Denial of Service (DoS) Calculations
DoS provisioning is accomplished in the media-manager configuration mode. Three new parameters supported in VM Edition define DoS thresholds.
- max-trusted-packet-rate specifies the maximum trusted packet rate in packets/second
- max-untrusted-packet-rate specifies the maximum untrusted packet rate in packets/second
- max-arp-packet-rate specifies the maximum ARP packet rate in packets/second
While the configured rate is expressed as packets/second, the actual rate is measured as packets/millisecond. The following illustration shows configured rates and actual rates.
Configured Actual Rate Rate max-trusted-packet-rate 3200 pkts/sec 3 pkts/ms max-untrusted-packet-rate 1700 pkts/sec 1 pkt/ms max-arp-packet-rate 1200 pkts/sec 1 pkt/ms
Displays for show commands, such as show datapath DOS settings, report the millisecond-based actual rate, leading to the apparent discrepancy between the configured rate and the displayed rate as shown in the following illustration.
Configured Actual Displayed Rate Rate Rate max-trusted-packet-rate 3200 pkts/sec 3 pkts/ms 3000 pkts/sec max-untrusted-packet-rate 1700 pkts/sec 1 pkt/ms 1000 pkts/sec