Rate-limiting BCOP?
Saku Ytti
saku at ytti.fi
Sun May 24 19:13:51 UTC 2020
On Sun, 24 May 2020 at 16:58, Tarko Tikan <tarko at lanparty.ee> wrote:
> DDoS can be a problem in this scenario. Assuming the PEs have plenty of
> capacity available and you can afford DDoS to reach PE, then you would
> shape to customer contract speed, drop the DDoS traffic and would not
> congest your access device uplink.
Provided you are using a strictly egress queueing platform, which OP's
ASR9k is not, its ingress NPU will drop packets, causing all customers
sharing the physical interface to suffer.
--
++ytti
More information about the NANOG
mailing list