Peering Improves Security

William B. NortonChief Strategy Officer, IIX

Executive Director, DrPeering Internationalwbn@iixPeering.netwbn@DrPeering.net

US Telecom WebinarLive from Silicon ValleyOctober 30, 2013 10AM PST

Meet the Presenter• Started working on Internet (NSFNET) in 1988• 1st “Chairman” of North American Network

Operator Group (NANOG) (1994-1998)• 1998-2008 Co-Founder & Chief Technical

Liaison, Equinix Inc. (NSDQ: EQIX)• 2008-Present - Executive Director, DrPeering

Int’l• Two-day On-Site Peering Workshops (EU/Africa)• The 2013 Internet Peering Playbook

• 2013 Chief Strategy Officer, International Internet Exchange (IIX)

Agenda…

Agenda

• Introduction: What you need to know about Peering for this talk

• Thesis: How Peering Improves Security1. Less vulnerable to DDOS side affects2. Fewer network elements make peering less

vulnerable3. Security response and recovery time are

improved with peers• Discussion: Q&A

What you need to know…

WHAT YOU NEED TO KNOW ABOUT PEERING

Section I: Introduction

Internet Transit Service Model• 99.9% of all• Announce

Reachability• Metered

Service• Simple• “Internet

This Way”

595th percentile measurement

95th Percentile Billing Calculation• 5 minute samples• Month of deltas• 95th percentile• Max(in,out)

6Transit Prices Drop

Internet Price Declines (U.S.)

• “Can’t go lower”• “No one is making $”• Pricing varies widely• Trend unmistakable

7Internet Peering…

What is Internet Peering?• Definition: Internet Peering is the business relationship whereby two

companies reciprocally provide access to each others’ customers.

8

Internet Peering3 Key Points

1. Peering is not a transitive relationship2. Peering is not a perfect substitute3. Peering is typically settlement free

9

The Top 5 Motivations to Peer1. Lower Transit Costs

(#1 ISP Motivation to Peer)2. Improve end user experience

(#1 Content Motivation)3. Better control over routing-strategic

(Yahoo!, NetFlix 2008)4. Usage based billing – make more money by peering

(AboveNet)5. Sell more underlying transport capacity

(Telecom Italia)

NEW 6. Peering Improves Security!10

HOW PEERING IMPROVES SECURITY: 3 TENETS

Section II: Thesis

B

On the Commodity Internet

A

BC D

E

F

G

Traffic traverses potentially many networks before reaching its destination

$

T

T

T

T

TP$ $

$

$

intermingled

B

All traffic in the Commodity Internet is intermingled

A

BC D

E

F

G

$

T

T

T

T

TP$ $

$

$

Which works fine whenthere is plenty of interconnection Bandwidth, networks have plenty ofMemory, CPU, etc. Aggregation Efficiency are great.

Works fine until

B

But when there are DDOS attacks…

A

BC D

E

F

G

$

T

T

T

T

TP$ $

$

$

…anywhere along the transit path,Packet loss, latency, poor performance. Result: DOS: AG Unable to establish a secure channel.

X

Spot events…

B

But when there are Spot Events…

A

BC D

E

F

G

$

T

T

T

T

TP$ $

$

$

…anywhere along the transit path,Packet loss, latency, poor performance. Result: DOS: AG Unable to establish a secure channel.

X

Note: Not just DDOSSpot Events (MS Update, Oprah interview, etc.)

Peering bypass

B

1) Peering Bypasses the Commodity Internet

A

BC D

E

F

G

$

T

T

T

T

TP$ $

$

$

1) By making specific traffic Immune from the side affects of DDOS,Peering Improves Security

X

“Important Traffic is Peered” – Andreas Sturm (DE-CIX)

PeeringPoint (IXP)

2nd: vulnerability

B

Commodity Internet has many points of vulnerability

A

BC D

E

F

G

$

T

T

T

T

TP$ $

$

$

No visibility to upstream compromisesMay be in protected IDC or On the top of a telephone pole

Networks can be hijacked

Interconnects can be tapped, mirrored, redirected, captured

Peering bypass

B

2) Peering Reduces the network vulnerability

A

BC D

E

F

G

$

T

T

T

T

TP$ $

$

$

For the subset of peered traffic.Hardened buildingBetter Visibility, peers should notice disruption.Peering Improves Security

Networks can be hijacked

Interconnects can be tapped, mirrored, redirected, captured

PeeringPoint (IXP)

B

3) Peering Improves Recovery Time

A

BC D

E

F

G

$

T

T

T

T

TP$ $

$

$

Practical Matter – peers exchangeContact Info, NOC #’s, network maps, Escalation procedures, cell phone #’sYou met the personfaster resolution times.

Networks can be hijacked

Interconnects can be tapped, mirrored, redirected, captured

PeeringPoint (IXP)

Peering Improves Security

1. Internet Transit intermingles traffic– Vulnerable to DDOS side affect– Peering bypasses the “wild wild west commodity

Internet”

2. Internet Transit more points of vulnerability– Interconnects and networks along the path– Peering involves fewer network elements between

content and eyeballs

3. Security response is faster with peers– Upstream NOCs won’t take your call

Thank you for your time!

Email me !

Talk about (agree/disagree) the thesis “Peering Improves Security”How peering might help your situation

wbn@iixPeering.net