[81488] in North American Network Operators' Group


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

Re: Best practice ACLs for a internet facing border router?

daemon@ATHENA.MIT.EDU (matthew zeier)
Mon Jun 13 14:23:21 2005

Date: Mon, 13 Jun 2005 11:22:26 -0700
From: matthew zeier <mrz@velvet.org>
To: Drew Weaver <drew.weaver@thenap.com>
Cc: nanog@merit.edu
In-Reply-To: <B9ECBF8D89E7684EB63FF250E8788B1911961F@BIGLOG.thenap.com>
Errors-To: owner-nanog@merit.edu




Drew Weaver wrote:
> 	I'm just curious if anyone has ever published a list of what is
> an agreed upon best practice list of ACLs for an internet facing border
> router. I'm talking about things like bogons, private Ip addresses, et
> cetera. If anyone is aware of anything like this I'd like to see it.

Depending on your flavor of router, you might need to take multiple approaches.

On my 12000s, I'm only using RACLs (beyond prefix filtering) and do more 
specific ACLs closer down to the "core".

--
matthew zeier - "Curiosity is a willing, a proud, an eager confession
of ignorance." - Leonard Rubenstein


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

[81488] in North American Network Operators' Group

Re: Best practice ACLs for a internet facing border router?

daemon@ATHENA.MIT.EDU (matthew zeier)Mon Jun 13 14:23:21 2005

daemon@ATHENA.MIT.EDU (matthew zeier)
Mon Jun 13 14:23:21 2005