[174554] in North American Network Operators' Group
Re: upstream support for flowspec
daemon@ATHENA.MIT.EDU (joel jaeggli)
Thu Sep 18 16:35:35 2014
X-Original-To: nanog@nanog.org
Date: Thu, 18 Sep 2014 13:35:17 -0700
From: joel jaeggli <joelja@bogus.com>
To: Job Snijders <job@instituut.net>, Daniel Corbe <corbe@corbe.net>
In-Reply-To: <20140918201925.GC96444@Vurt.local>
Cc: nanog@nanog.org
Errors-To: nanog-bounces@nanog.org
This is an OpenPGP/MIME signed message (RFC 4880 and 3156)
--3isW3AQKtDsBOuxTrK5Iud6imQDNgvOAP
Content-Type: text/plain; charset=windows-1252
Content-Transfer-Encoding: quoted-printable
On 9/18/14 1:19 PM, Job Snijders wrote:
> On Thu, Sep 18, 2014 at 03:12:29PM -0400, Daniel Corbe wrote:
>=20
>>> a) you're paying less, as you're not receiving the traffic
>>
>> This ventures into the realm of an operator doing something responsibl=
e
>> to protect me vs routing me unwanted traffic and going "lol, bill."
>>
>> If you want to start playing that game, I'm happy to pay more per mbit=
>> of traffic if you're happy to guarantee me that you won't route me
>> traffic that I'm expressly uninterested in.
>=20
> Would you be willing to pay for the traffic _not_ delivered to you
> because of customer-pushed ACLs? If so, that would take the argument
> away "because we filter we can't bill". Would you be willing to pay a
> premium to be able to do so? Is it worth a premium to insert ACLs in
> real time in the upstream's network or is a 2 hour delay acceptable?
> what about 5 minute delay?=20
It's not really a question we have to ask. Managed firewall services
have way higher margins then pure IP transit. By extension dropping
packets can be substantially more profitable especially on a per packet
or byte basis then delivering them. Not everyone wants that service howev=
er.
> Aside from practical issues with flowspec as Ytti mentioned already, I
> don't think the market has yet figured out how stuff like this should
> work and become cost-effective.
Ah cost effective is a consideration, yeah that is a bit of a bummer.
> Kind regards,
>=20
> Job
>=20
--3isW3AQKtDsBOuxTrK5Iud6imQDNgvOAP
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="signature.asc"
-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.22 (Darwin)
Comment: GPGTools - http://gpgtools.org
iEYEARECAAYFAlQbQgUACgkQ8AA1q7Z/VrIfYQCgixLSv6OpSd97zV7/5+AdlH4P
9M0AniVlQz8mNNfmY08QUJGg1Cav+d3C
=VwNS
-----END PGP SIGNATURE-----
--3isW3AQKtDsBOuxTrK5Iud6imQDNgvOAP--
