nanog mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Access Lists

From: john () serv net (John Navitsky)
Date: Thu, 26 Mar 1998 23:10:01 GMT
On Thu, 26 Mar 1998 17:33:10 -0500, "Martin, Christian"
<CMartin () mercury balink com> wrote:

[...]


I am very willing to help my
customers, but there is a tradeoff in terms of what it costs me.  If it
is a good customer, or more importantly, a big one, then I will write a
200 line access list, no problem!  But say I implement this type of
service for a few customers, and word spreads that we are doing it, then
everyone wants that type of service.  


Well, no one said it has to be free.  Cost has a way of weeding out those who
are serious about things, and of course it also helps subsidize the resource
impacts or even make them profitable.


I suppose my biggest question was this.  Has anyone got themselves into
a hole by providing ICMP filtering on their routers to protect
downstream customers, be it in terms of manageability, processor
overhead, packet discarding.  Also, where is the best place to do this,
ingress, egress, or a combination?  Do buffers need to be increased?
What about queueing strategy?  How does NetFlow affect access-list
processing?


As you said, these are the interesting questions.

-john
Previous By Date Next
Previous By Thread Next

Current thread: