Is there any one has idea about what is "clean pipe" ? what exactly upstream
providers do using this term " clean pipe"?
whether would it add any latency in the traffic flow ?
Please if you have any link or draft , please share it.
In short, instead of paying for a (n*)gbps circuit and buying your own
DDOS prevention gear, you buy $n worth of bandwidth that has somebody
actively managing the DDOS protection.
Prolexic is one of the bigger players in this market (www.prolexic.com).
No, it's not cheap. But neither are circuits of sufficient capacity to
absorb a 100k botnet type of DDOS and the accompanying RTBH gear (Arbor,
et.al.).
And of course, if one's organization is an SP, one can in fact offer this type of service commercially to one's transit/hosting/co-location/ASP/cloud/etc. customers.
;>
Responding to the original poster's question about latency, if the service architecture is well-defined and takes backhaul-induced latency into account as part of the design/topological service coverage, latency experienced by the end-customer is typically minimal.
Is this a new concept? I've never heard of this before. It's very interesting. Not that I personally have
a need for it, but companies are always finding more "services" to provide for you....errr....manage for you.....
It's been around for the last 8 years or so - part of the reason folks may not've heard much about it is the inexplicable general underemphasis on the 'Availability' part of the 'Confidentiality - Integrity - Availability' infosec triad.
I didn't really know much about this either, but I saw this guy Joseph
Menn speak at a conference recently, and he wrote a book that touches
on who the bad guys are nowadays and what kind of stuff they're up to.
Prolexic and its founder Barrett Lyon come up quite a bit in the book
and I found it insightful.