nanog mailing list archives
Re: (cisco, or any) acl *reducers* out there?
From: George Michaelson <ggm () apnic net>
Date: Thu, 19 Aug 2010 13:43:32 +1000
On 19/08/2010, at 1:38 PM, Randy Bush wrote:
one more comment. be careful aggregating filters. the peer may actually announce all those damed frags, especially in massively de-aggregated places such as india, indonesia, ... randy
I should have been clearer that I really only want to aggregate ACLs like a port-22 ssh filter which has an endless list of specific /32, or the 'we don't like inbound UDP' -where it logically made sense. So if you happen to have an overarching UDP 'established' class rule, then its order compared to other rules might or might not make them useless. Route filtering is best done by professionals. Always read the instructions on the packet. (Your oven may be in centigrade, not fahrenheit, and the cup size varies by economy.) -George
Current thread:
- (cisco, or any) acl *reducers* out there? George Michaelson (Aug 18)
- Re: (cisco, or any) acl *reducers* out there? Dobbins, Roland (Aug 18)
- Re: (cisco, or any) acl *reducers* out there? Christopher Morrow (Aug 18)
- Re: (cisco, or any) acl *reducers* out there? Randy Bush (Aug 18)
- Re: (cisco, or any) acl *reducers* out there? George Michaelson (Aug 18)
- Re: (cisco, or any) acl *reducers* out there? Randy Bush (Aug 18)
- Re: (cisco, or any) acl *reducers* out there? George Michaelson (Aug 18)
- Re: (cisco, or any) acl *reducers* out there? George Michaelson (Aug 18)
- Re: (cisco, or any) acl *reducers* out there? Dobbins, Roland (Aug 18)
- Re: (cisco, or any) acl *reducers* out there? Cat Okita (Aug 19)
- Re: (cisco, or any) acl *reducers* out there? Christopher Morrow (Aug 19)
- Re: (cisco, or any) acl *reducers* out there? Cat Okita (Aug 19)
- Re: (cisco, or any) acl *reducers* out there? Christopher Morrow (Aug 19)
- Re: (cisco, or any) acl *reducers* out there? Christopher Morrow (Aug 19)