nanog mailing list archives
Re: Colocation providers and ACL requests
From: Adam Rothschild <asr () latency net>
Date: Wed, 2 Nov 2011 11:53:37 -0400
On Tue, Nov 1, 2011 at 8:00 PM, Jimmy Hess <mysidia () gmail com> wrote:
On Tue, Nov 1, 2011 at 1:22 PM, Kevin Loch <kloch () kl net> wrote:We have always accommodated temporary ACL's for active DDOS attacks. I think that is fairly standard across the ISP/hosting industry.
Indeed. We'll do it; ditto every reputable hosting, collocation, or IP transit shop I've come into contact with.
And it's reasonable to accomodate the customer that asks, and reasonable for a customer to ask for a temporary ACL in such situations. However, it's also reasonable for the provider to refuse, and there's nothing wrong with that, unless the provider agreed that they would be willing to do that [...]
Disagree. Furthermore, I think providers refusing to implement temporary ACLs should be called out on fora such as NANOG, to aid others in the vendor selection process. This is not to say it's sustainable as a repeat or permanent configuration -- possible up-sell and business drivers aside, TCAM exhaustion, performance implications, and man-hours required for ACL maintenance are all very real concerns -- but denying your customers this type of emergency response is bad for the Internet, and goes against basic tenets of customer service. -a
Current thread:
- Re: Colocation providers and ACL requests Kevin Loch (Nov 01)
- Re: Colocation providers and ACL requests Jack Bates (Nov 01)
- Re: Colocation providers and ACL requests Jimmy Hess (Nov 01)
- Re: Colocation providers and ACL requests Adam Rothschild (Nov 02)