Colocation providers and ACL requests

Jack Bates jbates at brightok.net
Tue Nov 1 20:19:39 UTC 2011


On 11/1/2011 1:22 PM, Kevin Loch wrote:
> Christopher Pilkington wrote:
>> Is it common in the industry for a colocation provider, when requested
>> to put an egress ACL facing us such as:
>>
>> deny udp any a.b.c.d/24 eq 80
>>
>> …to refuse and tell us we must subscribe to their managed DDOS product?
>
> We have always accommodated temporary ACL's for active DDOS attacks. I
> think that is fairly standard across the ISP/hosting industry.
>
> I do feel it is bad practice to regularly implement customer specific
> ACL's on routers. If a customer wants a managed firewall we have a
> full range of those services available.
>

And Managed DDOS products better be a LOT more than an ACL. If I'm going 
to pay someone to manage DDOS, they will scrub the traffic and let all 
my legitimate traffic through. That's what I'm paying for. null routing 
an IP or a simple acl isn't worth paying a dime for.


Jack




More information about the NANOG mailing list