30 Jun
2013
30 Jun
'13
1:08 p.m.
I usually do ingress acl on CE facing PE interfaces , that way I can provide one level of anti spoofing on IPs "I control" . I've not had the need for an egress ACL yet but then again I think it depends on network design and habits from Day 1. One use case though may be to mitigate DDOS attack on a customer facing link. Sent from my iPhone On Jun 30, 2013, at 5:34 PM, Glen Kent <glen.kent@gmail.com> wrote:
Hi,
Under what scenarios do providers install egress ACLs which could say for eg.
1. Allow all IP traffic out on an interface foo if its coming from source IP x.x.x.x/y 2. Drop all other IP traffic out on this interface.
Glen