Embed Size (px)
DESCRIPTION
This brief discussion talk brings forth and supports the thesis that Internet Peering improves network security.
Citation preview
Peering Improves Security
William B. NortonChief Strategy Officer, IIX
Executive Director, DrPeering [email protected]@DrPeering.net
US Telecom WebinarLive from Silicon ValleyOctober 30, 2013 10AM PST
Meet the Presenter• Started working on Internet (NSFNET) in 1988• 1st “Chairman” of North American Network
Operator Group (NANOG) (1994-1998)• 1998-2008 Co-Founder & Chief Technical
Liaison, Equinix Inc. (NSDQ: EQIX)• 2008-Present - Executive Director, DrPeering
Int’l• Two-day On-Site Peering Workshops (EU/Africa)• The 2013 Internet Peering Playbook
• 2013 Chief Strategy Officer, International Internet Exchange (IIX)
Agenda…
Agenda
• Introduction: What you need to know about Peering for this talk
• Thesis: How Peering Improves Security1. Less vulnerable to DDOS side affects2. Fewer network elements make peering less
vulnerable3. Security response and recovery time are
improved with peers• Discussion: Q&A
What you need to know…
WHAT YOU NEED TO KNOW ABOUT PEERING
Section I: Introduction
Internet Transit Service Model• 99.9% of all• Announce
Reachability• Metered
Service• Simple• “Internet
This Way”
595th percentile measurement
95th Percentile Billing Calculation• 5 minute samples• Month of deltas• 95th percentile• Max(in,out)
6Transit Prices Drop
Internet Price Declines (U.S.)
• “Can’t go lower”• “No one is making $”• Pricing varies widely• Trend unmistakable
7Internet Peering…
What is Internet Peering?• Definition: Internet Peering is the business relationship whereby two
companies reciprocally provide access to each others’ customers.
8
Internet Peering3 Key Points
1. Peering is not a transitive relationship2. Peering is not a perfect substitute3. Peering is typically settlement free
9
The Top 5 Motivations to Peer1. Lower Transit Costs
(#1 ISP Motivation to Peer)2. Improve end user experience
(#1 Content Motivation)3. Better control over routing-strategic
(Yahoo!, NetFlix 2008)4. Usage based billing – make more money by peering
(AboveNet)5. Sell more underlying transport capacity
(Telecom Italia)
NEW 6. Peering Improves Security!10
HOW PEERING IMPROVES SECURITY: 3 TENETS
Section II: Thesis
B
On the Commodity Internet
A
BC D
E
F
G
Traffic traverses potentially many networks before reaching its destination
$
T
T
T
T
TP$ $
$
$
intermingled
B
All traffic in the Commodity Internet is intermingled
A
BC D
E
F
G
$
T
T
T
T
TP$ $
$
$
Which works fine whenthere is plenty of interconnection Bandwidth, networks have plenty ofMemory, CPU, etc. Aggregation Efficiency are great.
Works fine until
B
But when there are DDOS attacks…
A
BC D
E
F
G
$
T
T
T
T
TP$ $
$
$
…anywhere along the transit path,Packet loss, latency, poor performance. Result: DOS: AG Unable to establish a secure channel.
X
Spot events…
B
But when there are Spot Events…
A
BC D
E
F
G
$
T
T
T
T
TP$ $
$
$
…anywhere along the transit path,Packet loss, latency, poor performance. Result: DOS: AG Unable to establish a secure channel.
X
Note: Not just DDOSSpot Events (MS Update, Oprah interview, etc.)
Peering bypass
B
1) Peering Bypasses the Commodity Internet
A
BC D
E
F
G
$
T
T
T
T
TP$ $
$
$
1) By making specific traffic Immune from the side affects of DDOS,Peering Improves Security
X
“Important Traffic is Peered” – Andreas Sturm (DE-CIX)
PeeringPoint (IXP)
2nd: vulnerability
B
Commodity Internet has many points of vulnerability
A
BC D
E
F
G
$
T
T
T
T
TP$ $
$
$
No visibility to upstream compromisesMay be in protected IDC or On the top of a telephone pole
Networks can be hijacked
Interconnects can be tapped, mirrored, redirected, captured
Peering bypass
B
2) Peering Reduces the network vulnerability
A
BC D
E
F
G
$
T
T
T
T
TP$ $
$
$
For the subset of peered traffic.Hardened buildingBetter Visibility, peers should notice disruption.Peering Improves Security
Networks can be hijacked
Interconnects can be tapped, mirrored, redirected, captured
PeeringPoint (IXP)
B
3) Peering Improves Recovery Time
A
BC D
E
F
G
$
T
T
T
T
TP$ $
$
$
Practical Matter – peers exchangeContact Info, NOC #’s, network maps, Escalation procedures, cell phone #’sYou met the personfaster resolution times.
Networks can be hijacked
Interconnects can be tapped, mirrored, redirected, captured
PeeringPoint (IXP)
Peering Improves Security
1. Internet Transit intermingles traffic– Vulnerable to DDOS side affect– Peering bypasses the “wild wild west commodity
Internet”
2. Internet Transit more points of vulnerability– Interconnects and networks along the path– Peering involves fewer network elements between
content and eyeballs
3. Security response is faster with peers– Upstream NOCs won’t take your call
Thank you for your time!
Email me !
Talk about (agree/disagree) the thesis “Peering Improves Security”How peering might help your situation
![Internet Peering v2 - start [APNIC TRAINING WIKI]](https://img.pdfslide.net/doc/110x75/62829798513bbf66a129670c/internet-peering-v2-start-apnic-training-wiki.jpg)
![IXP Internet Peering - start [APNIC TRAINING WIKI]](https://img.pdfslide.net/doc/110x75/628295ec712714572e59787d/ixp-internet-peering-start-apnic-training-wiki.jpg)
