On 2 March 2016 at 19:01, Aaron <aar...@gvtc.com> wrote: Hey,
> 1 - And if you are having volumetric-type ddos attacks filling your pipes, > then that would mean that you would/could need qos everywhere if you were > going to want "good" traffic to get through during attacks... right ? Yes configure QoS on all links which might ever be congested. > 2 - if you have links that are regularly experiencing congestion, I mean > like daily/nightly and sustained congestion for an hour or more, then is qos > really the "fix" for that ? sounds like that's a bandwidth issue. Whole premise of QoS is that not all traffic is created equal, if that is not the case, if all traffic is equal, there is no point configuring QoS. If some traffic is less important, then you'll just drop more of that traffic, in effort avoid dropping the more important traffic. For Juniper you could use DCU to provide different qos class depending on say BGP community. So perhaps you want to protect your high-margin enterprise customers during congestion, and just drop more of your residential DSL. Unfortunately realistically you cannot extend this discrimination outside your network, so if your network border itself is congested due to incoming traffic, there is nothing you can usually do. Some may think this is net neutrality issue, so you may need to be careful how you market it. -- ++ytti _______________________________________________ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp