[AusNOG] Filtering services and odd things
Tristram Cheer
t at uber.co.nz
Tue Feb 16 10:38:43 EST 2016
Hi All,
I came across a client on our network that is using a filtering service where the client installs a device that sends all of their upload traffic over an IPSec tunnel to a 3rd party network for inspection before that network then sends the request on with the “spoofed” IP of the client’s public IP so that the download stream returns directly to the client. This way the filtering service doesn’t have to deal with the download traffic volumes. Initially It seemed ok but the more I thought about it the more it didn’t sit right with me.
Has anyone else come across this type of service before? Have you run into problems with what is in effect one way traffic from a SME/Residential connection? It seems to me that BCP38 would knock this service out and if the ISP was doing any sort of inspection that would require both up and down streams it may break their connection/degrade it. Whilst it’s technically ok it just seems a little off for a non-enterprise connection to potentially be acting “odd”. Not looking at the pro’s and con’s of filtering but just thought I’d put it to the list to see what everyone’s thoughts are on it :)
Cheers
TRISTRAM CHEER
UBER GROUP LIMITED
NETWORK ARCHITECT - MOST PROBLEMS ARE THE RESULT OF PREVIOUS SOLUTIONS...
[Facebook]<https://www.facebook.com/UberGroup?_rdr=p> [Twitter] <https://twitter.com/ubergroupltd>
E: t at uber.co.nz<mailto:t at uber.co.nz>
P: 09 438 5472 Ext 803 | M: 022 412 1985 | W: www.uber.co.nz<http://www.uber.co.nz>
53 PORT ROAD | PO BOX 5083 | WHANGAREI | NEW ZEALAND
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ausnog.net/pipermail/ausnog/attachments/20160215/5be944ff/attachment-0001.html>
More information about the AusNOG
mailing list