[146007] in North American Network Operators' Group
Re: Colocation providers and ACL requests
daemon@ATHENA.MIT.EDU (Mike Gatti)
Sun Oct 30 12:43:14 2011
From: Mike Gatti <ekim.ittag@gmail.com>
In-Reply-To: <29baeb8d-2df0-4dc4-9e63-a89fa4717078@mail.gitflorida.com>
Date: Sun, 30 Oct 2011 09:42:10 -0700
To: James Ashton <james@gitflorida.com>
Cc: NANOG mailing list <nanog@nanog.org>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
I tend to disagree somewhat, you really have to put some context around =
the request and convey that to your provider. If the request is "please =
help me block this DDoS traffic so that I can contact the source as it's =
impacting my ability to do business" I think that is a reasonable =
request as long as it's not a permanent solution. I have worked through =
similar incidents in some datacenter in Northern Virginia (Sterling, =
Ashburn) and all of them accommodated that request at no cost.
--
Michael Gatti =20
ekim.ittag@gmail.com
On Oct 27, 2011, at 8:09 PM, James Ashton wrote:
> Christopher,
> This is pretty common policy. Not many datacenters of any size is =
going to act differently. If you don't purchase this service then you =
will not get the service.
>=20
> They may be willing work work with you on black-holing problem IPs =
though. This is pretty common, but don't expect a filtering package =
without purchasing it.
>=20
> James
>=20
> ----- Original Message -----
> From: "Christopher Pilkington" <cjp@0x1.net>
> To: "NANOG mailing list" <nanog@nanog.org>
> Sent: Tuesday, October 25, 2011 2:43:00 PM
> Subject: Colocation providers and ACL requests
>=20
> Is it common in the industry for a colocation provider, when requested =
to put an egress ACL facing us such as:
>=20
> deny udp any a.b.c.d/24 eq 80
>=20
> =85to refuse and tell us we must subscribe to their managed DDOS =
product?
>=20
> -cjp
>=20
>=20
>=20
