[102905] in North American Network Operators' Group
RE: Customer-facing ACLs
daemon@ATHENA.MIT.EDU (Tim Sanderson)
Fri Mar 7 16:06:54 2008
From: Tim Sanderson <tims@donet.com>
To: NANOG <nanog@merit.edu>
Date: Fri, 7 Mar 2008 15:48:23 -0500
In-Reply-To: <47D1A363.9080109@justinshore.com>
Errors-To: owner-nanog@merit.edu
We also use ingress bogon ACLs at our borders.
--
Tim Sanderson, network administrator
tims@donet.com
-----Original Message-----
From: owner-nanog@merit.edu [mailto:owner-nanog@merit.edu] On Behalf Of Jus=
tin Shore
Sent: Friday, March 07, 2008 3:20 PM
To: Valdis.Kletnieks@vt.edu
Cc: NANOG
Subject: Re: Customer-facing ACLs
Valdis.Kletnieks@vt.edu wrote:
> On Fri, 07 Mar 2008 13:55:05 CST, Justin Shore said:
>
>> I'm assuming everyone uses uRPF at all their edges already so that
>> eliminates the need for specific ACEs with ingress/egress network
>> verification checks.
>
> You're new here, aren't you? :)
Hopefully optimistic. Don't bum me out going into a weekend... :-)
From the looks of my ingress BOGON ACLs on my borders (yes, I'm using
ACLs and not null routes for a reason) I'd most people not reading NANOG
(and maybe even some of them!) are not doing any ingress filtering on
their customer source IPs. Sad....
Justin
