[93363] in North American Network Operators' Group
Re: [c-nsp] [Re: huge amount of weird traffic on poin-to-point ethernet link]
daemon@ATHENA.MIT.EDU (Stephen Wilcox)
Fri Nov 10 08:47:38 2006
Date: Fri, 10 Nov 2006 13:46:31 +0000
From: Stephen Wilcox <steve@telecomplete.co.uk>
To: Michael.Dillon@btradianz.com
Cc: nanog@merit.edu
In-Reply-To: <OFAEA78B8E.057E237B-ON80257222.0048B5D9-80257222.00490FE1@btradianz.com>
Errors-To: owner-nanog@merit.edu
On Fri, Nov 10, 2006 at 01:18:02PM +0000, Michael.Dillon@btradianz.com wrote:
>
> > WRT acls, I would suggest any acl is a bad idea and only a dynamic
> > system such as rpf should be used, this is because manual filters
> > that deny bogons has the same issue as BGP filtering in that it can
> > go stale and you drop newly allocated space.
>
> Your comment implies that ACLs are static and must
> be configured manually. In this day and age of automated
> systems, that is no longer true. Anyone who wants to can
> easily implement dynamic ACLs. They will be slightly less
> dynamic than a routing protocol, but ACLs do not have to
> be manually configured and do not have to be static.
>
> Of course, on some hardware ACLs have a significant CPU
> impact, but that is less of a factor than it used to be.
for the purpose of scope tho we have to imagine this is a large ISP looking at every one of its border links to peers and transits
given that, your options for suitable deployments are a lot more limited
Steve
