Rate-limiting BCOP?

Saku Ytti saku at ytti.fi
Sun May 24 19:13:51 UTC 2020

On Sun, 24 May 2020 at 16:58, Tarko Tikan <tarko at lanparty.ee> wrote:

> DDoS can be a problem in this scenario. Assuming the PEs have plenty of
> capacity available and you can afford DDoS to reach PE, then you would
> shape to customer contract speed, drop the DDoS traffic and would not
> congest your access device uplink.

Provided you are using a strictly egress queueing platform, which OP's
ASR9k is not, its ingress NPU will drop packets, causing all customers
sharing the physical interface to suffer.


More information about the NANOG mailing list