Re: Colocation providers and ACL requests

[Keegan Holley <keegan.holley () sungard com>]

2011/10/25 Brandon Galbraith <brandon.galbraith () gmail com>

> On Tue, Oct 25, 2011 at 1:46 PM, Keegan Holley <keegan.holley () sungard com>wrote:
>
> > Depends on the provider.  Many just do not want to manage hundreds of
> > customer ACL's on access routers.  Especially when it would compete with a
> > managed service (firewall, IDP, DDOS) of some sort.  Some still are under
> > the impression that ACL's are software based and their giant $100k+ edge
> > box
> > would crash if they configured them for any reason.
> Conversely, some don't want to be paid for bare colocation (at bare
> colocation prices) and have to then support 1000+ rules (yes, 1000+) with
> 10-20 change requests per day. YMMV/slippery slope/service scope/etc.

They are no worse than route filters or bandwidth increases, or IP address
requests/changes.  The provider should be able to do a temporary filter if
the customer needs it though rather than forcing them to wait weeks or
months to install a managed service/device.  I agree permanent custom ACL's
with indefinite growth/management could be considered a managed service and
should either be an additional charge or not allowed at all.