Merit Network
Can't find what you're looking for? Search the Mail Archives.
  About Merit   Services   Network   Resources & Support   Network Research   News   Events   Home

Discussion Communities: Merit Network Email List Archives

North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: Telco's write best practices for packet switching networks

  • From: Joe Abley
  • Date: Thu Mar 07 17:20:24 2002


On Thursday, March 7, 2002, at 04:37 , Sean Donelan wrote:

My comment was originally prompted by the meeting minutes which
reported on the survey data showing that 100% of carriers are implementing
firewalls in their gateways. The 100% is what caught my eye. As the
topic comes up in various places, large ISPs repeatedly say they are
unable to implement filters or packet screening on their high-speed
links such as at peering points.
How recently are ISPs repeatedly saying this? Packet filtering on high-speed optical interfaces has been possible for some time, depending on your router vendor, for some value of "packet filtering".

I could understand it if the issue of how to manage packet filter definitions on routers as the network changes was a problem. But if I would be slightly surprised if there was still a universal voice saying "we absolutely cannot filter packets at the edge, because the vendors won't let us".

To meet the requirements of what I understood the original quoted fragment to be saying, it's perhaps not necessary to packet filter at the edge, anyway. You can apply a firewall to just the loopback interface of a junos box and arguably consider your control element firewalled.


Joe





Discussion Communities


About Merit | Services | Network | Resources & Support | Network Research
News | Events | Contact | Site Map | Merit Network Home


Merit Network, Inc.