What is F5 Silverline's Policy on Customer-Initiated DDoS Test Attacks?


  • DDoS Volume metric attacks? 


NOTE: This refers to customer-initiated tests.

For Silverline-initiated tests see How To: Schedule Silverline-Initiated DDoS Test



  • Silverline DDoS
  • GRE Tunnels


  1. This policy document augments the posted F5 Silverline Acceptable Use Policy (AUP), located as document 49604758 via
  2. The intend of the AUP is to prevent customers from performing actions which may interfere with the stability or Silverline services, security compliance of Silverline services, or adherence to applicable law by F5 Networks (F5).
  3. Given the nature of the services provided by F5 via the Silverline managed services, it is understood that specific clarifications of the AUP are required for customers to assess the efficacy of the provided security services. This document is intended to provide additional clarification and processes for customers to test Silverline security services.
  • Acceptable Testing:
    • Customers may initiate and perform, at their own effort and expense, the following Silverline security service testing:

      • Distributed Denial of Service (DDoS) testing against Internet Protocol (IP) network addresses or subnets which are owned or authorized in writing for use by the customer.

      • DDoS testing against the IP address provided by F5 Silverline for proxy services for the customer as identified by the IP address or DNS name configured within the Silverline customer portal.
      • DDoS testing sourced from IP address space owned by the customer.
    • The subnet to be included in the DDoS testing may not be larger than prefix /30.

    • DDoS testing may not exceed the 10 Gbps of traffics/capacity.
  •  Unacceptable Testing:
    • Customers may not perform DDoS against any F5 managed IP address or application outside of the scope of those configured for their customer account

      • For the avoidance of doubt, this includes the F5 Silverline IP address space not allocated or provisioned for the customer and the Silverline customer web-portal.

    • DDoS testing sourced from IP address ranges not owned by the customer or customer's attack vendor ("spoofed" packets) is strictly forbidden.

  • Notification Policy:

    • Customers are not expected to notify the SOC about any DDoS test they intend to execute if they intended to test the SOC's standard response to a DDoS Attack.
    • An exception to this policy is applicable if SOC resources are required as part of the test attack planned activities, such as joining a bridge during the test or providing specific custom reports at the conclusion of the test. If specific SOC participation is required, we request that: 
      • Customers notify the SOC via email to or by phone, 24-48 hrs prior the planned test attack and provide the following details:
              • Date of Test
              • Time of Test (including time zone),
              • Duration of the Test,
              • The specific actions the SOC is expected to execute during the test, for example, there are critical application the customer wants to protect during the DDoS testing and SOC needs to ensure their applications remain available.
              • The criteria to declare the DDoS test as a success. 

Please note:

Due to the nature of DDoS mitigation, during a DDoS attack or simulation, a minimal percentage of legitimate traffic may be impacted by the mitigation. Mitigations are tuned to reduce this as much as possible.


F5 reserves the right:

To request that any pre-scheduled customer activities, including DDoS testing, be adjusted to accommodate F5 Networks scheduled changes, maintenance, or other planned or unplanned activities. In this event, F5 Networks will make a reasonable effort to communicate the request to modify scheduled testing to our customer as soon as possible.


Related Content

Was this article helpful?
1 out of 1 found this helpful
Have more questions? Submit a request