On Sun, 24 May 2020 at 16:58, Tarko Tikan <[email protected]> wrote: > DDoS can be a problem in this scenario. Assuming the PEs have plenty of > capacity available and you can afford DDoS to reach PE, then you would > shape to customer contract speed, drop the DDoS traffic and would not > congest your access device uplink.
Provided you are using a strictly egress queueing platform, which OP's ASR9k is not, its ingress NPU will drop packets, causing all customers sharing the physical interface to suffer. -- ++ytti
