mailing list archives
Re: Egress filters dropping traffic
From: Peter Ehiwe <peterehiwe () gmail com>
Date: Sun, 30 Jun 2013 18:08:57 +0100
I usually do ingress acl on CE facing PE interfaces , that way I can provide one level of anti spoofing on IPs "I
control" . I've not had the need for an egress ACL yet but then again I think it depends on network design and habits
from Day 1.
One use case though may be to mitigate DDOS attack on a customer facing link.
Sent from my iPhone
On Jun 30, 2013, at 5:34 PM, Glen Kent <glen.kent () gmail com> wrote:
Under what scenarios do providers install egress ACLs which could say for
1. Allow all IP traffic out on an interface foo if its coming from source
2. Drop all other IP traffic out on this interface.