Managing ACL exceptions (was Re: Filter NTP traffic by packet size?)
Jay Ashworth
jra at baylink.com
Fri Feb 28 16:09:09 UTC 2014
----- Original Message -----
> From: "Ray Soucy" <rps at maine.edu>
> When I was looking at the website before I didn't really see any
> mention of uRPF, just the use of ACLs, maybe I missed it, but it's not
> encouraging if I can't spot it quickly. I just tried a search and the
> only thing that popped up was a how-to for a Cisco 7600 VXR.
Well, I do mention it, right there on the home page:
"""
BCP38 filtering to block these packets is most easily handled right at the very edge of the Internet: where customer links terminate in the first piece of provider 'aggregation' gear, like a router, DSLAM, or CMTS. Much to most of this gear already has a 'knob' which can be turned on, which simply drops these packets on the floor as they come in from the customer's PC.
"""
I simply didn't *name* the knob, cause the detail seemed out-of-scope for
that context. Where it would get named would be on the "information for
Audience" pages relevant to access providers, which I have not written
because -- not being a provider -- I have insufficient background to be
accurate.
We welcome contributions from people in those positions... you, perhaps?
Be bold! :-)
Cheers,
-- jra
--
Jay R. Ashworth Baylink jra at baylink.com
Designer The Things I Think RFC 2100
Ashworth & Associates http://www.bcp38.info 2000 Land Rover DII
St Petersburg FL USA BCP38: Ask For It By Name! +1 727 647 1274
More information about the NANOG
mailing list