[102901] in North American Network Operators' Group
Re: Customer-facing ACLs
daemon@ATHENA.MIT.EDU (Justin Shore)
Fri Mar 7 15:35:29 2008
Date: Fri, 07 Mar 2008 14:19:47 -0600
From: Justin Shore <justin@justinshore.com>
To: Valdis.Kletnieks@vt.edu
CC: NANOG <nanog@merit.edu>
In-Reply-To: <10335.1204920774@turing-police.cc.vt.edu>
Errors-To: owner-nanog@merit.edu
Valdis.Kletnieks@vt.edu wrote:
> On Fri, 07 Mar 2008 13:55:05 CST, Justin Shore said:
>
>> I'm assuming everyone uses uRPF at all their edges already so that
>> eliminates the need for specific ACEs with ingress/egress network
>> verification checks.
>
> You're new here, aren't you? :)
Hopefully optimistic. Don't bum me out going into a weekend... :-)
From the looks of my ingress BOGON ACLs on my borders (yes, I'm using
ACLs and not null routes for a reason) I'd most people not reading NANOG
(and maybe even some of them!) are not doing any ingress filtering on
their customer source IPs. Sad....
Justin
