North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

RE: Customer-facing ACLs

  • From: Tim Sanderson
  • Date: Fri Mar 07 16:06:42 2008
  • Accept-language: en-US
  • Acceptlanguage: en-US

We also use ingress bogon ACLs at our borders.

Tim Sanderson, network administrator
[email protected]

-----Original Message-----
From: [email protected] [mailto:[email protected]] On Behalf Of Justin Shore
Sent: Friday, March 07, 2008 3:20 PM
To: [email protected]
Subject: Re: Customer-facing ACLs

[email protected] wrote:
> On Fri, 07 Mar 2008 13:55:05 CST, Justin Shore said:
>> I'm assuming everyone uses uRPF at all their edges already so that
>> eliminates the need for specific ACEs with ingress/egress network
>> verification checks.
> You're new here, aren't you? :)

Hopefully optimistic.  Don't bum me out going into a weekend...  :-)

 From the looks of my ingress BOGON ACLs on my borders (yes, I'm using
ACLs and not null routes for a reason) I'd most people not reading NANOG
(and maybe even some of them!) are not doing any ingress filtering on
their customer source IPs.  Sad....