How Internet Peering Improves Security
Upcoming SlideShare
Loading in...5
×
 

How Internet Peering Improves Security

on

  • 738 views

This brief discussion talk brings forth and supports the thesis that Internet Peering improves network security.

This brief discussion talk brings forth and supports the thesis that Internet Peering improves network security.

Statistics

Views

Total Views
738
Views on SlideShare
736
Embed Views
2

Actions

Likes
1
Downloads
11
Comments
0

1 Embed 2

http://www.linkedin.com 2

Accessibility

Categories

Upload Details

Uploaded via as Microsoft PowerPoint

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment
  • The Internet Transit service is shown in the diagram below provides access to the global Internet by:announcing the customer route across the Internet so any network on the Internet knows how to reach the customer network, andannouncing to the customer the information necessary to be able to send traffic to any destination in the Internet.In this mini ecosystem, we see the Cyan ISP purchasing transit from the Orange Transit Provider. The Orange ISP announces to the Cyan ISP reachability to the entire Internet (shown as many colored networks to the right of the Transit Providers). The Transit Providers propagate the Cyan route (shown as a cyan circle) across the Internet so that all networks know how to reach the Cyan ISP. With this reciprocal Internet Transit service, all Internet attachments know how to reach the Cyan ISP, and the Cyan ISP knows how to reach all Internet destinations.
  • Why did the 95th percentile come into existence? In the early Internet days, Internet traffic was charged on a circuit capacity basis. But if you didn’t use very much of this capacity, you were still paying as if you did. This made Internet Transit tough to sell so the usage-based (metered) model began. Initially some ISPs charged on average use, which ended up being skewed by the occasional burstiness associated with a spot event. To address this, one ISP adopted the 95th percentile measure that was primarily introduced to not overly punish a customer for the occasional spike in traffic volume, and still allow the ISP to bill based the load placed on its network. This approach seemed palatable and sold. The rest of the industry followed suit and 95-5 was born.
  • WestNet is an ISP with green customers, MidNet is an ISP with blue customers, and EastNet is an ISP with red customers.WestNet is in a Peering relationship with MidNet in which WestNet learns how to reach MidNet's blue customers, and MidNet reciprocally learns how to reach WestNet's green customers.EastNet is in a Peering relationship with MidNet in which EastNet learns how to reach MidNet's blue customers, and MidNet reciprocally learns how to reach EastNet's red customers.After these two peering sessions are established, the routing tables are in place as shown in the boxes beneath the ISP clouds. Since MidNet peers with both EastNet and WestNet, MidNet customers can reach both EastNet and WestNet customers.

How Internet Peering Improves Security How Internet Peering Improves Security Presentation Transcript

  • Peering Improves Security William B. Norton Chief Strategy Officer, IIX Executive Director, DrPeering International wbn@iixPeering.net wbn@DrPeering.net US Telecom Webinar Live from Silicon Valley October 30, 2013 10AM PST
  • Meet the Presenter • Started working on Internet (NSFNET) in 1988 • 1st “Chairman” of North American Network Operator Group (NANOG) (19941998) • 1998-2008 Co-Founder & Chief Technical Liaison, Equinix Inc. (NSDQ: EQIX) • 2008-Present - Executive Director, DrPeering Int’l • Two-day On-Site Peering Workshops (EU/Africa) • The 2013 Internet Peering Playbook • 2013 Chief Strategy Officer, International Agenda…
  • Agenda • Introduction: What you need to know about Peering for this talk • Thesis: How Peering Improves Security 1. Less vulnerable to DDOS side affects 2. Fewer network elements make peering less vulnerable 3. Security response and recovery time are improved with peers • Discussion: Q&A What you need to know…
  • Section I: Introduction WHAT YOU NEED TO KNOW ABOUT PEERING
  • Internet Transit Service Model • 99.9% of all • Announce Reachability • Metered Service • Simple • “Internet This Way” 5 95th percentile measurement
  • • • • • 95th Percentile Billing Calculation 5 minute samples Month of deltas 95th percentile Max(in,out) 6 Transit Prices Drop
  • Internet Price Declines (U.S.) • • • • “Can’t go lower” “No one is making $” Pricing varies widely Trend unmistakable 7 Internet Peering…
  • What is Internet Peering? • Definition: Internet Peering is the business relationship whereby two companies reciprocally provide access to each others’ customers. 8
  • Internet Peering 3 Key Points 1. Peering is not a transitive relationship 2. Peering is not a perfect substitute 3. Peering is typically settlement free 9
  • The Top 5 Motivations to Peer 1. Lower Transit Costs (#1 ISP Motivation to Peer) 2. Improve end user experience (#1 Content Motivation) 3. Better control over routing-strategic (Yahoo!, NetFlix 2008) 4. Usage based billing – make more money by peering (AboveNet) 5. Sell more underlying transport capacity (Telecom Italia) NEW 6. Peering Improves Security! 10
  • Section II: Thesis HOW PEERING IMPROVES SECURITY: 3 TENETS
  • On the Commodity Internet T $ $ P C B T A D $ T E B $ T F $ T G Traffic traverses potentially many networks before reaching its destination intermingled
  • All traffic in the Commodity Internet is intermingled T $ $ P C D B $ T B E $ T T A F $ T G Which works fine when there is plenty of interconnection Bandwidth, networks have plenty of Memory, CPU, etc. Aggregation Efficiency are great. Works fine until
  • But when there are DDOS attacks… T $ $ P C $ D T B E B $ T T A X F $ T G …anywhere along the transit path, Packet loss, latency, poor performance. Result: DOS: AG Unable to establish a secure channel. Spot events…
  • But when there are Spot Events… T $ $ P C $ D T B E B $ T T A X F Note: Not just DDOS Spot Events (MS Update, Oprah interview, etc.) $ T G …anywhere along the transit path, Packet loss, latency, poor performance. Result: DOS: AG Unable to establish a secure channel. Peering bypass
  • 1) Peering Bypasses the Commodity Internet T $ $ P C D $ T B E B $ T T X A “Important Traffic is Peered” – Andreas Sturm (DE-CIX) 1) By making specific traffic Immune from the side affects of DDOS, Peering Improves Security F $ T G Peering Point (IXP) 2nd: vulnerability
  • Commodity Internet has many points of vulnerability Networks can be hijacked T $ $ P C B D $ T B E $ T T A No visibility to upstream compromises May be in protected IDC or On the top of a telephone pole F Interconnects can be tapped, mirrored, redirected, captured $ T G Peering bypass
  • 2) Peering Reduces the network vulnerability Networks can be hijacked T $ $ P C D $ T B E B $ T T A F Interconnects can be tapped, mirrored, redirected, captured For the subset of peered traffic. Hardened building Better Visibility, peers should notice disruption. Peering Improves Security $ T G Peering Point (IXP)
  • 3) Peering Improves Recovery Time Networks can be hijacked T $ $ P C D $ T B E B $ T T A F Interconnects can be tapped, mirrored, redirected, captured Practical Matter – peers exchange Contact Info, NOC #’s, network maps, Escalation procedures, cell phone #’s You met the personfaster resolution times. $ T G Peering Point (IXP)
  • Peering Improves Security 1. Internet Transit intermingles traffic – Vulnerable to DDOS side affect – Peering bypasses the “wild wild west commodity Internet” 2. Internet Transit more points of vulnerability – Interconnects and networks along the path – Peering involves fewer network elements between content and eyeballs 3. Security response is faster with peers – Upstream NOCs won’t take your call
  • Thank you for your time! Email me ! Talk about (agree/disagree) the thesis “Peering Improves Security” How peering might help your situation wbn@iixPeering.net