[184110] in North American Network Operators' Group
Re: Recent trouble with QUIC?
daemon@ATHENA.MIT.EDU (Stephen Satchell)
Fri Sep 25 20:43:58 2015
X-Original-To: nanog@nanog.org
To: nanog@nanog.org
From: Stephen Satchell <list@satchell.net>
Date: Fri, 25 Sep 2015 17:43:55 -0700
In-Reply-To: <CAD6AjGSAM9OVqKscmAWLOUtFMBQyBm2tDCgos+tD1JNiV_j3TA@mail.gmail.com>
Errors-To: nanog-bounces@nanog.org
On 09/25/2015 04:20 PM, Ca By wrote:
> RFO: Google unilaterally deployed a non-standard protocol to our production
> environment, driving up helpdesk calls x%
>
> After action: block udp 80/443 until production ready and standard ratified
> use deployed.
Let me be gentle about this. Why were you allowing 80/udp and 443/udp
in the first place into your production environment?
In my network, I run a mostly-closed firewall, only allowing those ports
that are needed to be forwarded between the inside and outside networks.
I don't have -- or need -- a DMZ here at this time, so I don't have to
worry about that side of the routing triangle. If I did, I would also
run mostly closed between inside/outside and the DMZ.
I'm liberal about opening ports on request, but the ports have to be
requested before I'll allow them in, out, or forwarded.
