Re: upstream support for flowspec

[joel jaeggli <joelja () bogus com>]

On 9/18/14 1:19 PM, Job Snijders wrote:
> On Thu, Sep 18, 2014 at 03:12:29PM -0400, Daniel Corbe wrote:
>
> > > a) you're paying less, as you're not receiving the traffic
> >
> > This ventures into the realm of an operator doing something responsible
> > to protect me vs routing me unwanted traffic and going "lol, bill."
> >
> > If you want to start playing that game, I'm happy to pay more per mbit
> > of traffic if you're happy to guarantee me that you won't route me
> > traffic that I'm expressly uninterested in.
>
> Would you be willing to pay for the traffic _not_ delivered to you
> because of customer-pushed ACLs? If so, that would take the argument
> away "because we filter we can't bill". Would you be willing to pay a
> premium to be able to do so? Is it worth a premium to insert ACLs in
> real time in the upstream's network or is a 2 hour delay acceptable?
> what about 5 minute delay? 

It's not really a question we have to ask. Managed firewall services
have way higher margins then pure IP transit. By extension dropping
packets can be substantially more profitable especially on a per packet
or byte basis then delivering them. Not everyone wants that service however.

> Aside from practical issues with flowspec as Ytti mentioned already, I
> don't think the market has yet figured out how stuff like this should
> work and become cost-effective.

Ah cost effective is a consideration, yeah that is a bit of a bummer.

> Kind regards,
>
> Job

Attachment: signature.asc
Description: OpenPGP digital signature