On Thu, 26 Mar 1998 17:33:10 -0500, "Martin, Christian" <CMartin@mercury.balink.com> wrote: [...]
I am very willing to help my customers, but there is a tradeoff in terms of what it costs me. If it is a good customer, or more importantly, a big one, then I will write a 200 line access list, no problem! But say I implement this type of service for a few customers, and word spreads that we are doing it, then everyone wants that type of service.
Well, no one said it has to be free. Cost has a way of weeding out those who are serious about things, and of course it also helps subsidize the resource impacts or even make them profitable.
I suppose my biggest question was this. Has anyone got themselves into a hole by providing ICMP filtering on their routers to protect downstream customers, be it in terms of manageability, processor overhead, packet discarding. Also, where is the best place to do this, ingress, egress, or a combination? Do buffers need to be increased? What about queueing strategy? How does NetFlow affect access-list processing?
As you said, these are the interesting questions. -john