nanog mailing list archives
Re: Customer-facing ACLs
From: Sean Donelan <sean () donelan com>
Date: Mon, 10 Mar 2008 15:30:03 -0400 (EDT)
On Mon, 10 Mar 2008, Scott Weeks wrote:
The hard part is I now always take over networks that have been in operation a long time and enabling these policies can be very painful after the fact. Establishing them when the network is new is a different story.
Whatever you decide, whether you know what the policies are or not, there are always have a set of default network policies. The question is do you explain to you customers just as carefully what your default policy doesn't do, as well as what it does. Do you takejust as much time to carefully explain the risks and what may break to your customers of allowing that traffic as you would of not allowing that traffic.
It seems to be very painful whatever decision is made.
Current thread:
- Re: Customer-facing ACLs, (continued)
- Re: Customer-facing ACLs Sean Donelan (Mar 10)
- Re: Customer-facing ACLs Andy Davidson (Mar 18)
- Re: Customer-facing ACLs Marshall Eubanks (Mar 18)
- Re: Customer-facing ACLs Jon Lewis (Mar 18)
- Re: Customer-facing ACLs Adrian Chadd (Mar 18)
- Re: Customer-facing ACLs Justin Shore (Mar 07)
- Re: Customer-facing ACLs Adrian Chadd (Mar 07)
- Re: Customer-facing ACLs Sean Donelan (Mar 10)
- RE: Customer-facing ACLs Frank Bulk - iNAME (Mar 10)
- Re: Customer-facing ACLs Sean Donelan (Mar 10)
- Re: Customer-facing ACLs Andy Dills (Mar 10)
- Re: Customer-facing ACLs Ang Kah Yik (Mar 10)
- RE: Customer-facing ACLs Frank Bulk - iNAME (Mar 10)
- Re: Customer-facing ACLs JC Dill (Mar 10)