nanog mailing list archives

Re: [c-nsp] [Re: huge amount of weird traffic on poin-to-point ethernet link]

From: Stephen Wilcox <steve () telecomplete co uk>
Date: Fri, 10 Nov 2006 13:46:31 +0000


On Fri, Nov 10, 2006 at 01:18:02PM +0000, Michael.Dillon () btradianz com wrote:

WRT acls, I would suggest any acl is a bad idea and only a dynamic 
system such as rpf should be used, this is because manual filters 
that deny bogons has the same issue as BGP filtering in that it can 
go stale and you drop newly allocated space.


Your comment implies that ACLs are static and must
be configured manually. In this day and age of automated
systems, that is no longer true. Anyone who wants to can
easily implement dynamic ACLs. They will be slightly less
dynamic than a routing protocol, but ACLs do not have to
be manually configured and do not have to be static.

Of course, on some hardware ACLs have a significant CPU
impact, but that is less of a factor than it used to be.


for the purpose of scope tho we have to imagine this is a large ISP looking at every one of its border links to peers 
and transits

given that, your options for suitable deployments are a lot more limited

Steve

Current thread:

Re: [c-nsp] [Re: huge amount of weird traffic on poin-to-point ethernet link], (continued)
- - - Re: [c-nsp] [Re: huge amount of weird traffic on poin-to-point ethernet link] Larry Smith (Nov 09)
    - Re: [c-nsp] [Re: huge amount of weird traffic on poin-to-point ethernet link] steve (Nov 09)
    - Re: [c-nsp] [Re: huge amount of weird traffic on poin-to-point ethernet link] Robert E. Seastrom (Nov 09)
    - RE: [c-nsp] [Re: huge amount of weird traffic on poin-to-point ethernet link] andrew2 (Nov 09)
    - RE: [c-nsp] [Re: huge amount of weird traffic on poin-to-point ethernet link] Donald Stahl (Nov 09)
    - RE: [c-nsp] [Re: huge amount of weird traffic on poin-to-point ethernet link] Justin M. Streiner (Nov 09)
    - Re: [c-nsp] [Re: huge amount of weird traffic on poin-to-point ethernet link] steve (Nov 09)
    - Re: [c-nsp] [Re: huge amount of weird traffic on poin-to-point ethernet link] Robert Boyle (Nov 09)
    - Re: [c-nsp] [Re: huge amount of weird traffic on poin-to-point ethernet link] steve (Nov 10)
    - Re: [c-nsp] [Re: huge amount of weird traffic on poin-to-point ethernet link] Michael . Dillon (Nov 10)
    - Re: [c-nsp] [Re: huge amount of weird traffic on poin-to-point ethernet link] Stephen Wilcox (Nov 10)
    - Re: [c-nsp] [Re: huge amount of weird traffic on poin-to-point ethernet link] Robert E. Seastrom (Nov 09)
    - Re: [c-nsp] [Re: huge amount of weird traffic on poin-to-point ethernet link] Deepak Jain (Nov 09)
    - Re: [c-nsp] [Re: huge amount of weird traffic on poin-to-point ethernet link] Niels Bakker (Nov 09)
    - Re: [c-nsp] [Re: huge amount of weird traffic on poin-to-point ethernet link] Robert E. Seastrom (Nov 09)
    - Re: [c-nsp] [Re: huge amount of weird traffic on poin-to-point ethernet link] Michael . Dillon (Nov 10)
    - Re: [c-nsp] [Re: huge amount of weird traffic on poin-to-point ethernet link] Tony Finch (Nov 10)
    - Re: [c-nsp] [Re: huge amount of weird traffic on poin-to-point ethernet link] Michael . Dillon (Nov 10)
    - Re: [c-nsp] [Re: huge amount of weird traffic on poin-to-point ethernet link] Stephen Wilcox (Nov 10)
    - Re: [c-nsp] [Re: huge amount of weird traffic on poin-to-point ethernet link] Michael . Dillon (Nov 10)
    - Message not available
    - Re: [c-nsp] [Re: huge amount of weird traffic on poin-to-point ethernet link] steve (Nov 09)

(Thread continues...)