nanog mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Ingress filtering on transits, peers, and IX ports

From: Nick Hilliard <nick () foobar org>
Date: Thu, 15 Oct 2020 15:45:24 +0100
Saku Ytti wrote on 15/10/2020 15:29:

But you have to think about what prefixes a customer has. If BGP you
need to generate prefix-list, if static you need to generate a static
route. As you already have to know and manage this information, what
is the incremental cost to also emit an ACL?
the unfortunate reality is that many networks are run by CLI jockeys, so the incremental cost of this can be high. There are no good general-purpose networking sources of truth, which means that usually provisioning databases need to be highly customised, which is only worth it if the scale merits it. 

Nick
Previous By Date Next
Previous By Thread Next

Current thread: