|
|
|
|
|
|
|
|
|
|
|
|
| home | help | back | first | fref | pref | prev | next | nref | lref | last | post |
Date: Sun, 30 Jun 2013 15:08:16 -0400 From: Jeff Kell <jeff-kell@utc.edu> To: Glen Kent <glen.kent@gmail.com> In-Reply-To: <CAPLq3UNbRFBj=ay5KUbUoFQgk7LJU=-oEq7+woiw-rH-XiVu+g@mail.gmail.com> Cc: "nanog@nanog.org" <nanog@nanog.org> Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org On 6/30/2013 12:34 PM, Glen Kent wrote: > Under what scenarios do providers install egress ACLs which could say for > eg. > > 1. Allow all IP traffic out on an interface foo if its coming from source > IP x.x.x.x/y > 2. Drop all other IP traffic out on this interface. If you're an end node, it's BCP to block ingress from your own IP space, and block egress NOT from your IP space. If you're doing transit, it gets more complicated. Jeff
|
|
|
|
|
|
|
|
|
|
|
|
| home | help | back | first | fref | pref | prev | next | nref | lref | last | post |