nanog mailing list archives
Re: Rate-limiting BCOP?
From: Mark Tinka <mark.tinka () seacom mu>
Date: Sun, 24 May 2020 22:06:26 +0200
On 24/May/20 15:55, Tarko Tikan wrote:
DDoS can be a problem in this scenario. Assuming the PEs have plenty of capacity available and you can afford DDoS to reach PE, then you would shape to customer contract speed, drop the DDoS traffic and would not congest your access device uplink.
That is one advantage of policing at the switch port, yes. But that would be to manage traffic coming in from the customer. If the attack traffic is coming from the Internet (toward the customer), then policing on the router saves the router-switch trunk. Either way, over-sizing router-switch trunks is always best. Mark.
Current thread:
- Rate-limiting BCOP? Bryan Holloway (May 21)
- Re: Rate-limiting BCOP? Saku Ytti (May 21)
- RE: Rate-limiting BCOP? adamv0025 (May 31)
- Re: Rate-limiting BCOP? Saku Ytti (May 31)
- RE: Rate-limiting BCOP? adamv0025 (May 31)
- Re: Rate-limiting BCOP? Mark Tinka (May 24)
- Re: Rate-limiting BCOP? Tarko Tikan (May 24)
- Re: Rate-limiting BCOP? Saku Ytti (May 24)
- Re: Rate-limiting BCOP? Tarko Tikan (May 24)
- Re: Rate-limiting BCOP? Mark Tinka (May 24)
- Re: Rate-limiting BCOP? Tarko Tikan (May 24)
- Re: Rate-limiting BCOP? Saku Ytti (May 21)