Egress filters dropping traffic

• Next message (by thread): /25's prefixes announced into global routing table?
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On (2013-06-30 22:04 +0530), Glen Kent wrote:

> Under what scenarios do providers install egress ACLs which could say for
> eg.
> 
> 1. Allow all IP traffic out on an interface foo if its coming from source
> IP x.x.x.x/y
> 2. Drop all other IP traffic out on this interface.

Question seems to be 'when do you need to drop packets', I'm sure 10
different people would give 10 different use-cases.

One use-case for this particular ACL is that the interface is used for MGMT
only, so you allow NMS network and drop everything else.

-- 
  ++ytti

• Next message (by thread): /25's prefixes announced into global routing table?
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]