[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

BCP38/84 and DDoS ACLs

Subject: BCP38/84 and DDoS ACLs
From: rdobbins at arbor.net (Roland Dobbins)
Date: Sat, 27 May 2017 00:19:34 +0700
In-reply-to: <[email protected]>
References: <[email protected]>

On 26 May 2017, at 22:39, Graham Johnston wrote:

> I am looking for information regarding standard ACLs that operators 
> may be using at the internet edge of their network, on peering and 
> transit connections,

These .pdf presos may be of interest:

<https://app.box.com/s/ko8lk4vlh1835p36na3u>

<https://app.box.com/s/xznjloitly2apixr5xge>

They talk about iACL and tACL design philosophy.

What traffic you should permit/deny on your network is, of course, 
situationally-specific.  Depends on what kind of network it is, what 
servers/services/applications/users you have, et. al.  You may need one 
set of ACLs at the peering/transit edge, and other, more specific ACLs, 
at the IDC distribution gateway, customer aggregation gateway, et. al.

-----------------------------------
Roland Dobbins <rdobbins at arbor.net>

Follow-Ups:
- BCP38/84 and DDoS ACLs
  - From: kvicknair at reservetele.com (Kody Vicknair)
- BCP38/84 and DDoS ACLs
  - From: valdis.kletnieks at vt.edu (valdis.kletnieks at vt.edu)
- BCP38/84 and DDoS ACLs
  - From: rdobbins at arbor.net (Roland Dobbins)

References:
- BCP38/84 and DDoS ACLs
  - From: johnstong at westmancom.com (Graham Johnston)

Prev by Date: Leasing /22 blocks
Next by Date: BCP38/84 and DDoS ACLs
Previous by thread: BCP38/84 and DDoS ACLs
Next by thread: BCP38/84 and DDoS ACLs
Index(es):
- Date
- Thread