Few questions. Hope someone can help.
Let's say I have an incoming DDOS attack and I with bgp flowspec create a rule to rate-limit all udp from any to 184.108.40.206.
Where in the packet flow would this rate-limit occur? For example is it ingress on all interfaces or is it only egress on the interface towards 220.127.116.11?
Would the rate-limit occur after ingress sampling? (Will my flow collector see the traffic pre/post rate-limit)
if You configured ingress interface sampling, then flowspec filters are executed AFTER such sampling.
If You configured egress interface sampling, then flowspec filters are executed BEFORE such sampling.
Awesome thanks. It's ingress sampling so then all will work as expected 🙂