Need some info about "Clean pipe"
Hi, Is there any one has idea about what is "clean pipe" ? what exactly upstream providers do using this term " clean pipe"? whether would it add any latency in the traffic flow ? Please if you have any link or draft , please share it. Planning to implement it in our peering pipes ? thanks and regards, sakthi
Is there any one has idea about what is "clean pipe" ? what exactly upstream providers do using this term " clean pipe"?
Call it "managed DDOS protection" .. sort of like the SaS model, but for networking. Simple ASCII artwork : Internet -> ISP (big pipe) -> DDOS gear -> (your circuit) -> you. In short, instead of paying for a (n*)gbps circuit and buying your own DDOS prevention gear, you buy $n worth of bandwidth that has somebody actively managing the DDOS protection. Prolexic is one of the bigger players in this market (www.prolexic.com). No, it's not cheap. But neither are circuits of sufficient capacity to absorb a 100k botnet type of DDOS and the accompanying RTBH gear (Arbor, et.al.). Cheers, Michael Holstein Cleveland State University
On Mar 16, 2010, at 1:06 AM, Michael Holstein wrote:
In short, instead of paying for a (n*)gbps circuit and buying your own DDOS prevention gear, you buy $n worth of bandwidth that has somebody actively managing the DDOS protection.
And of course, if one's organization is an SP, one can in fact offer this type of service commercially to one's transit/hosting/co-location/ASP/cloud/etc. customers. ;> Responding to the original poster's question about latency, if the service architecture is well-defined and takes backhaul-induced latency into account as part of the design/topological service coverage, latency experienced by the end-customer is typically minimal. ----------------------------------------------------------------------- Roland Dobbins <rdobbins@arbor.net> // <http://www.arbornetworks.com> Injustice is relatively easy to bear; what stings is justice. -- H.L. Mencken
Is this a new concept? I've never heard of this before. It's very interesting. Not that I personally have a need for it, but companies are always finding more "services" to provide for you....errr....manage for you.....
From: rdobbins@arbor.net To: nanog@nanog.org Date: Mon, 15 Mar 2010 18:35:29 +0000 Subject: Re: Need some info about "Clean pipe"
On Mar 16, 2010, at 1:06 AM, Michael Holstein wrote:
In short, instead of paying for a (n*)gbps circuit and buying your own DDOS prevention gear, you buy $n worth of bandwidth that has somebody actively managing the DDOS protection.
And of course, if one's organization is an SP, one can in fact offer this type of service commercially to one's transit/hosting/co-location/ASP/cloud/etc. customers.
;>
Responding to the original poster's question about latency, if the service architecture is well-defined and takes backhaul-induced latency into account as part of the design/topological service coverage, latency experienced by the end-customer is typically minimal.
----------------------------------------------------------------------- Roland Dobbins <rdobbins@arbor.net> // <http://www.arbornetworks.com>
Injustice is relatively easy to bear; what stings is justice.
-- H.L. Mencken
On Mar 16, 2010, at 1:58 AM, Brandon Kim wrote:
Is this a new concept? I've never heard of this before.
It's been around for the last 8 years or so - part of the reason folks may not've heard much about it is the inexplicable general underemphasis on the 'Availability' part of the 'Confidentiality - Integrity - Availability' infosec triad. ----------------------------------------------------------------------- Roland Dobbins <rdobbins@arbor.net> // <http://www.arbornetworks.com> Injustice is relatively easy to bear; what stings is justice. -- H.L. Mencken
On Mon, Mar 15, 2010 at 1:58 PM, Brandon Kim <brandon.kim@brandontek.com> wrote:
Is this a new concept? I've never heard of this before. It's very interesting. Not that I personally have a need for it, but companies are always finding more "services" to provide for you....errr....manage for you.....
I didn't really know much about this either, but I saw this guy Joseph Menn speak at a conference recently, and he wrote a book that touches on who the bad guys are nowadays and what kind of stuff they're up to. Prolexic and its founder Barrett Lyon come up quite a bit in the book and I found it insightful. http://www.amazon.com/Fatal-System-Error-Bringing-Internet/dp/1586487485 Cheers, Al Iverson
Dear Mister Vadivel, On 03/15/2010 06:50 PM, sakthi vadivel wrote:
Hi,
Is there any one has idea about what is "clean pipe" ?
It's a buzzword : "clean pipe" = Managed Network Security Service (like "Cloud Computing" = Distributed Systems)
what exactly upstream providers do using this term " clean pipe"?
Mister Holstein gave a good explanation. There is also Google : http://www.google.com/search?q="clean+pipe"+"ddos"&btnG=Search&hl=en&esrch=FT1&sa=2
whether would it add any latency in the traffic flow ?
Yes, knowing that you will add some computational treatment (stateful inspection) to your network traffic . What are your requirements ?
Please if you have any link or draft , please share it.
ISP : http://www.tatacommunications.com/downloads/enterprise/Data%20Sheet%20-%20%2... http://www.pacnet.com/pub/Product%20Brochures/DDoS_brochure.pdf CISCO : http://www.cisco.com/assets/cdc_content_elements/networking_solutions/servic...
Planning to implement it in our peering pipes ?
Obeseus ;) ! http://docs.google.com/viewer?url=http://www.loud-fat-bloke.co.uk/obeseus2.p...
thanks and regards, sakthi
Best Regards, Guillaume FORTAINE
Thanks a lot guys...have enough info to drill down on "clean pipe" regards, sakthi On Tue, Mar 16, 2010 at 10:09 AM, Guillaume FORTAINE <gfortaine@live.com>wrote:
Dear Mister Vadivel,
On 03/15/2010 06:50 PM, sakthi vadivel wrote:
Hi,
Is there any one has idea about what is "clean pipe" ?
It's a buzzword : "clean pipe" = Managed Network Security Service (like "Cloud Computing" = Distributed Systems)
what exactly upstream
providers do using this term " clean pipe"?
Mister Holstein gave a good explanation.
There is also Google :
http://www.google.com/search?q= "clean+pipe"+"ddos"&btnG=Search&hl=en&esrch=FT1&sa=2
whether would it add any latency in the traffic flow ?
Yes, knowing that you will add some computational treatment (stateful inspection) to your network traffic . What are your requirements ?
Please if you have any link or draft , please share it.
ISP :
http://www.tatacommunications.com/downloads/enterprise/Data%20Sheet%20-%20%2...
http://www.pacnet.com/pub/Product%20Brochures/DDoS_brochure.pdf
CISCO :
http://www.cisco.com/assets/cdc_content_elements/networking_solutions/servic...
Planning to implement it in our peering pipes ?
Obeseus ;) !
http://docs.google.com/viewer?url=http://www.loud-fat-bloke.co.uk/obeseus2.p...
thanks and regards,
sakthi
Best Regards,
Guillaume FORTAINE
participants (6)
-
Al Iverson -
Brandon Kim -
Dobbins, Roland -
Guillaume FORTAINE -
Michael Holstein -
sakthi vadivel