nanog mailing list archives
Re: BCP38/84 and DDoS ACLs
From: Roland Dobbins <rdobbins () arbor net>
Date: Sat, 27 May 2017 00:19:34 +0700
On 26 May 2017, at 22:39, Graham Johnston wrote:
I am looking for information regarding standard ACLs that operators may be using at the internet edge of their network, on peering and transit connections,
These .pdf presos may be of interest: <https://app.box.com/s/ko8lk4vlh1835p36na3u> <https://app.box.com/s/xznjloitly2apixr5xge> They talk about iACL and tACL design philosophy.What traffic you should permit/deny on your network is, of course, situationally-specific. Depends on what kind of network it is, what servers/services/applications/users you have, et. al. You may need one set of ACLs at the peering/transit edge, and other, more specific ACLs, at the IDC distribution gateway, customer aggregation gateway, et. al.
----------------------------------- Roland Dobbins <rdobbins () arbor net>
Current thread:
- BCP38/84 and DDoS ACLs Graham Johnston (May 26)
- Re: BCP38/84 and DDoS ACLs Compton, Rich A (May 26)
- Re: BCP38/84 and DDoS ACLs Dave Bell (May 27)
- Re: BCP38/84 and DDoS ACLs Rabbi Rob Thomas (May 29)
- Re: BCP38/84 and DDoS ACLs Dave Bell (May 27)
- Re: BCP38/84 and DDoS ACLs Roland Dobbins (May 26)
- RE: BCP38/84 and DDoS ACLs Kody Vicknair (May 26)
- Re: BCP38/84 and DDoS ACLs joel jaeggli (May 26)
- Re: BCP38/84 and DDoS ACLs valdis . kletnieks (May 26)
- Re: BCP38/84 and DDoS ACLs Roland Dobbins (May 26)
- Re: BCP38/84 and DDoS ACLs Roland Dobbins (May 26)
- Re: BCP38/84 and DDoS ACLs Randy Bush (May 26)
- RE: BCP38/84 and DDoS ACLs Kody Vicknair (May 26)
- Re: BCP38/84 and DDoS ACLs Compton, Rich A (May 26)