[145888] in North American Network Operators' Group
Re: Colocation providers and ACL requests
daemon@ATHENA.MIT.EDU (William Herrin)
Tue Oct 25 19:56:52 2011
In-Reply-To: <B671B0C8-45EA-40A6-A7C9-0EB2C217B1C7@0x1.net>
From: William Herrin <bill@herrin.us>
Date: Tue, 25 Oct 2011 19:55:26 -0400
To: Christopher Pilkington <cjp@0x1.net>
Cc: NANOG mailing list <nanog@nanog.org>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
On Tue, Oct 25, 2011 at 2:43 PM, Christopher Pilkington <cjp@0x1.net> wrote=
:
> Is it common in the industry for a colocation provider, when
> requested to put an egress ACL facing us such as:
>
> =A0deny udp any a.b.c.d/24 eq 80
>
> =85to refuse and tell us we must subscribe to their
> managed DDOS product?
Christopher,
That seems reasonable to me. You're buying colo and transit, not
firewall service. If you want firewall service, that's extra.
If you do decide to move, I suggest a carrier neutral facility so that
you can change transit providers without moving your equipment. The
easier it is for you to walk away, the more accommodating vendors tend
to be.
Seeing much port 80 UDP traffic? My curiosity is piqued.
Regards,
Bill Herrin
--=20
William D. Herrin ................ herrin@dirtside.com=A0 bill@herrin.us
3005 Crane Dr. ...................... Web: <http://bill.herrin.us/>
Falls Church, VA 22042-3004
