It’s common knowledge that “the Internet” is actually a set of networks belonging to a diverse range of independent organizations such as content providers, ISPs, corporations, and universities. These networks create the Internet by interconnecting. Without these interconnections there would be no path for data originating in one network to travel to a destination in another network. But the fact that traffic can get from any Internet location to any other doesn’t mean that all networks are directly connected. Instead, each network operator chooses which other networks to connect with. With that in mind, it’s worth thinking a bit about the business and technical considerations involved when networks interconnect.
The first thing to know about a relationship between two networks is the form of interconnection. Two main types are common:
- Transit: The networks interconnect so that one (usually an ISP, telco, or carrier) can provide reachability to the entire Internet for the other, which is typically an “endpoint” entity (e.g. enterprise, content or application provider, residential broadband provider, etc.). There is almost always an accompanying commercial relationship, meaning that the endpoint entity pays the ISP to carry traffic to and from the rest of the Internet.
- Peering: The networks interconnect to exchange only traffic that originates or terminates within their own networks (or perhaps the networks of their direct customers). Peering is usually between — not surprisingly — peers, meaning entities that are comparable. A wholesale carrier whose primary business is selling transit is not going to agree to peer with an endpoint content provider who would typically be a customer.
Peering can offer both business and technical advantages over transit.
Compared to transit connections, peering can be advantageous to networks on both business and technical levels. Let’s suppose, for example, that you’ve been going through network B to get traffic to and from network C, and you then discover that it would be possible to connect with network C directly. Why would you want to do so? The benefits of peering typically boil down to three primary areas:
- Reduced Cost: Peering shifts traffic between the two parties onto a direct link between their two networks. Both parties benefit because now neither of them have to pay a “middleman” ISP to carry that traffic. So peering with network C would reduce your costs by eliminating the transit fees that you were paying network B to exchange traffic with network C.
- Improved Performance: Bypassing intervening networks (like network B) reduces the number of hops between the two networks. That means less latency and fewer potential points of failure.
- Resiliency: Peering links also act as a redundant path between the two networks. If the peering link fails, traffic can still flow via transit, and vice versa. A residential broadband provider might peer with large content networks (Google, Facebook, Netflix, etc.). Their users could still reach those top destinations via peering links if the transit links were congested — by a large DDoS attack, for example (assuming that the attack traffic doesn’t originate from within the content providers’ networks).
So now we understand why you might want to peer. But it doesn’t make sense to peer with just anyone; you have to find a network with whom peering would be mutually beneficial. How do you do that?
A traffic analytics system that correlates flow with BGP can reveal the best opportunities for peering.
It turns out that when network flow records (e.g. NetFlow, IPFIX, sFlow, etc.) are correlated with BGP routing data in a datastore that’s optimized for traffic analytics it’s relatively easy to discover the best peering opportunities for your network. Presented within a well-designed query and visualization interface, BGP analytics will help you see your prime peering candidates, which are the remote ASNs that terminate or originate the majority of the traffic flowing into and out of your network.
An added benefit of applying correlated Flow-BGP analytics is that you can find additional insights that don’t fall squarely into the category of peering:
- Transit Planning: Analytics might reveal that much of your traffic through an existing transit provider is actually being handed off to another transit provider before reaching its final destination. If the second provider sells transit for less, making a direct transit interconnection could cut your costs. It would also ensure that you avoid the relatively common problem of congestion-related disputes between “top tier” and “low cost” providers over who should pay for additional capacity at interconnection points.
- Uncovering Sales Opportunities: If you’re a transit provider, correlated Flow-BGP analytics can uncover leads for your sales team. Looking at top destination (or pass-through) ASNs who are not currently direct connections can reveal entities that receive a significant volume of traffic from your network, and who could benefit (in terms of cost or performance) by buying some transit from you.
- Customer Cost Analytics: Transit providers can get a leg up on the competition by better understanding the routes taken by their customers’ traffic. There’s a lot more room to negotiate with a potential customer whose traffic gets delivered mostly via no-cost domestic peering links than with a customer who has a lot of traffic being delivered via high-cost international transit.
The key is to recognize that flow data plus BGP data makes Big Data.
The common thread of the examples above is that better understanding — based on flow and BGP analytics — leads to better business and technical outcomes. And the key to better understanding is to recognize that flow data plus BGP data makes Big Data. It’s not uncommon for a multi-homed network to generate billions of flow records per day. Until recently, however, traffic analysis solutions were severely limited in compute and storage capacity. That meant that they could provide summary reports, but not the kind of deep, path-aware analyses that offer the insights outlined above. Only a big data solution can handle the required data at the required scale.
Kentik has introduced the industry’s first purpose-built big data engine, built around a distributed post-Hadoop core, for network traffic and BGP analytics. Offered as a cost-effective SaaS, Kentik Detect includes key features such as real-time ad-hoc querying, alerting and DDoS detection, and intuitive, multi-dimensional flow visualizations. To learn more about how BGP and flow analysis has developed over time, check out our two-part post on The Evolution of BGP NetFlow Analysis. If you’re ready to start taking advantage right now of the insights offered by big data-based network intelligence, schedule a demo or sign up for a free trial.