Peering versus Transit

Dorian R. Kim writes:

> > Er, why did the exchange operator let you put a router on their switching
> > fabric if you're not peering there with somebody? Are there actual
> > cases of people with routers at NAPs/MAEs/xIXs who don't peer with anyone?
> It's possible that the fabric on which EP is built is used for other purposes.
> For example, Ameritech NAP runs on the same ATM switch that a research VPN
> called MREN runs on.

Of course, it should be pointed out that most NAP operaters distance
themselves from peering agreements and so have no explicit knowledge whether
NAP participants are peering with each other or not, and do not believe it is
appropriate for them to inquire into such. NAP operators provide the
facilities, but whatever the customers do with those facilities is up to them.

It's a really bad decision. It saves the cost of hiring a real engineer, but
who wants to see a repeat of MAE-East? IXPs need a real traffic cop, at the
very least, to wreak havoc on people who play nasty link-layer games. (Yes,
it's conceivable that everyone on the IXP could guard themselves, but this
is highly inefficient both in dollars and hours spent.)

That's why we have refused to connect to MAE-NY at this time.

BTW, although I may be flogging this issue, having a "traffic cop" at an
IXP would make it a *hell* of a lot easier to track down, say, a SYN flooder
once you worked backwards to the IXP from the attacked host.