Egress filters dropping traffic

Saku Ytti saku at
Mon Jul 1 07:24:40 UTC 2013

On (2013-06-30 22:04 +0530), Glen Kent wrote:

> Under what scenarios do providers install egress ACLs which could say for
> eg.
> 1. Allow all IP traffic out on an interface foo if its coming from source
> IP x.x.x.x/y
> 2. Drop all other IP traffic out on this interface.

Question seems to be 'when do you need to drop packets', I'm sure 10
different people would give 10 different use-cases.

One use-case for this particular ACL is that the interface is used for MGMT
only, so you allow NMS network and drop everything else.


More information about the NANOG mailing list