24 May
2020
24 May
'20
4:06 p.m.
On 24/May/20 15:55, Tarko Tikan wrote:
DDoS can be a problem in this scenario. Assuming the PEs have plenty of capacity available and you can afford DDoS to reach PE, then you would shape to customer contract speed, drop the DDoS traffic and would not congest your access device uplink.
That is one advantage of policing at the switch port, yes. But that would be to manage traffic coming in from the customer. If the attack traffic is coming from the Internet (toward the customer), then policing on the router saves the router-switch trunk. Either way, over-sizing router-switch trunks is always best. Mark.