[51719] in North American Network Operators' Group
Re: Vulnerbilities of Interconnection
daemon@ATHENA.MIT.EDU (William B. Norton)
Thu Sep 5 14:12:21 2002
Date: Thu, 05 Sep 2002 11:03:53 -0700
To: nanog@merit.edu
From: "William B. Norton" <wbn@equinix.com>
In-Reply-To: <2037ce52033afa.2033afa2037ce5@gmu.edu>
Errors-To: owner-nanog-outgoing@merit.edu
At 12:44 PM 9/5/2002 -0400, sgorman1@gmu.edu wrote:
> One part that
>we are looking at are the vulnerbilites of interconnection facilites.
A quick point...Several folks have postulated that the internal
(non-physical) threat dwarfs that of the physical threat, due to the lack
of visibility, the difficulty of tracking and coordinating a response, and
the millions of vulnerable systems world-wide capable of launching an
internal attack. A physical attack (a hole in a wall for example) can
typically be detected and corrected in a matter of hours or days, while an
effective internal attack could be varied in time and scope causing at
least as much damage invisibly for a much longer period of time.
That said, a few years back I wrote the "Interconnection Strategies for
ISPs" white paper, which speaks to the economics of peering using exchange
points vs. using pt-to-pt circuits. It documents a clear break even point
where large capacity circuits (or dark fiber loops) into an IX with fiber
cross connects within a building are a better fit (financially) than
pt-to-pt circuits.
A couple physical security considerations came out of that research:
1) Consider that man holes are not always secured, providing access to
metro fiber runs, while there is generally greater security within
colocation environments
2) It is faster to repair physical disruptions at fewer points, leveraging
cutovers to alternative providers present in the collocation IX model, as
opposed to the Direct Circuit model where provisioning additional
capacities to many end points may take days or months.
Finally, I have seen a balancing act between how much it costs to protect
against a disruption versus the cost of the disruption. In today's economy
(unlike say a few years ago) more folks seem to be focused on doing this
mathematically calculation rather than just picking full mesh interconnect
topologies.
Bill
---------------------------------------------------------------------------------------------------------------
William B. Norton <wbn@equinix.com> 650.315.8635
Co-Founder and Chief Technical Liaison Equinix, Inc.
Yahoo Instant Messenger ID: WilliamBNorton
