nanog mailing list archives
Re: level3 dia egress filtering?
From: Ca By <cb.list6 () gmail com>
Date: Mon, 12 May 2014 19:02:28 -0700
On May 12, 2014 6:53 PM, "Justin M. Streiner" <streiner () cluebyfour org> wrote:
On Mon, 12 May 2014, Bob Evans wrote:Ahh, Yep, same thing port and/or protocol for an address range. I
haven't
seen that accomplished via BGP. I know ATT will do it - they want about
2K
more per month for that ability. All your traffic is redirected (extra hops ) through a firewall. So, it's a basic expensive firewall service. We have done both port based and protocol. But it gets installed by hand only on the connected port the customer.From what I've seen, most of the major carriers don't filter traffic
outside of truly exceptional circumstances, or it's treated as a revenue source. If it's offered at all, it's often priced unattractively, because carriers often don't want to be in the firewall/port-filtering business.
jms
All my providers provide me incident response that includes rtbh as well as ACL and in some cases protocol rate limiting. ACL may take a while working the phone, but rtbh is immediate. I substanilly decreased business with at&t since they do not offer rtbh. Rtbh is really the floor on security features, and at&t is below the floor. CB
Current thread:
- level3 dia egress filtering? Christopher Rogers (May 12)
- RE: level3 dia egress filtering? Petter Bruland (May 12)
- RE: level3 dia egress filtering? Bob Evans (May 12)
- Re: level3 dia egress filtering? Christopher Rogers (May 12)
- Re: level3 dia egress filtering? Bob Evans (May 12)
- Re: level3 dia egress filtering? Justin M. Streiner (May 12)
- Re: level3 dia egress filtering? Ca By (May 12)
- RE: level3 dia egress filtering? Bob Evans (May 12)
- RE: level3 dia egress filtering? Petter Bruland (May 12)
- Re: level3 dia egress filtering? Blake Dunlap (May 13)
- Re: level3 dia egress filtering? Paul S. (May 13)
- Re: level3 dia egress filtering? Mark Tinka (May 13)