RE: level3 dia egress filtering?

["Bob Evans" <bob () FiberInternetCenter com>]

Are you asking a transit network to filter specific ports as an end user
or as an ISP who has Level 3 as a transit provider?

I haven't seen a specific port could be dropped by any network....Only
aware of BGP community string like, 3356:9999 - black hole (discard all
traffic for specific IP range) traffic type abilities.

We have and will filter specific ports for customers. But this port type
ACL is completed by hand....I haven't seen anyone implement this using a
BGP community string.

Bob Evans
CTO
Fiber Internet CenterThank You
Bob Evans
CTO


> We contacted Level3 a few weeks back, and were told that they do not
> provide any filtering service.
> I've not been able to confirm this from anyone else, besides the Level3
> customer service rep we spoke with.
>
> Currently looking into a DDoS protection service from Akamai. Sounds
> awesome what they can do, but often "awesome" translates to "overkill"
> and/or "too expensive".
>
> -Petter
>
> -----Original Message-----
> From: NANOG [mailto:nanog-bounces () nanog org] On Behalf Of Christopher
> Rogers
> Sent: Monday, May 12, 2014 2:47 PM
> To: nanog () nanog org
> Subject: level3 dia egress filtering?
>
> Does anyone have any experience dealing with level3 in trying to get
> egress filters applied to an internet dia link with them?
>
> I've been trying to get them to apply an egress filter to drop all of udp
> to a certain /25 on my network that's been getting hammered by a dns
> amplification attack, and I am being told that they can only 'drop an
> entire protocol, and not to a specific ip address or range.'
>
> Can anyone confirm if that's the case?
>
> cheers
> -chris