Merit Network
Can't find what you're looking for? Search the Mail Archives.
  About Merit   Services   Network   Resources & Support   Network Research   News   Events   Home

Discussion Communities: Merit Network Email List Archives

North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: Internet Monitoring Center

  • From: Sean Donelan
  • Date: Fri Jan 31 14:08:22 2003

On Fri, 31 Jan 2003 Valdis.Kletnieks@vt.edu wrote:
> > in this. My question is why large providers couldn't interlink themselves
> > and establish guidelines for notification and resolution of network issues.
> > They manage it for peering, why not for overall performance and security
> > issues?
>
> "I'll get back to you Tuesday or when NANOG posts embarrass me" works for
> peering issues, but not for security issues.

Actually it works about as well for both issues.  When John Markoff from
the New York Times calls companies take an interest.

The reality is companies act in their own self-interest.  Both peering
and security have asymetric costs, i.e. more pain or gain for one of the
parties.  Being a "good neighbor" is noble, but it doesn't pay.  Although
everyone could win if all parties cooperated, one party has an advantage
by defecting because they save the expense but still get the benefit of
everyone else doing it (tragedy of the commons, prisoners' delima, etc).

What is interesting is the flip between large and small providers on who
benefits the most from peering or security.

Peering is a much bigger "win" for a smaller provider than a large
provider.  So the small provider has an incentive to peer, while the large
provider doesn't.  For the large provider, peering is just another
expense they would prefer not to spend.

On the other hand, security is a much bigger "win" for a larger provider
than for a small provider.  As Willie Sutton use to say, he robbed banks
because that's were the money was.  Larger providers have more exposure,
and more to loose. Even a non-directed attack such as a worm tends to
impact larger providers more than smaller providers. The larger provider
has more incentive to work on security. For a small provider, security is
just another expense they would prefer not to spend.

And let's face it, bank security exists to protect the bank's money.





Discussion Communities


About Merit | Services | Network | Resources & Support | Network Research
News | Events | Contact | Site Map | Merit Network Home


Merit Network, Inc.