[102967] in North American Network Operators' Group
Re: Customer-facing ACLs
daemon@ATHENA.MIT.EDU (Sean Donelan)
Mon Mar 10 15:38:25 2008
Date: Mon, 10 Mar 2008 15:30:03 -0400 (EDT)
From: Sean Donelan <sean@donelan.com>
To: Scott Weeks <surfer@mauigateway.com>
cc: nanog@merit.edu
In-Reply-To: <20080310115324.63321340@resin14.mta.everyone.net>
Errors-To: owner-nanog@merit.edu
On Mon, 10 Mar 2008, Scott Weeks wrote:
> The hard part is I now always take over networks that have been in
> operation a long time and enabling these policies can be very painful
> after the fact. Establishing them when the network is new is a
> different story.
Whatever you decide, whether you know what the policies are or not, there
are always have a set of default network policies.
The question is do you explain to you customers just as carefully what
your default policy doesn't do, as well as what it does. Do you take
just as much time to carefully explain the risks and what may break to
your customers of allowing that traffic as you would of not allowing that
traffic.
It seems to be very painful whatever decision is made.
