Egress filters dropping traffic
Saku Ytti
saku at ytti.fi
Mon Jul 1 07:24:40 UTC 2013
On (2013-06-30 22:04 +0530), Glen Kent wrote:
> Under what scenarios do providers install egress ACLs which could say for
> eg.
>
> 1. Allow all IP traffic out on an interface foo if its coming from source
> IP x.x.x.x/y
> 2. Drop all other IP traffic out on this interface.
Question seems to be 'when do you need to drop packets', I'm sure 10
different people would give 10 different use-cases.
One use-case for this particular ACL is that the interface is used for MGMT
only, so you allow NMS network and drop everything else.
--
++ytti
More information about the NANOG
mailing list