[145875] in North American Network Operators' Group
Re: Colocation providers and ACL requests
daemon@ATHENA.MIT.EDU (Brandon Galbraith)
Tue Oct 25 14:51:35 2011
In-Reply-To: <CABO8Q6Rsh4JTztdiwA_2rm8Bp_PtBkO1A7o+Tda+mVijrZZAtQ@mail.gmail.com>
Date: Tue, 25 Oct 2011 13:50:37 -0500
From: Brandon Galbraith <brandon.galbraith@gmail.com>
To: Keegan Holley <keegan.holley@sungard.com>
Cc: NANOG mailing list <nanog@nanog.org>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
On Tue, Oct 25, 2011 at 1:46 PM, Keegan Holley <keegan.holley@sungard.com>wrote:
> Depends on the provider. Many just do not want to manage hundreds of
> customer ACL's on access routers. Especially when it would compete with a
> managed service (firewall, IDP, DDOS) of some sort. Some still are under
> the impression that ACL's are software based and their giant $100k+ edge
> box
> would crash if they configured them for any reason.
>
>
Conversely, some don't want to be paid for bare colocation (at bare
colocation prices) and have to then support 1000+ rules (yes, 1000+) with
10-20 change requests per day. YMMV/slippery slope/service scope/etc.
