We also use ingress bogon ACLs at our borders. -- Tim Sanderson, network administrator tims@donet.com -----Original Message----- From: owner-nanog@merit.edu [mailto:owner-nanog@merit.edu] On Behalf Of Justin Shore Sent: Friday, March 07, 2008 3:20 PM To: Valdis.Kletnieks@vt.edu Cc: NANOG Subject: Re: Customer-facing ACLs Valdis.Kletnieks@vt.edu wrote:
On Fri, 07 Mar 2008 13:55:05 CST, Justin Shore said:
I'm assuming everyone uses uRPF at all their edges already so that eliminates the need for specific ACEs with ingress/egress network verification checks.
You're new here, aren't you? :)
Hopefully optimistic. Don't bum me out going into a weekend... :-) From the looks of my ingress BOGON ACLs on my borders (yes, I'm using ACLs and not null routes for a reason) I'd most people not reading NANOG (and maybe even some of them!) are not doing any ingress filtering on their customer source IPs. Sad.... Justin