North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: [c-nsp] [Re: huge amount of weird traffic on poin-to-point ethernet link]

  • From: Stephen Wilcox
  • Date: Fri Nov 10 08:50:12 2006

On Fri, Nov 10, 2006 at 01:18:02PM +0000, [email protected] wrote:
> > WRT acls, I would suggest any acl is a bad idea and only a dynamic 
> > system such as rpf should be used, this is because manual filters 
> > that deny bogons has the same issue as BGP filtering in that it can 
> > go stale and you drop newly allocated space. 
> Your comment implies that ACLs are static and must
> be configured manually. In this day and age of automated
> systems, that is no longer true. Anyone who wants to can
> easily implement dynamic ACLs. They will be slightly less
> dynamic than a routing protocol, but ACLs do not have to
> be manually configured and do not have to be static.
> Of course, on some hardware ACLs have a significant CPU
> impact, but that is less of a factor than it used to be.

for the purpose of scope tho we have to imagine this is a large ISP looking at every one of its border links to peers and transits

given that, your options for suitable deployments are a lot more limited