show commands, such as show datapath DOS settings, report the millisecond-based actual rate, leading to the apparent discrepancy between the configured rate and the displayed rate as shown in the following illustration. 

                           Configured    Actual		  Displayed
                           Rate          Rate      Rate 
max-trusted-packet-rate    3200 pkts/sec 3 pkts/ms	3000 pkts/sec 
max-untrusted-packet-rate  1700 pkts/sec 1 pkt/ms	 1000 pkts/sec
Previous
Previous 		Next
Next
Go To Table Of Contents
Contents