[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Egress filters dropping traffic

Subject: Egress filters dropping traffic
From: peterehiwe at gmail.com (Peter Ehiwe)
Date: Sun, 30 Jun 2013 18:08:57 +0100
In-reply-to: <CAPLq3UNbRFBj=ay5KUbUoFQgk7LJU=-oEq7+woiw-rH-XiVu+g@mail.gmail.com>
References: <CAPLq3UNbRFBj=ay5KUbUoFQgk7LJU=-oEq7+woiw-rH-XiVu+g@mail.gmail.com>

I usually do ingress acl on CE facing PE interfaces , that way I can provide one level of anti spoofing on IPs "I control" . I've not had the need for an egress ACL yet but then again I think it depends on network design and habits from Day 1.

One use case though may be to mitigate DDOS attack on a customer facing  link.

Sent from my iPhone

On Jun 30, 2013, at 5:34 PM, Glen Kent <glen.kent at gmail.com> wrote:

> Hi,
> 
> Under what scenarios do providers install egress ACLs which could say for
> eg.
> 
> 1. Allow all IP traffic out on an interface foo if its coming from source
> IP x.x.x.x/y
> 2. Drop all other IP traffic out on this interface.
> 
> Glen

References:
- Egress filters dropping traffic
  - From: glen.kent at gmail.com (Glen Kent)

Prev by Date: Egress filters dropping traffic
Next by Date: Egress filters dropping traffic
Previous by thread: Egress filters dropping traffic
Next by thread: Egress filters dropping traffic
Index(es):
- Date
- Thread