On 9/18/14 1:19 PM, Job Snijders wrote:
On Thu, Sep 18, 2014 at 03:12:29PM -0400, Daniel Corbe wrote:
a) you're paying less, as you're not receiving the traffic
This ventures into the realm of an operator doing something responsible to protect me vs routing me unwanted traffic and going "lol, bill."
If you want to start playing that game, I'm happy to pay more per mbit of traffic if you're happy to guarantee me that you won't route me traffic that I'm expressly uninterested in.
Would you be willing to pay for the traffic _not_ delivered to you because of customer-pushed ACLs? If so, that would take the argument away "because we filter we can't bill". Would you be willing to pay a premium to be able to do so? Is it worth a premium to insert ACLs in real time in the upstream's network or is a 2 hour delay acceptable? what about 5 minute delay?
It's not really a question we have to ask. Managed firewall services have way higher margins then pure IP transit. By extension dropping packets can be substantially more profitable especially on a per packet or byte basis then delivering them. Not everyone wants that service however.
Aside from practical issues with flowspec as Ytti mentioned already, I don't think the market has yet figured out how stuff like this should work and become cost-effective.
Ah cost effective is a consideration, yeah that is a bit of a bummer.
Kind regards,
Job