[c-nsp] Sup2T interface ACL limitations
Dobbins, Roland
rdobbins at arbor.net
Mon Dec 16 10:01:38 EST 2013
On Dec 10, 2013, at 12:38 AM, Rolf Hanßen <nsp at rhanssen.de> wrote:
> I am thinking about dropping some (mainly ddos) traffic on the outside network borders with ACLs.
ACLs don't work well as a DDoS reaction mechanism. They're good for protecting your network infrastructure:
<https://app.box.com/s/osk4po8ietn1zrjjmn8b>
S/RTBH is much better as a DDoS reaction mechanism:
<https://app.box.com/s/xznjloitly2apixr5xge>
All the caveats folks have noted about ACLs hold true.
-----------------------------------------------------------------------
Roland Dobbins <rdobbins at arbor.net> // <http://www.arbornetworks.com>
Luck is the residue of opportunity and design.
-- John Milton
More information about the cisco-nsp
mailing list