Customer-facing ACLs
Tim Sanderson
tims at donet.com
Fri Mar 7 20:48:23 UTC 2008
We also use ingress bogon ACLs at our borders.
--
Tim Sanderson, network administrator
tims at donet.com
-----Original Message-----
From: owner-nanog at merit.edu [mailto:owner-nanog at merit.edu] On Behalf Of Justin Shore
Sent: Friday, March 07, 2008 3:20 PM
To: Valdis.Kletnieks at vt.edu
Cc: NANOG
Subject: Re: Customer-facing ACLs
Valdis.Kletnieks at vt.edu wrote:
> On Fri, 07 Mar 2008 13:55:05 CST, Justin Shore said:
>
>> I'm assuming everyone uses uRPF at all their edges already so that
>> eliminates the need for specific ACEs with ingress/egress network
>> verification checks.
>
> You're new here, aren't you? :)
Hopefully optimistic. Don't bum me out going into a weekend... :-)
From the looks of my ingress BOGON ACLs on my borders (yes, I'm using
ACLs and not null routes for a reason) I'd most people not reading NANOG
(and maybe even some of them!) are not doing any ingress filtering on
their customer source IPs. Sad....
Justin
More information about the NANOG
mailing list