Egress filters dropping traffic

Hi, Under what scenarios do providers install egress ACLs which could say for eg. 1. Allow all IP traffic out on an interface foo if its coming from source IP x.x.x.x/y 2. Drop all other IP traffic out on this interface. Glen

Re: Egress filters dropping traffic

I usually do ingress acl on CE facing PE interfaces , that way I can provide one level of anti spoofing on IPs "I control" . I've not had the need for an egress ACL yet but then again I think it depends on network design and habits from Day 1. One use case though may be to mitigate DDOS attack

Re: Egress filters dropping traffic

On 6/30/2013 12:34 PM, Glen Kent wrote: > Under what scenarios do providers install egress ACLs which could say for > eg. > > 1. Allow all IP traffic out on an interface foo if its coming from source > IP x.x.x.x/y > 2. Drop all other IP traffic out on this interface. If you're an end node, it's B

Re: Egress filters dropping traffic

I guess maybe you want to be sure a certain process occurred in the router (ej NAT). --Original Message-- From: Glen Kent To: nanog@nanog.org Subject: Egress filters dropping traffic Sent: Jun 30, 2013 12:04 PM Hi, Under what scenarios do providers install egress ACLs which could

Re: Egress filters dropping traffic

On (2013-06-30 22:04 +0530), Glen Kent wrote: > Under what scenarios do providers install egress ACLs which could say for > eg. > > 1. Allow all IP traffic out on an interface foo if its coming from source > IP x.x.x.x/y > 2. Drop all other IP traffic out on this interface. Question seems to be