Colocation providers and ACL requests
Jack Bates
jbates at brightok.net
Tue Nov 1 20:19:39 UTC 2011
On 11/1/2011 1:22 PM, Kevin Loch wrote:
> Christopher Pilkington wrote:
>> Is it common in the industry for a colocation provider, when requested
>> to put an egress ACL facing us such as:
>>
>> deny udp any a.b.c.d/24 eq 80
>>
>> …to refuse and tell us we must subscribe to their managed DDOS product?
>
> We have always accommodated temporary ACL's for active DDOS attacks. I
> think that is fairly standard across the ISP/hosting industry.
>
> I do feel it is bad practice to regularly implement customer specific
> ACL's on routers. If a customer wants a managed firewall we have a
> full range of those services available.
>
And Managed DDOS products better be a LOT more than an ACL. If I'm going
to pay someone to manage DDOS, they will scrub the traffic and let all
my legitimate traffic through. That's what I'm paying for. null routing
an IP or a simple acl isn't worth paying a dime for.
Jack
More information about the NANOG
mailing list