False-alarm generator

Why do ISPs want to provide free consulting advice
to debug why a government map turned red today? If it is like Zonealarm
or Netmedic, most of the "alarms" are due to problems with the customer's

If the government map is designed properly then it won't turn red unless
75% of the ISP maps have turned red.

In other words, a proper national or international alarming system will
average out the data from several ISPs according to some kind of weighting
formula so that one or two red ISPs will only contribute to a light yellow
indicator on a national scale.

Although an aggregated flow of information from outage reports would be
useful to a national Internet status monitoring group, it would be far
more useful for every ISP to report a regular red-amber-or-green status.
This is qualitative information that the national group could consolidate
using a weighting system that rated each ISP according to how important
their network is within the big picture. Yes, it is likely that there
would be errors in the weighting system but as some experience is gained
with the system, that weighting can be tuned.

As far as NANOG is concerned, we could help by setting up systems to
report overall health according to a consistent red-amber-or-green system
and we could help by ensuring that we do have an outage list (or high
level stream of trouble tickets) that could be offered to a national
status monitoring group. We could also help by suggesting the weighting
that should be applied to various ISP networks in calculating a national
traffic light report on Internet health.

I anyone is interested in discussing this further perhaps we could get
together in Eugene to discuss it.

-- Michael Dillon

If 75% of the ISPs have turned red, do you really need a multi-million
dollar government monitoring system to tell you that? Just watch on BBC,
CNN, MSNBC, FOXNEWS because its probably one of the top stories.

Of course the (US, Chinese, German, etc) government wants to collect all
information about everything, but how does does it actually help ISPs
more than the monitoring and response systems ISPs already use? In reality
most major ISPs today not only monitor their own network, but also monitor
beacons in, on and through other providers' networks.

The issue is not detecting when there is a "big" problem on the network.
I've been able to figure out when there are problems on the network with
a very small budget for years.

The unsolved problem is communicating why there is a problem on the

My concern with the NCS proposal is the NCS/NCC wants to detect unusual
activity on the Internet. So ISPs are going to end up being tasked to
respond to the NCS everytime someone in Washington thinks they saw a
puddycat on the Internet. And as CAIDA will tell you, there is a lot of
strange stuff on the Internet on a "normal" day.