[AusNOG] Telstra Internet Direct - BGP
James Braunegg
james.braunegg at micron21.com
Mon Jan 2 18:59:05 EST 2017
Dear Nathan
I can understand your pain of wanting control especially to protect your interfaces from unwanted denial of service traffic, as network BGP interfaces are very common targets against networks.
Whilst Telstra's policy is to supply a TID IP address they also allow you to place ACL rules for TID IP address space using the custdata portal, which can be extremely useful.
This way you can deny any unwanted traffic towards the TID IP address on both sides of the interface, effectively making the TID IP address inaccessible if required.
Examples which might be useful are below where 1.1.1.1 is your TID IP
Deny ip any 1.1.1.1 0.0.0.3
Deny icmp any 1.1.1.1 0.0.0.3
If you need any help or advise in securing services from DDoS attacks just ask
Kindest Regards
James Braunegg
P: 1300 769 972 | M: 0488 997 207 | D: (03) 9751 7616
E: james.braunegg at micron21.com<mailto:james.braunegg at micron21.com> | ABN: 12 109 977 666
W: www.micron21.com/ddos-protection<http://www.micron21.com/ddos-protection> T: @micron21
Follow us on Twitter<http://www.twitter.com/micron21> for important service and system updates.
[M21.jpg]
This message is intended for the addressee named above. It may contain privileged or confidential information. If you are not the intended recipient of this message you must not use, copy, distribute or disclose it to anyone other than the addressee. If you have received this message in error please return the message to the sender by replying to it and then delete the message from your computer.
From: AusNOG [mailto:ausnog-bounces at lists.ausnog.net] On Behalf Of Nathan Brookfield
Sent: Monday, 2 January 2017 6:21 PM
To: <ausnog at lists.ausnog.net> <ausnog at lists.ausnog.net>
Subject: [AusNOG] Telstra Internet Direct - BGP
Hi Guys,
Looking for advice and guidance from anyone else on list who has provisioned Transit services with Telstra in the past. Last year we placed orders for TID services and during the LOLO ordering process there was an option for us to supply /30 IP addressing for our sessions to Telstra "which gave me a false sense of acceptance".
That was, until the IP Assurance guys came back to us in September advising that only TID IP addressing was allowed for the adjacency interfaces and that we would not be allowed to use our own address space. Now, that doesn't sound unreasonable except for the fact that we have a policy across all upstream transit networks to only use our own IP space for several reasons, the primary one being to provide us with a higher level of control during a denial of service attack and we've never had a transit provider push back on us with this until now.
Has anyone had this experience with Telstra and experienced success in having them not enforce the policy of Telstra /30's for direct private interfaces or should I give up now?
Thanks in advance,
Kindest Regards,
Nathan Brookfield (VK2NAB)
CONFIDENTIALITY & PRIVILEGE NOTICE
The information contained in this email and any attached files is strictly private and confidential. The intended recipient of this email may only use, reproduce, disclose or distribute the information contained in this email and any attached files with Simtronic Technologies Pty Ltd's permission. If you are not the intended recipient, you are strictly prohibited from using, reproducing, adapting, disclosing or distributing the information contained in this email and any attached files or taking any action in reliance on it. If you have received this email in error, please email the sender by replying to this message, promptly delete and destroy any copies of this email and any attachments.
It is your responsibility to scan this communication and any files attached for computer viruses and other defects and recommend that you subject these to your virus checking procedures prior to use. Simtronic Technologies Pty Ltd does NOT accept liability for any loss or damage (whether direct, indirect, consequential, economic or other) however caused, whether by negligence or otherwise, which may result directly or indirectly from this communication or any files attached.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ausnog.net/pipermail/ausnog/attachments/20170102/aa708955/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image002.jpg
Type: image/jpeg
Size: 2653 bytes
Desc: image002.jpg
URL: <http://lists.ausnog.net/pipermail/ausnog/attachments/20170102/aa708955/attachment.jpg>
More information about the AusNOG
mailing list