Re: Colocation providers and ACL requests

[Mike Gatti <ekim.ittag () gmail com>]

I tend to disagree somewhat, you really have to put some context around the request and convey that to your provider. 
If the request is "please help me block this DDoS traffic so that I can contact the source as it's impacting my ability 
to do business" I think that is a reasonable request as long as it's not a permanent solution. I have worked through 
similar incidents in some datacenter in Northern Virginia (Sterling, Ashburn) and all of them accommodated that request 
at no cost.

--
Michael Gatti  
ekim.ittag () gmail com



On Oct 27, 2011, at 8:09 PM, James Ashton wrote:

> Christopher,
> This is pretty common policy.  Not many datacenters of any size is going to act differently.  If you don't purchase 
> this service then you will not get the service.
>
> They may be willing work work with you on black-holing problem IPs though.  This is pretty common, but don't expect a 
> filtering package without purchasing it.
>
> James
>
> ----- Original Message -----
> From: "Christopher Pilkington" <cjp () 0x1 net>
> To: "NANOG mailing list" <nanog () nanog org>
> Sent: Tuesday, October 25, 2011 2:43:00 PM
> Subject: Colocation providers and ACL requests
>
> Is it common in the industry for a colocation provider, when requested to put an egress ACL facing us such as:
>
>  deny udp any a.b.c.d/24 eq 80
>
> …to refuse and tell us we must subscribe to their managed DDOS product?
>
> -cjp