nanog mailing list archives

Re: High throughput bgp links using gentoo + stipped kernel

From: Phil Fagan <philfagan () gmail com>
Date: Mon, 20 May 2013 17:08:18 -0600

Just curious and perhaps off topic a tad but; is the stateful filtering of
sessions on a router to replace a firewall? Or is there another reason to
do it? I could see a benefit of creating blacklists, however,
I'm struggling with what other benefits it would provide...service
aware load-balancing? I'm very interested to learn what other strategies
and or design considerations would be made with thinking of using filtering
on a router.

I'm perfectly willing to accept consolidation of services :-)


On Mon, May 20, 2013 at 3:45 PM, Matt Palmer <mpalmer () hezmatt org> wrote:

On Sun, May 19, 2013 at 04:42:23PM -0700, Seth Mattinen wrote:

On 5/19/13 4:27 PM, Ben wrote:

Do you actually need stateful filtering?  A lot of people seem to think
that it's important, when really they're accomplishing little from it,
you can block ports etc without it.


I believe PCI compliance requires it, other things like it probably do

too.

There'd be very few PCI compliant sites if PCI required stateful
firewalling
in core routers.

- Matt



-- 
Phil Fagan
Denver, CO
970-480-7618

Current thread:

Re: High throughput bgp links using gentoo + stipped kernel, (continued)
- - - Re: High throughput bgp links using gentoo + stipped kernel William Herrin (May 19)
- Re: High throughput bgp links using gentoo + stipped kernel Andre Tomt (May 19)
- Message not available
  - Re: High throughput bgp links using gentoo + stipped kernel Nick Khamis (May 19)
    - Re: High throughput bgp links using gentoo + stipped kernel Andre Tomt (May 19)
    - Re: High throughput bgp links using gentoo + stipped kernel Matt Palmer (May 19)
    - RE: High throughput bgp links using gentoo + stipped kernel MailPlus| David Hofstee (May 21)
    - Re: High throughput bgp links using gentoo + stipped kernel Ben (May 19)
    - Re: High throughput bgp links using gentoo + stipped kernel Seth Mattinen (May 19)
    - Re: High throughput bgp links using gentoo + stipped kernel Valdis . Kletnieks (May 19)
    - Re: High throughput bgp links using gentoo + stipped kernel Matt Palmer (May 20)
    - Re: High throughput bgp links using gentoo + stipped kernel Phil Fagan (May 20)
    - Re: High throughput bgp links using gentoo + stipped kernel Justin M. Streiner (May 21)
    - Re: High throughput bgp links using gentoo + stipped kernel joel jaeggli (May 20)
    - Re: High throughput bgp links using gentoo + stipped kernel Ben (May 19)
- Re: High throughput bgp links using gentoo + stipped kernel Michael McConnell (May 19)
  - Re: High throughput bgp links using gentoo + stipped kernel Nick Khamis (May 19)
    - Re: High throughput bgp links using gentoo + stipped kernel Zachary Giles (May 19)
    - Re: High throughput bgp links using gentoo + stipped kernel Nick Khamis (May 19)
    - Re: High throughput bgp links using gentoo + stipped kernel Phil Fagan (May 19)
- Re: High throughput bgp links using gentoo + stipped kernel Ben (May 19)
  - Re: High throughput bgp links using gentoo + stipped kernel Andre Tomt (May 19)

(Thread continues...)