Re: Colocation providers and ACL requests

[Kevin Loch <kloch () kl net>]

Christopher Pilkington wrote:
> Is it common in the industry for a colocation provider, when requested to put an egress ACL facing us such as:
>
>   deny udp any a.b.c.d/24 eq 80
>
> …to refuse and tell us we must subscribe to their managed DDOS product?

We have always accommodated temporary ACL's for active DDOS attacks.  I
think that is fairly standard across the ISP/hosting industry.

I do feel it is bad practice to regularly implement customer specific
ACL's on routers.  If a customer wants a managed firewall we have a
full range of those services available.

- Kevin