nanog mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Buying IP Bandwidth Across a Peering Exchange

From: Stephen Fulton <sf () lists esoteric ca>
Date: Sun, 30 Nov 2014 19:19:15 -0500
Hi Clayton,

Putting on my TorIX hat, I'll address what you've brought up:
1. We implemented port security because MAC ACL's were not effectively blocking certain types of bad traffic, which was a problem with the hardware in place at the time. As you are certainly aware, getting vendors to work on esoteric problems faced by a small number of their customers can be frustrating.
2. Port security effectively logs rogue MAC's received on the port, which was/is not always the case when certain types of "bad or unwanted traffic are received. This has proven invaluable for trouble-shooting and is very easy to pass along that info to the peer for further investigation without having to begin a separate trouble-shooting process with all parties online and aligned, and hoping the problem reappears.
3. Since we implemented port security, the stability of TorIX has been excellent. No more sudden outages due to peer human error or bad peer architecture. (some of which is mind blowing).
4. If you think the 60 minute lock-down is excessive, bring it up on torix-members and begin a discussion, which we're certainly open to when it will not adversely affect the integrity of the IX.
5. If Netflix was at TorIX, I guarantee you would see traffic shoot through the roof, and that's why we'd welcome NF and others like FB, Edgecast etc. joining TorIX. We are one of the largest IX'es in terms of number of peers in the world after all.
Back onto the original topic, a number of peers sell transit over the IX. TorIX does not offer SLA's, but we do not stop peers from maximizing their value of the IX. 

-- Stephen (volunteer at TorIX)


On 2014-11-30 6:51 PM, Clayton wrote:

We peer at TorIX and Equinix.  I have to say that despite the fact that
Equnix charges us more for our port, we're getting far more value from it
than TorIX.  Around double the traffic, and they don't have silly punative
measures like locking your port if you leak a MAC address other than the
one you registered with them (Equnix filters the MAC, but doesn't apply a
60 minute port shut down penalty if you leak like TorIX does).
Previous By Date Next
Previous By Thread Next

Current thread: