Home page logo

nanog logo nanog mailing list archives

Re: Egress filters dropping traffic
From: Peter Ehiwe <peterehiwe () gmail com>
Date: Sun, 30 Jun 2013 18:08:57 +0100

I usually do ingress acl on CE facing PE interfaces , that way I can provide one level of anti spoofing on IPs "I 
control" . I've not had the need for an egress ACL yet but then again I think it depends on network design and habits 
from Day 1.

One use case though may be to mitigate DDOS attack on a customer facing  link.

Sent from my iPhone

On Jun 30, 2013, at 5:34 PM, Glen Kent <glen.kent () gmail com> wrote:


Under what scenarios do providers install egress ACLs which could say for

1. Allow all IP traffic out on an interface foo if its coming from source
IP x.x.x.x/y
2. Drop all other IP traffic out on this interface.


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]