Colocation providers and ACL requests

Mike Gatti ekim.ittag at gmail.com
Sun Oct 30 11:42:10 CDT 2011


I tend to disagree somewhat, you really have to put some context around the request and convey that to your provider. If the request is "please help me block this DDoS traffic so that I can contact the source as it's impacting my ability to do business" I think that is a reasonable request as long as it's not a permanent solution. I have worked through similar incidents in some datacenter in Northern Virginia (Sterling, Ashburn) and all of them accommodated that request at no cost.

--
Michael Gatti  
ekim.ittag at gmail.com



On Oct 27, 2011, at 8:09 PM, James Ashton wrote:

> Christopher,
> This is pretty common policy.  Not many datacenters of any size is going to act differently.  If you don't purchase this service then you will not get the service.
> 
> They may be willing work work with you on black-holing problem IPs though.  This is pretty common, but don't expect a filtering package without purchasing it.
> 
> James
> 
> ----- Original Message -----
> From: "Christopher Pilkington" <cjp at 0x1.net>
> To: "NANOG mailing list" <nanog at nanog.org>
> Sent: Tuesday, October 25, 2011 2:43:00 PM
> Subject: Colocation providers and ACL requests
> 
> Is it common in the industry for a colocation provider, when requested to put an egress ACL facing us such as:
> 
>  deny udp any a.b.c.d/24 eq 80
> 
> …to refuse and tell us we must subscribe to their managed DDOS product?
> 
> -cjp
> 
> 
> 




More information about the NANOG mailing list