As to the testing of inbound scenarios, I, too, don’t know exactly how you could do that. Generating a flood of INVITEs is relatively trivial given some of the tools out there, but getting it to originate from a wide range of IP addresses to simulate such a scenario would be the challenge. (It’s almost like someone needs to run a “white hat” botnet out there for testing these type of scenarios… but of course keeping such a botnet from being used for malicious purposes would be the added challenge.)

Thanks for your comments, Dan

You should probably expand your inbound scenarios. Using the Virginia Tech example, what did their call profile look like on the day of the shootings? What about natural disasters? In the TDM world, these are traffic engineering issues but in the IP world they look like (and are to some extent) DDOS attacks. While traffic will need to be shaped, but a generic DDOS response would not be appropriate.

I also worry about testing the inbound scenario. We do periodic testing of our outbound emergency broadcast systems so we have a reasonable assurance they will perform when we need them (of course, no assurances that we won’t get blocked if we send several in one day). But, how do you test your enterprise system for this flood of INVITES? And how you test your ISP(s) to be sure they do not treat the calls like a DDOS attack?