If we were to connect two switches together using LACP (with 2 X 1Gbe ports on each side), does this mean that the max speed that a single MAC address will ever reach is 1Gb?
So for example, if a single MAC address decided to "abuse" the link (e.g. DoS attack) and saturate their connection, does this mean that their traffic will only ever flow down a single link, leaving the other MACs free to travel down the other?
Thanks
Yes, and no.
In the "usual" modes for LACP aggregation, which link a particular packet will flow down is determined entirely by either the source or dest MAC (or both, if hashed). So you are correct in saying that the most traffic that a single MAC address (or src+dest pair) can do is the speed of a single one of your links.
However, if a link is congested, traffic that would have used that link otherwise will still use it. This means that any other traffic that hashes out to use that link will also be caught in the congestion. This can cause some really weird diagnostic problems, where one person's pinging away happily (because they're on a MAC that gets sent down the empty link) while their colleague is getting poor RTTs and dropped packets. Fun for the whole NOC.