nanog mailing list archives

Re: High throughput bgp links using gentoo + stipped kernel

From: joel jaeggli <joelja () bogus com>
Date: Mon, 20 May 2013 16:47:12 -0700

On 5/20/13 2:45 PM, Matt Palmer wrote:

On Sun, May 19, 2013 at 04:42:23PM -0700, Seth Mattinen wrote:

On 5/19/13 4:27 PM, Ben wrote:

Do you actually need stateful filtering?  A lot of people seem to think
that it's important, when really they're accomplishing little from it,
you can block ports etc without it.

I believe PCI compliance requires it, other things like it probably do too.

There'd be very few PCI compliant sites if PCI required stateful firewalling
in core routers.

Putting your border router in scope for your pci environment is imho anengineering/documentation mistake.

- Matt

Current thread:

Re: High throughput bgp links using gentoo + stipped kernel, (continued)
- - Message not available
    - Re: High throughput bgp links using gentoo + stipped kernel Nick Khamis (May 19)
    - Re: High throughput bgp links using gentoo + stipped kernel Andre Tomt (May 19)
    - Re: High throughput bgp links using gentoo + stipped kernel Matt Palmer (May 19)
    - RE: High throughput bgp links using gentoo + stipped kernel MailPlus| David Hofstee (May 21)
    - Re: High throughput bgp links using gentoo + stipped kernel Ben (May 19)
    - Re: High throughput bgp links using gentoo + stipped kernel Seth Mattinen (May 19)
    - Re: High throughput bgp links using gentoo + stipped kernel Valdis . Kletnieks (May 19)
    - Re: High throughput bgp links using gentoo + stipped kernel Matt Palmer (May 20)
    - Re: High throughput bgp links using gentoo + stipped kernel Phil Fagan (May 20)
    - Re: High throughput bgp links using gentoo + stipped kernel Justin M. Streiner (May 21)
    - Re: High throughput bgp links using gentoo + stipped kernel joel jaeggli (May 20)
    - Re: High throughput bgp links using gentoo + stipped kernel Ben (May 19)
- Re: High throughput bgp links using gentoo + stipped kernel Michael McConnell (May 19)
  - Re: High throughput bgp links using gentoo + stipped kernel Nick Khamis (May 19)
    - Re: High throughput bgp links using gentoo + stipped kernel Zachary Giles (May 19)
    - Re: High throughput bgp links using gentoo + stipped kernel Nick Khamis (May 19)
    - Re: High throughput bgp links using gentoo + stipped kernel Phil Fagan (May 19)
- Re: High throughput bgp links using gentoo + stipped kernel Ben (May 19)
  - Re: High throughput bgp links using gentoo + stipped kernel Andre Tomt (May 19)
  - Re: High throughput bgp links using gentoo + stipped kernel Laurent GUERBY (May 20)
    - Re: High throughput bgp links using gentoo + stipped kernel Laurent GUERBY (May 20)