0
Peering Improves Security
William B. Norton
Chief Strategy Officer, IIX
Executive Director, DrPeering International
wbn@ii...
Meet the Presenter
• Started working on Internet (NSFNET) in
1988
• 1st “Chairman” of North American
Network Operator Grou...
Agenda
• Introduction: What you need to know about
Peering for this talk
• Thesis: How Peering Improves Security
1. Less v...
Section I: Introduction

WHAT YOU NEED TO KNOW ABOUT
PEERING
Internet Transit Service Model
• 99.9% of all
• Announce
Reachability
• Metered
Service
• Simple
• “Internet
This Way”
5
...
•
•
•
•

95th Percentile Billing Calculation
5 minute samples
Month of deltas
95th percentile
Max(in,out)

6
Transit Price...
Internet Price Declines (U.S.)
•
•
•
•

“Can’t go lower”
“No one is making $”
Pricing varies widely
Trend unmistakable

7
...
What is Internet Peering?

• Definition: Internet Peering is the business relationship whereby two
companies reciprocally ...
Internet Peering

3 Key Points
1. Peering is not a transitive relationship
2. Peering is not a perfect substitute
3. Peeri...
The Top 5 Motivations to Peer
1. Lower Transit Costs
(#1 ISP Motivation to Peer)
2. Improve end user experience
(#1 Conten...
Section II: Thesis

HOW PEERING IMPROVES
SECURITY: 3 TENETS
On the Commodity Internet

T
$

$

P
C

B

T
A

D

$

T
E
B

$

T

F

$

T
G

Traffic traverses
potentially many networks
...
All traffic in the Commodity Internet is
intermingled
T
$

$

P
C

D

B

$

T
B
E

$

T

T
A

F

$

T
G

Which works fine ...
But when there are DDOS attacks…

T
$

$

P
C

$

D

T
B
E

B

$

T

T
A

X

F

$

T
G

…anywhere along the transit path,
...
But when there are Spot Events…

T
$

$

P
C

$

D

T
B
E

B

$

T

T
A

X

F

Note:
Not just DDOS
Spot Events (MS Update,...
1) Peering Bypasses the Commodity
Internet
T
$

$

P
C

D

$

T
B
E

B

$

T

T
X

A

“Important Traffic is Peered”
– Andr...
Commodity Internet has many points
of vulnerability
Networks can be hijacked

T
$

$

P
C

B

D

$

T
B
E

$

T

T
A

No v...
2) Peering Reduces the network
vulnerability
Networks can be hijacked

T
$

$

P
C

D

$

T
B
E

B

$

T

T
A

F
Interconn...
3) Peering Improves Recovery Time
Networks can be hijacked

T
$

$

P
C

D

$

T
B
E

B

$

T

T
A

F
Interconnects can be...
Peering Improves Security
1. Internet Transit intermingles traffic
– Vulnerable to DDOS side affect
– Peering bypasses the...
Thank you for your time!
Email me !
Talk about (agree/disagree) the thesis “Peering Improves Security”
How peering might h...
Upcoming SlideShare
Loading in...5
×

How Internet Peering Improves Security

603

Published on

This brief discussion talk brings forth and supports the thesis that Internet Peering improves network security.

Published in: Technology
0 Comments
1 Like
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total Views
603
On Slideshare
0
From Embeds
0
Number of Embeds
1
Actions
Shares
0
Downloads
19
Comments
0
Likes
1
Embeds 0
No embeds

No notes for slide
  • The Internet Transit service is shown in the diagram below provides access to the global Internet by:announcing the customer route across the Internet so any network on the Internet knows how to reach the customer network, andannouncing to the customer the information necessary to be able to send traffic to any destination in the Internet.In this mini ecosystem, we see the Cyan ISP purchasing transit from the Orange Transit Provider. The Orange ISP announces to the Cyan ISP reachability to the entire Internet (shown as many colored networks to the right of the Transit Providers). The Transit Providers propagate the Cyan route (shown as a cyan circle) across the Internet so that all networks know how to reach the Cyan ISP. With this reciprocal Internet Transit service, all Internet attachments know how to reach the Cyan ISP, and the Cyan ISP knows how to reach all Internet destinations.
  • Why did the 95th percentile come into existence? In the early Internet days, Internet traffic was charged on a circuit capacity basis. But if you didn’t use very much of this capacity, you were still paying as if you did. This made Internet Transit tough to sell so the usage-based (metered) model began. Initially some ISPs charged on average use, which ended up being skewed by the occasional burstiness associated with a spot event. To address this, one ISP adopted the 95th percentile measure that was primarily introduced to not overly punish a customer for the occasional spike in traffic volume, and still allow the ISP to bill based the load placed on its network. This approach seemed palatable and sold. The rest of the industry followed suit and 95-5 was born.
  • WestNet is an ISP with green customers, MidNet is an ISP with blue customers, and EastNet is an ISP with red customers.WestNet is in a Peering relationship with MidNet in which WestNet learns how to reach MidNet's blue customers, and MidNet reciprocally learns how to reach WestNet's green customers.EastNet is in a Peering relationship with MidNet in which EastNet learns how to reach MidNet's blue customers, and MidNet reciprocally learns how to reach EastNet's red customers.After these two peering sessions are established, the routing tables are in place as shown in the boxes beneath the ISP clouds. Since MidNet peers with both EastNet and WestNet, MidNet customers can reach both EastNet and WestNet customers.
  • Transcript of "How Internet Peering Improves Security"

    1. 1. Peering Improves Security William B. Norton Chief Strategy Officer, IIX Executive Director, DrPeering International wbn@iixPeering.net wbn@DrPeering.net US Telecom Webinar Live from Silicon Valley October 30, 2013 10AM PST
    2. 2. Meet the Presenter • Started working on Internet (NSFNET) in 1988 • 1st “Chairman” of North American Network Operator Group (NANOG) (19941998) • 1998-2008 Co-Founder & Chief Technical Liaison, Equinix Inc. (NSDQ: EQIX) • 2008-Present - Executive Director, DrPeering Int’l • Two-day On-Site Peering Workshops (EU/Africa) • The 2013 Internet Peering Playbook • 2013 Chief Strategy Officer, International Agenda…
    3. 3. Agenda • Introduction: What you need to know about Peering for this talk • Thesis: How Peering Improves Security 1. Less vulnerable to DDOS side affects 2. Fewer network elements make peering less vulnerable 3. Security response and recovery time are improved with peers • Discussion: Q&A What you need to know…
    4. 4. Section I: Introduction WHAT YOU NEED TO KNOW ABOUT PEERING
    5. 5. Internet Transit Service Model • 99.9% of all • Announce Reachability • Metered Service • Simple • “Internet This Way” 5 95th percentile measurement
    6. 6. • • • • 95th Percentile Billing Calculation 5 minute samples Month of deltas 95th percentile Max(in,out) 6 Transit Prices Drop
    7. 7. Internet Price Declines (U.S.) • • • • “Can’t go lower” “No one is making $” Pricing varies widely Trend unmistakable 7 Internet Peering…
    8. 8. What is Internet Peering? • Definition: Internet Peering is the business relationship whereby two companies reciprocally provide access to each others’ customers. 8
    9. 9. Internet Peering 3 Key Points 1. Peering is not a transitive relationship 2. Peering is not a perfect substitute 3. Peering is typically settlement free 9
    10. 10. The Top 5 Motivations to Peer 1. Lower Transit Costs (#1 ISP Motivation to Peer) 2. Improve end user experience (#1 Content Motivation) 3. Better control over routing-strategic (Yahoo!, NetFlix 2008) 4. Usage based billing – make more money by peering (AboveNet) 5. Sell more underlying transport capacity (Telecom Italia) NEW 6. Peering Improves Security! 10
    11. 11. Section II: Thesis HOW PEERING IMPROVES SECURITY: 3 TENETS
    12. 12. On the Commodity Internet T $ $ P C B T A D $ T E B $ T F $ T G Traffic traverses potentially many networks before reaching its destination intermingled
    13. 13. All traffic in the Commodity Internet is intermingled T $ $ P C D B $ T B E $ T T A F $ T G Which works fine when there is plenty of interconnection Bandwidth, networks have plenty of Memory, CPU, etc. Aggregation Efficiency are great. Works fine until
    14. 14. But when there are DDOS attacks… T $ $ P C $ D T B E B $ T T A X F $ T G …anywhere along the transit path, Packet loss, latency, poor performance. Result: DOS: AG Unable to establish a secure channel. Spot events…
    15. 15. But when there are Spot Events… T $ $ P C $ D T B E B $ T T A X F Note: Not just DDOS Spot Events (MS Update, Oprah interview, etc.) $ T G …anywhere along the transit path, Packet loss, latency, poor performance. Result: DOS: AG Unable to establish a secure channel. Peering bypass
    16. 16. 1) Peering Bypasses the Commodity Internet T $ $ P C D $ T B E B $ T T X A “Important Traffic is Peered” – Andreas Sturm (DE-CIX) 1) By making specific traffic Immune from the side affects of DDOS, Peering Improves Security F $ T G Peering Point (IXP) 2nd: vulnerability
    17. 17. Commodity Internet has many points of vulnerability Networks can be hijacked T $ $ P C B D $ T B E $ T T A No visibility to upstream compromises May be in protected IDC or On the top of a telephone pole F Interconnects can be tapped, mirrored, redirected, captured $ T G Peering bypass
    18. 18. 2) Peering Reduces the network vulnerability Networks can be hijacked T $ $ P C D $ T B E B $ T T A F Interconnects can be tapped, mirrored, redirected, captured For the subset of peered traffic. Hardened building Better Visibility, peers should notice disruption. Peering Improves Security $ T G Peering Point (IXP)
    19. 19. 3) Peering Improves Recovery Time Networks can be hijacked T $ $ P C D $ T B E B $ T T A F Interconnects can be tapped, mirrored, redirected, captured Practical Matter – peers exchange Contact Info, NOC #’s, network maps, Escalation procedures, cell phone #’s You met the personfaster resolution times. $ T G Peering Point (IXP)
    20. 20. Peering Improves Security 1. Internet Transit intermingles traffic – Vulnerable to DDOS side affect – Peering bypasses the “wild wild west commodity Internet” 2. Internet Transit more points of vulnerability – Interconnects and networks along the path – Peering involves fewer network elements between content and eyeballs 3. Security response is faster with peers – Upstream NOCs won’t take your call
    21. 21. Thank you for your time! Email me ! Talk about (agree/disagree) the thesis “Peering Improves Security” How peering might help your situation wbn@iixPeering.net
    1. A particular slide catching your eye?

      Clipping is a handy way to collect important slides you want to go back to later.

    ×