Hi,
Is there any one has idea about what is "clean pipe" ? what exactly upstream
providers do using this term " clean pipe"?
whether would it add any latency in the traffic flow ?
Please if you have any link or draft , please share it.
Planning to implement it in our peering pipes ?
thanks and regards,
sakthi
Is there any one has idea about what is "clean pipe" ? what exactly upstream
providers do using this term " clean pipe"?
Call it "managed DDOS protection" .. sort of like the SaS model, but for
networking.
Simple ASCII artwork :
Internet -> ISP (big pipe) -> DDOS gear -> (your circuit) -> you.
In short, instead of paying for a (n*)gbps circuit and buying your own
DDOS prevention gear, you buy $n worth of bandwidth that has somebody
actively managing the DDOS protection.
Prolexic is one of the bigger players in this market (www.prolexic.com).
No, it's not cheap. But neither are circuits of sufficient capacity to
absorb a 100k botnet type of DDOS and the accompanying RTBH gear (Arbor,
et.al.).
Cheers,
Michael Holstein
Cleveland State University
And of course, if one's organization is an SP, one can in fact offer this type of service commercially to one's transit/hosting/co-location/ASP/cloud/etc. customers.
;>
Responding to the original poster's question about latency, if the service architecture is well-defined and takes backhaul-induced latency into account as part of the design/topological service coverage, latency experienced by the end-customer is typically minimal.
Is this a new concept? I've never heard of this before. It's very interesting. Not that I personally have
a need for it, but companies are always finding more "services" to provide for you....errr....manage for you.....
It's been around for the last 8 years or so - part of the reason folks may not've heard much about it is the inexplicable general underemphasis on the 'Availability' part of the 'Confidentiality - Integrity - Availability' infosec triad.
I didn't really know much about this either, but I saw this guy Joseph
Menn speak at a conference recently, and he wrote a book that touches
on who the bad guys are nowadays and what kind of stuff they're up to.
Prolexic and its founder Barrett Lyon come up quite a bit in the book
and I found it insightful.
http://www.amazon.com/Fatal-System-Error-Bringing-Internet/dp/1586487485
Cheers,
Al Iverson
Dear Mister Vadivel,
Hi,
Is there any one has idea about what is "clean pipe" ?
It's a buzzword : "clean pipe" = Managed Network Security Service (like "Cloud Computing" = Distributed Systems)
what exactly upstream
providers do using this term " clean pipe"?
Mister Holstein gave a good explanation.
There is also Google :
whether would it add any latency in the traffic flow ?
Yes, knowing that you will add some computational treatment (stateful inspection) to your network traffic . What are your requirements ?
Please if you have any link or draft , please share it.
ISP :
http://www.pacnet.com/pub/Product%20Brochures/DDoS_brochure.pdf
CISCO :
Planning to implement it in our peering pipes ?
Obeseus!
thanks and regards,
sakthi
Best Regards,
Guillaume FORTAINE
Thanks a lot guys...have enough info to drill down on "clean pipe"
regards,
sakthi