================================================================ MVPS / Coherence-BFD vs. 10 Mpps volumetric DDoS Simulation date: 2026-05-22 01:35:32 ================================================================ TOPOLOGY Vantages 10,000 Regions 8 Vantages per region 1,250 Coherence dim (d) 6 Control tick (T_tick) 50 ms M-multiplier 3 Alarm threshold (D²) 30.0 ATTACK Type Volumetric DDoS Rate 10,000,000 pps (10 Mpps) Target Region 3 (1,250 vantages) Duration ticks 200..480 = 14.0 s CONTROL PLANE LOAD (telemetry, not attack) Telemetry PPS 200,000 pps Packet size 116 bytes Aggregate bandwidth 23.20 MB/s Regime classification C (manual IRQ pinning required, per §15.3) Broker availability (min) 99.0 % Broker status seen ['REGIME_C_TUNED'] DETECTION OUTCOME Detection latency 100 ms (after attack onset) Lower bound (M·T_tick) 150 ms Achieved / bound ratio 0.67x ATTRIBUTION (R_cross) Argmax-region accuracy 100.0 % Wrong-region windows 0 / 275 Conclusion Attack geographically localised to region 3. CONCLUSION 1. Broker does NOT die from DDoS — telemetry plane is separate. 2. Broker survives its OWN legitimate load (200 kpps) under Regime C tuning. 3. DDoS deforms coherence surface in 100 ms. 4. R_cross localises the attack to its source region with 100% accuracy. 5. MVPS is a DDoS detector, not a DDoS victim, when control plane is properly segmented (out-of-band management network). WHEN MVPS *WOULD* BE AT RISK - If broker and vantages share the same NIC as user traffic (bad design) - If telemetry runs over the same VLAN as the data plane (bad design) - If broker is in Regime D (>1 Mpps telemetry) without DPDK/AF_XDP - If attacker compromises >3 of the 8 cells (Byzantine breakdown, Theorem 7: breakdown bound = floor((k-1)/2) = 3)