nanog mailing list archives
Re: Colocation providers and ACL requests
From: Jack Bates <jbates () brightok net>
Date: Tue, 01 Nov 2011 15:19:39 -0500
On 11/1/2011 1:22 PM, Kevin Loch wrote:
Christopher Pilkington wrote:Is it common in the industry for a colocation provider, when requested to put an egress ACL facing us such as: deny udp any a.b.c.d/24 eq 80 …to refuse and tell us we must subscribe to their managed DDOS product?We have always accommodated temporary ACL's for active DDOS attacks. I think that is fairly standard across the ISP/hosting industry. I do feel it is bad practice to regularly implement customer specific ACL's on routers. If a customer wants a managed firewall we have a full range of those services available.
And Managed DDOS products better be a LOT more than an ACL. If I'm going to pay someone to manage DDOS, they will scrub the traffic and let all my legitimate traffic through. That's what I'm paying for. null routing an IP or a simple acl isn't worth paying a dime for.
Jack
Current thread:
- Re: Colocation providers and ACL requests Kevin Loch (Nov 01)
- Re: Colocation providers and ACL requests Jack Bates (Nov 01)
- Re: Colocation providers and ACL requests Jimmy Hess (Nov 01)
- Re: Colocation providers and ACL requests Adam Rothschild (Nov 02)