level3 dia egress filtering?

Ca By cb.list6 at gmail.com
Tue May 13 02:02:28 UTC 2014


On May 12, 2014 6:53 PM, "Justin M. Streiner" <streiner at cluebyfour.org>
wrote:
>
> On Mon, 12 May 2014, Bob Evans wrote:
>
>> Ahh,  Yep, same thing port and/or protocol for an address range.  I
haven't
>> seen that accomplished via BGP. I know ATT will do it - they want about
2K
>> more per month for that ability. All your traffic is redirected (extra
>> hops ) through a firewall. So, it's a basic expensive firewall service.
>>
>> We have done both port based and protocol. But it gets installed by hand
>> only on the connected port the customer.
>
>
> From what I've seen, most of the major carriers don't filter traffic
outside of truly exceptional circumstances, or it's treated as a revenue
source.  If it's offered at all, it's often priced unattractively, because
carriers often don't want to be in the firewall/port-filtering business.
>
> jms

All my providers provide me incident response that includes rtbh as well as
ACL and in some cases protocol rate limiting.  ACL may take a while working
the phone, but rtbh is immediate.

I substanilly decreased business with at&t since they do not offer rtbh.
Rtbh is really the floor on security features, and at&t is below the floor.

CB


More information about the NANOG mailing list