[171751] in North American Network Operators' Group
Re: level3 dia egress filtering?
daemon@ATHENA.MIT.EDU (Justin M. Streiner)
Mon May 12 21:51:48 2014
X-Original-To: nanog@nanog.org
Date: Mon, 12 May 2014 18:59:07 -0400 (EDT)
From: "Justin M. Streiner" <streiner@cluebyfour.org>
To: nanog@nanog.org
In-Reply-To: <d3b816ad4de4f041b7e0c9dca54bd7ed.squirrel@66.201.44.180>
Errors-To: nanog-bounces@nanog.org
On Mon, 12 May 2014, Bob Evans wrote:
> Ahh, Yep, same thing port and/or protocol for an address range. I haven't
> seen that accomplished via BGP. I know ATT will do it - they want about 2K
> more per month for that ability. All your traffic is redirected (extra
> hops ) through a firewall. So, it's a basic expensive firewall service.
>
> We have done both port based and protocol. But it gets installed by hand
> only on the connected port the customer.
From what I've seen, most of the major carriers don't filter traffic
outside of truly exceptional circumstances, or it's treated as a revenue
source. If it's offered at all, it's often priced unattractively, because
carriers often don't want to be in the firewall/port-filtering business.
jms
