Ingress filtering on transits, peers, and IX ports

• Previous message (by thread): Ingress filtering on transits, peers, and IX ports
• Next message (by thread): Ingress filtering on transits, peers, and IX ports
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Saku Ytti wrote on 15/10/2020 15:29:
> But you have to think about what prefixes a customer has. If BGP you
> need to generate prefix-list, if static you need to generate a static
> route. As you already have to know and manage this information, what
> is the incremental cost to also emit an ACL?

the unfortunate reality is that many networks are run by CLI jockeys, so 
the incremental cost of this can be high.  There are no good 
general-purpose networking sources of truth, which means that usually 
provisioning databases need to be highly customised, which is only worth 
it if the scale merits it.

Nick

• Previous message (by thread): Ingress filtering on transits, peers, and IX ports
• Next message (by thread): Ingress filtering on transits, peers, and IX ports
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]