Baseline CPS Measurements for Setting Flood Thresholds

Taking baseline measurements of average and peak CPS for each zone helps define reasonable thresholds to prevent floods without unnecessarily throttling traffic.
Flood protection thresholds determine the number of new connections-per-second (CPS) to allow for a zone (Zone Protection profile), for a group of devices in a zone (aggregate DoS Protection policy), or for individual devices in a zone (classified DoS Protection policy), when to throttle new connections to begin mitigating a potential flood attack, and when to drop all new connections. The default Zone Protection profile and DoS Protection profile flood protection thresholds aren’t appropriate for most networks because each network is unique. You need to understand the aggregate normal and peak CPS for each zone to set effective Zone Protection profile thresholds, and for the individual critical systems you want to defend to set effective DoS Protection profile thresholds that don’t inadvertently set thresholds too high and allow flood attacks or set thresholds too low and throttle traffic.

Related Documentation