North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical Re: [c-nsp] [Re: huge amount of weird traffic on poin-to-point ethernet link]
On Fri, Nov 10, 2006 at 01:18:02PM +0000, [email protected] wrote: > > > WRT acls, I would suggest any acl is a bad idea and only a dynamic > > system such as rpf should be used, this is because manual filters > > that deny bogons has the same issue as BGP filtering in that it can > > go stale and you drop newly allocated space. > > Your comment implies that ACLs are static and must > be configured manually. In this day and age of automated > systems, that is no longer true. Anyone who wants to can > easily implement dynamic ACLs. They will be slightly less > dynamic than a routing protocol, but ACLs do not have to > be manually configured and do not have to be static. > > Of course, on some hardware ACLs have a significant CPU > impact, but that is less of a factor than it used to be. for the purpose of scope tho we have to imagine this is a large ISP looking at every one of its border links to peers and transits given that, your options for suitable deployments are a lot more limited Steve
|