(the reply is maybe a bit too detailed, but hey, now you'll know how it works
)
I have built a flood detection / protection mechanism that works in hardware on our switch. When a packet flood is detected, it will start dropping packets that exceed the rate limit, so the game server will never be overwhelmed. BUT, it also then adds all client IP addresses to a whitelist that has no rate limit, ensuring that connected clients can continue to play without any issue. Insim connections are however not included in this whitelist. Maybe I should.
Currently the policer rule is this:
policer gameserver-policer {
if-exceeding {
bandwidth-limit 5m;
burst-size-limit 25k;
}
then discard;
}
This is applied only to incoming traffic, so the 5mbit of incoming traffic is really never reached under normal circumstances.
The burst size is what's triggering the anti-ddos in your case, as probably you're sending a lot of packets to the game server in a very short time span.
As a test, I have raised the burst value to 50k. Please do your thing and let's see if your tests still trigger the protection. I'll be keeping an eye on this.
