[145874] in North American Network Operators' Group
Re: Colocation providers and ACL requests
daemon@ATHENA.MIT.EDU (Keegan Holley)
Tue Oct 25 14:48:20 2011
In-Reply-To: <B671B0C8-45EA-40A6-A7C9-0EB2C217B1C7@0x1.net>
From: Keegan Holley <keegan.holley@sungard.com>
Date: Tue, 25 Oct 2011 14:46:38 -0400
To: Christopher Pilkington <cjp@0x1.net>
Cc: NANOG mailing list <nanog@nanog.org>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
Depends on the provider. Many just do not want to manage hundreds of
customer ACL's on access routers. Especially when it would compete with a
managed service (firewall, IDP, DDOS) of some sort. Some still are under
the impression that ACL's are software based and their giant $100k+ edge bo=
x
would crash if they configured them for any reason.
2011/10/25 Christopher Pilkington <cjp@0x1.net>
> Is it common in the industry for a colocation provider, when requested to
> put an egress ACL facing us such as:
>
> deny udp any a.b.c.d/24 eq 80
>
> =85to refuse and tell us we must subscribe to their managed DDOS product?
>
> -cjp
>
>
>
>
