Customer-facing ACLs
Justin Shore
justin at justinshore.com
Fri Mar 7 20:19:47 UTC 2008
Valdis.Kletnieks at vt.edu wrote:
> On Fri, 07 Mar 2008 13:55:05 CST, Justin Shore said:
>
>> I'm assuming everyone uses uRPF at all their edges already so that
>> eliminates the need for specific ACEs with ingress/egress network
>> verification checks.
>
> You're new here, aren't you? :)
Hopefully optimistic. Don't bum me out going into a weekend... :-)
From the looks of my ingress BOGON ACLs on my borders (yes, I'm using
ACLs and not null routes for a reason) I'd most people not reading NANOG
(and maybe even some of them!) are not doing any ingress filtering on
their customer source IPs. Sad....
Justin
More information about the NANOG
mailing list