Colocation providers and ACL requests

PC paul4004 at
Tue Oct 25 19:07:36 UTC 2011

Why not put the ACL on your ingress side at your switch or router?

I would typically not expect a colo provider to provide this service unless
I'm paying extra for it.

The smaller they are, the more likely they are to do so to keep you happy,
but I certainly wouldn't be asking this request unless it was some 11th hour
DOS-prevention request.

Even then, they may not want to install this ACL as ultimately they should
be billing you for this UDP traffic (which this ACL, may prevent their
billing system from metering).

On Tue, Oct 25, 2011 at 12:53 PM, Christopher Pilkington <cjp at>wrote:

> On Oct 25, 2011, at 2:50 PM, Brandon Galbraith wrote:
> > On Tue, Oct 25, 2011 at 1:46 PM, Keegan Holley <
> keegan.holley at>wrote:
> >
> >> Depends on the provider.  Many just do not want to manage hundreds of
> >>
> > Conversely, some don't want to be paid for bare colocation (at bare
> > colocation prices) and have to then support 1000+ rules (yes, 1000+) with
> This is a large colo provider on the Upper West Side of Manhattan, so I
> (naively) expected more of them.  It looks like this will be their final
> nail though.
> -cjp

More information about the NANOG mailing list