[146067] in North American Network Operators' Group
Re: Colocation providers and ACL requests
daemon@ATHENA.MIT.EDU (Kevin Loch)
Tue Nov 1 14:23:38 2011
Date: Tue, 01 Nov 2011 14:22:31 -0400
From: Kevin Loch <kloch@kl.net>
CC: NANOG mailing list <nanog@nanog.org>
In-Reply-To: <B671B0C8-45EA-40A6-A7C9-0EB2C217B1C7@0x1.net>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
Christopher Pilkington wrote:
> Is it common in the industry for a colocation provider, when requested to put an egress ACL facing us such as:
>
> deny udp any a.b.c.d/24 eq 80
>
> …to refuse and tell us we must subscribe to their managed DDOS product?
We have always accommodated temporary ACL's for active DDOS attacks. I
think that is fairly standard across the ISP/hosting industry.
I do feel it is bad practice to regularly implement customer specific
ACL's on routers. If a customer wants a managed firewall we have a
full range of those services available.
- Kevin
