I guess maybe you want to be sure a certain process occurred in the router (ej
NAT).
--Original Message--
From: Glen Kent
To: nanog@nanog.org
Subject: Egress filters dropping traffic
Sent: Jun 30, 2013 12:04 PM
Hi,
Under what scenarios do providers install egress ACLs which could say
On 6/30/2013 12:34 PM, Glen Kent wrote:
> Under what scenarios do providers install egress ACLs which could say for
> eg.
>
> 1. Allow all IP traffic out on an interface foo if its coming from source
> IP x.x.x.x/y
> 2. Drop all other IP traffic out on this interface.
If you're an end node, it's B
I usually do ingress acl on CE facing PE interfaces , that way I can provide
one level of anti spoofing on IPs "I control" . I've not had the need for an
egress ACL yet but then again I think it depends on network design and habits
from Day 1.
One use case though may be to mitigate DDOS attack
Hi,
Under what scenarios do providers install egress ACLs which could say for
eg.
1. Allow all IP traffic out on an interface foo if its coming from source
IP x.x.x.x/y
2. Drop all other IP traffic out on this interface.
Glen
On (2013-06-30 11:15 +0300), Saku Ytti wrote:
> But MinimaLT does not support multiplexing, which seems to be critical
> design goal for QUIC.
Mea culpa, it does support multiplexing.
--
++ytti
On (2013-06-29 23:36 +0100), Tony Finch wrote:
> Reminds me of MinimaLT: http://cr.yp.to/tcpip/minimalt-20130522.pdf
ACK. Any cryptobased 0 RTT will necessarily have many things similar, and
indeed crypto is the key for low latency without major attack vectors.
But MinimaLT does not support mult
6 matches
Mail list logo
