Access Lists
John Navitsky
john at serv.net
Thu Mar 26 23:10:01 UTC 1998
On Thu, 26 Mar 1998 17:33:10 -0500, "Martin, Christian"
<CMartin at mercury.balink.com> wrote:
[...]
> I am very willing to help my
>customers, but there is a tradeoff in terms of what it costs me. If it
>is a good customer, or more importantly, a big one, then I will write a
>200 line access list, no problem! But say I implement this type of
>service for a few customers, and word spreads that we are doing it, then
>everyone wants that type of service.
Well, no one said it has to be free. Cost has a way of weeding out those who
are serious about things, and of course it also helps subsidize the resource
impacts or even make them profitable.
>I suppose my biggest question was this. Has anyone got themselves into
>a hole by providing ICMP filtering on their routers to protect
>downstream customers, be it in terms of manageability, processor
>overhead, packet discarding. Also, where is the best place to do this,
>ingress, egress, or a combination? Do buffers need to be increased?
>What about queueing strategy? How does NetFlow affect access-list
>processing?
As you said, these are the interesting questions.
-john
More information about the NANOG
mailing list