Rate-limiting BCOP?

Mark Tinka mark.tinka at seacom.mu
Sun May 24 20:06:26 UTC 2020


On 24/May/20 15:55, Tarko Tikan wrote:

>
> DDoS can be a problem in this scenario. Assuming the PEs have plenty
> of capacity available and you can afford DDoS to reach PE, then you
> would shape to customer contract speed, drop the DDoS traffic and
> would not congest your access device uplink.

That is one advantage of policing at the switch port, yes. But that
would be to manage traffic coming in from the customer.

If the attack traffic is coming from the Internet (toward the customer),
then policing on the router saves the router-switch trunk.

Either way, over-sizing router-switch trunks is always best.

Mark.




More information about the NANOG mailing list