Egress filters dropping traffic

• Previous message (by thread): Egress filters dropping traffic
• Next message (by thread): Egress filters dropping traffic
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

I usually do ingress acl on CE facing PE interfaces , that way I can provide one level of anti spoofing on IPs "I control" . I've not had the need for an egress ACL yet but then again I think it depends on network design and habits from Day 1.

One use case though may be to mitigate DDOS attack on a customer facing  link.

Sent from my iPhone

On Jun 30, 2013, at 5:34 PM, Glen Kent <glen.kent at gmail.com> wrote:

> Hi,
> 
> Under what scenarios do providers install egress ACLs which could say for
> eg.
> 
> 1. Allow all IP traffic out on an interface foo if its coming from source
> IP x.x.x.x/y
> 2. Drop all other IP traffic out on this interface.
> 
> Glen

• Previous message (by thread): Egress filters dropping traffic
• Next message (by thread): Egress filters dropping traffic
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]