Moving filters from edge to core
Mike Lyon
mlyon at fitzharris.com
Mon Jul 28 07:16:22 UTC 2003
I would tend to keep the filters on the edge, for obvious reasons. Your
management would probably agree with this the first time you get attacked
coming from each of your edge routers with nothing to protect it from
happening.
You could always make a script (PERL) to go out and make the modifications
to your edge routers for you.
My $.02,
Mike
On Mon, 28 Jul 2003, Tay Chee Yong wrote:
>
> Hi all,
>
> This might be quite a stupid question. But my management is looking at
> moving the filters from the edge to the core, so as to reduce adminstration
> of apply filters on all our edge routers, and minimizing the possibility of
> non-synchronized filters at the edge.
>
> Does anyone has any advise on this? I believe all the there are many larger
> ISP in this list that have a better way to manage your filters at the edge.
>
> Would appreciate all inputs/comments.
>
> Thanks.
>
> Regards,
> Cheeyong
>
>
>
--
////////////////////////////////////////////////////
- Mike Lyon -
- Network Admin/Engineer for hire: -
- www.mikelyon.net -
- Cell: 408-621-4826 -
////////////////////////////////////////////////////
More information about the NANOG
mailing list