[93361] in North American Network Operators' Group
Re: [c-nsp] [Re: huge amount of weird traffic on poin-to-point ethernet
daemon@ATHENA.MIT.EDU (Michael.Dillon@btradianz.com)
Fri Nov 10 08:24:22 2006
In-Reply-To: <20061110111855.GA673@mail4.tck.telecomplete.net>
To: nanog@merit.edu
From: Michael.Dillon@btradianz.com
Date: Fri, 10 Nov 2006 13:18:02 +0000
Errors-To: owner-nanog@merit.edu
> WRT acls, I would suggest any acl is a bad idea and only a dynamic
> system such as rpf should be used, this is because manual filters
> that deny bogons has the same issue as BGP filtering in that it can
> go stale and you drop newly allocated space.
Your comment implies that ACLs are static and must
be configured manually. In this day and age of automated
systems, that is no longer true. Anyone who wants to can
easily implement dynamic ACLs. They will be slightly less
dynamic than a routing protocol, but ACLs do not have to
be manually configured and do not have to be static.
Of course, on some hardware ACLs have a significant CPU
impact, but that is less of a factor than it used to be.
--Michael Dillon
