Customer-facing ACLs

Tim Sanderson tims at donet.com
Fri Mar 7 20:48:23 UTC 2008


We also use ingress bogon ACLs at our borders.

--
Tim Sanderson, network administrator
tims at donet.com


-----Original Message-----
From: owner-nanog at merit.edu [mailto:owner-nanog at merit.edu] On Behalf Of Justin Shore
Sent: Friday, March 07, 2008 3:20 PM
To: Valdis.Kletnieks at vt.edu
Cc: NANOG
Subject: Re: Customer-facing ACLs


Valdis.Kletnieks at vt.edu wrote:
> On Fri, 07 Mar 2008 13:55:05 CST, Justin Shore said:
>
>> I'm assuming everyone uses uRPF at all their edges already so that
>> eliminates the need for specific ACEs with ingress/egress network
>> verification checks.
>
> You're new here, aren't you? :)

Hopefully optimistic.  Don't bum me out going into a weekend...  :-)

 From the looks of my ingress BOGON ACLs on my borders (yes, I'm using
ACLs and not null routes for a reason) I'd most people not reading NANOG
(and maybe even some of them!) are not doing any ingress filtering on
their customer source IPs.  Sad....

Justin



More information about the NANOG mailing list