24 May
2020
24 May
'20
3:13 p.m.
On Sun, 24 May 2020 at 16:58, Tarko Tikan <tarko@lanparty.ee> wrote:
DDoS can be a problem in this scenario. Assuming the PEs have plenty of capacity available and you can afford DDoS to reach PE, then you would shape to customer contract speed, drop the DDoS traffic and would not congest your access device uplink.
Provided you are using a strictly egress queueing platform, which OP's ASR9k is not, its ingress NPU will drop packets, causing all customers sharing the physical interface to suffer. -- ++ytti