On (2013-06-30 22:04 +0530), Glen Kent wrote:
> Under what scenarios do providers install egress ACLs which could say for
> eg.
>
> 1. Allow all IP traffic out on an interface foo if its coming from source
> IP x.x.x.x/y
> 2. Drop all other IP traffic out on this interface.
Question seems to be
I guess maybe you want to be sure a certain process occurred in the router (ej
NAT).
--Original Message--
From: Glen Kent
To: nanog@nanog.org
Subject: Egress filters dropping traffic
Sent: Jun 30, 2013 12:04 PM
Hi,
Under what scenarios do providers install egress ACLs which could say
On 6/30/2013 12:34 PM, Glen Kent wrote:
> Under what scenarios do providers install egress ACLs which could say for
> eg.
>
> 1. Allow all IP traffic out on an interface foo if its coming from source
> IP x.x.x.x/y
> 2. Drop all other IP traffic out on this interface.
If you're an end node, it's B
I usually do ingress acl on CE facing PE interfaces , that way I can provide
one level of anti spoofing on IPs "I control" . I've not had the need for an
egress ACL yet but then again I think it depends on network design and habits
from Day 1.
One use case though may be to mitigate DDOS attack
4 matches
Mail list logo
