Managing ACL exceptions (was Re: Filter NTP traffic by packet size?)

Jay Ashworth jra at
Fri Feb 28 16:09:09 UTC 2014

----- Original Message -----
> From: "Ray Soucy" <rps at>

> When I was looking at the website before I didn't really see any
> mention of uRPF, just the use of ACLs, maybe I missed it, but it's not
> encouraging if I can't spot it quickly. I just tried a search and the
> only thing that popped up was a how-to for a Cisco 7600 VXR.

Well, I do mention it, right there on the home page:

BCP38 filtering to block these packets is most easily handled right at the very edge of the Internet: where customer links terminate in the first piece of provider 'aggregation' gear, like a router, DSLAM, or CMTS. Much to most of this gear already has a 'knob' which can be turned on, which simply drops these packets on the floor as they come in from the customer's PC. 

I simply didn't *name* the knob, cause the detail seemed out-of-scope for 
that context.  Where it would get named would be on the "information for 
Audience" pages relevant to access providers, which I have not written 
because -- not being a provider -- I have insufficient background to be

We welcome contributions from people in those positions... you, perhaps?

Be bold!  :-)

-- jra
Jay R. Ashworth                  Baylink                       jra at
Designer                     The Things I Think                       RFC 2100
Ashworth & Associates          2000 Land Rover DII
St Petersburg FL USA      BCP38: Ask For It By Name!           +1 727 647 1274

More information about the NANOG mailing list