2011/10/25 Brandon Galbraith <[email protected]> > On Tue, Oct 25, 2011 at 1:46 PM, Keegan Holley > <[email protected]>wrote: > >> Depends on the provider. Many just do not want to manage hundreds of >> customer ACL's on access routers. Especially when it would compete with a >> managed service (firewall, IDP, DDOS) of some sort. Some still are under >> the impression that ACL's are software based and their giant $100k+ edge >> box >> would crash if they configured them for any reason. >> >> > Conversely, some don't want to be paid for bare colocation (at bare > colocation prices) and have to then support 1000+ rules (yes, 1000+) with > 10-20 change requests per day. YMMV/slippery slope/service scope/etc. >
They are no worse than route filters or bandwidth increases, or IP address requests/changes. The provider should be able to do a temporary filter if the customer needs it though rather than forcing them to wait weeks or months to install a managed service/device. I agree permanent custom ACL's with indefinite growth/management could be considered a managed service and should either be an additional charge or not allowed at all.
