Distributed Denial of Service (DDoS) information is extended to a network Path Computation Element (PCE). The PCE uses a network function Segment Identifier (SID), referred to herein as a DDoS SID, imposed on the edge routers by the PCE, to identify potentially suspicious DDoS traffic. The DDoS SID is used in Segment Routing (SR) routers to direct suspicious traffic to nearby or specially optimized DDoS scrubbing engines so that traffic may be cleaned. Other traffic flows proceed unchanged through the network.

Creative Commons License

Creative Commons License
This work is licensed under a Creative Commons Attribution 4.0 License.