Hey guys,
I just wondered what people thought of the implications around 1gbps
residential / business plans now becoming more and more common.
I��m seeing requests from wholesalers and retail asking about this gigatown
thing and how they can get a 1Gbps service, especially unlimited.
While I know 1gbps is not too common yet, the 200mbps plan is becoming
more and more common and it won��t be long before there is pressure to do
1gbps
I know the unlimited part is easy to justify to the client around
��international & domestic�� transit pricing, but some ask why can we not do
user to user or peering traffic at 1gbps.
I��m not sure if it��s still true, but I recall from the Chorus
documentation that you could LAG a maximum of 8x10g circuits in a handover
region and that was the max, so theoretically 80gbps handover.
For the sake of ease and because 10Gbps holes are not cheap in high end
routers like ALU 7750 SR-7��s which we run, we will consider the average
provider has a single 10g or maybe 2 per region right now.
If you had say 10 or 20 users on the 1Gbps plan or even 100-200 users on
the 200mbps plan and they had misconfigured routers (consider they could
do 200mbps upload) opening them up to the likes of DNS amplifications etc.
Now those users are maxing out the upload capacity of the handover, you
have no ability to QoS the malicious users as the QoS would need to come
before hitting the handover, I.e. On the CPE.
Suddenly everyone on the handover is impacted from a handful of users that
wanted the faster speed just because it was available and affordable.
The only way to stop the attack affecting everyone would be to isolate and
disconnect the end users causing the damage, be it IPOE or PPPoE, if the
user was on a direct /30 IP then things are even harder to manage.
The DNS amplifications that hurt Spark for a whole weekend, I can only
assume was caused by such a large amount of affected devices filling up
the handovers and also because it was targeted at their DNS.
Imagine an attack of that magnitude, 10s of thousands of end users on 200
or even 100mbps circuits filling up a 10gig or even at this point a 80gbps
handover LAG.
When you talk about regional handovers up and down the country then the
problem gets worse as you then obviously need to backhaul that capacity to
Auckland before getting out to the internet, so this also has to be
considered too.
Any thoughts on the matter.
Many thanks
Kind regards,
Barry Murphy / Chief Operating Officer
+64 27 490 9712 / barry@vibecommunications.co.nz
��<http://www.vibecommunications.co.nz/>
<https://www.facebook.com/VibeCom>�� <https://twitter.com/vibecomnz>
<https://www.linkedin.com/company/1941512>
Office: +64 9 222 0000 / Fax: 0800 842 326
Unit A7, 1 Beresford Square, Auckland, New Zealand
Web: www.vibecommunications.co.nz <http://www.vibecommunications.co.nz/> /
Peering: AS45177 <http://www.peeringdb.com/view.php?asn=45177>
This communication, including any attachments, is confidential. If you are
not the intended recipient, you should not read it - please contact me
immediately, destroy it, and do not copy or use any part of this
communication or disclose anything about it. Thank you. Please note that
this communication does not designate an information system for the
purposes of the Electronic Transactions Act 2002.
_______________________________________________
NZNOG mailing list
NZNOG@list.waikato.ac.nz
http://list.waikato.ac.nz/mailman/listinfo/nznog