nanog mailing list archives
Re: Access Lists
From: john () serv net (John Navitsky)
Date: Thu, 26 Mar 1998 23:10:01 GMT
On Thu, 26 Mar 1998 17:33:10 -0500, "Martin, Christian" <CMartin () mercury balink com> wrote: [...]
I am very willing to help my customers, but there is a tradeoff in terms of what it costs me. If it is a good customer, or more importantly, a big one, then I will write a 200 line access list, no problem! But say I implement this type of service for a few customers, and word spreads that we are doing it, then everyone wants that type of service.
Well, no one said it has to be free. Cost has a way of weeding out those who are serious about things, and of course it also helps subsidize the resource impacts or even make them profitable.
I suppose my biggest question was this. Has anyone got themselves into a hole by providing ICMP filtering on their routers to protect downstream customers, be it in terms of manageability, processor overhead, packet discarding. Also, where is the best place to do this, ingress, egress, or a combination? Do buffers need to be increased? What about queueing strategy? How does NetFlow affect access-list processing?
As you said, these are the interesting questions. -john
Current thread:
- Re: Access Lists, (continued)
- Re: Access Lists Dan Boehlke (Mar 25)
- Re: Access Lists Phil Howard (Mar 25)
- Re: Access Lists Dan Boehlke (Mar 26)
- Re: Access Lists Phil Howard (Mar 26)
- Re: Access Lists Phil Howard (Mar 25)
- Re: Access Lists Dan Boehlke (Mar 25)
- RE: Access Lists Martin, Christian (Mar 25)
- Re: Access Lists Steve Sobol (Mar 26)
- RE: Access Lists Martin, Christian (Mar 25)
- RE: Access Lists Rich Sena (Mar 26)
- Re: Access Lists Steve Sobol (Mar 26)
- RE: Access Lists Martin, Christian (Mar 26)
- Re: Access Lists John Navitsky (Mar 27)