[169503] in North American Network Operators' Group
Re: Managing ACL exceptions (was Re: Filter NTP traffic by packet
daemon@ATHENA.MIT.EDU (Jay Ashworth)
Fri Feb 28 11:12:37 2014
Date: Fri, 28 Feb 2014 11:09:09 -0500 (EST)
From: Jay Ashworth <jra@baylink.com>
To: NANOG <nanog@nanog.org>
In-Reply-To: <CALFTrnOzaSQiabZiR4kUdRKky3a6hymc5ggxmYAVb-EOK-pE2Q@mail.gmail.com>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
----- Original Message -----
> From: "Ray Soucy" <rps@maine.edu>
> When I was looking at the website before I didn't really see any
> mention of uRPF, just the use of ACLs, maybe I missed it, but it's not
> encouraging if I can't spot it quickly. I just tried a search and the
> only thing that popped up was a how-to for a Cisco 7600 VXR.
Well, I do mention it, right there on the home page:
"""
BCP38 filtering to block these packets is most easily handled right at the very edge of the Internet: where customer links terminate in the first piece of provider 'aggregation' gear, like a router, DSLAM, or CMTS. Much to most of this gear already has a 'knob' which can be turned on, which simply drops these packets on the floor as they come in from the customer's PC.
"""
I simply didn't *name* the knob, cause the detail seemed out-of-scope for
that context. Where it would get named would be on the "information for
Audience" pages relevant to access providers, which I have not written
because -- not being a provider -- I have insufficient background to be
accurate.
We welcome contributions from people in those positions... you, perhaps?
Be bold! :-)
Cheers,
-- jra
--
Jay R. Ashworth Baylink jra@baylink.com
Designer The Things I Think RFC 2100
Ashworth & Associates http://www.bcp38.info 2000 Land Rover DII
St Petersburg FL USA BCP38: Ask For It By Name! +1 727 647 1274
