[15888] in North American Network Operators' Group
Re: Access Lists
daemon@ATHENA.MIT.EDU (John Navitsky)
Fri Mar 27 09:11:23 1998
From: john@serv.net (John Navitsky)
To: nanog@merit.edu
Date: Thu, 26 Mar 1998 23:10:01 GMT
In-Reply-To: <c=US%a=_%p=BAIS%l=MERCURY-980326223310Z-2112@mercury.balink.com>
On Thu, 26 Mar 1998 17:33:10 -0500, "Martin, Christian"
<CMartin@mercury.balink.com> wrote:
[...]
> I am very willing to help my
>customers, but there is a tradeoff in terms of what it costs me. If it
>is a good customer, or more importantly, a big one, then I will write a
>200 line access list, no problem! But say I implement this type of
>service for a few customers, and word spreads that we are doing it, then
>everyone wants that type of service.
Well, no one said it has to be free. Cost has a way of weeding out those who
are serious about things, and of course it also helps subsidize the resource
impacts or even make them profitable.
>I suppose my biggest question was this. Has anyone got themselves into
>a hole by providing ICMP filtering on their routers to protect
>downstream customers, be it in terms of manageability, processor
>overhead, packet discarding. Also, where is the best place to do this,
>ingress, egress, or a combination? Do buffers need to be increased?
>What about queueing strategy? How does NetFlow affect access-list
>processing?
As you said, these are the interesting questions.
-john
