The Great Debate

Public vs. Private Peering

 


The Top 4 Reasons Public Peering is better than Private Peering


Here are the strongest arguments presented to the author from public peering advocates.


1. Aggregation Benefits

a. A network can easily aggregate a large number of relatively small peering sessions across a single fixed-cost peering port, with zero incremental cost per peer. (Private peering requires additional cross connects and potentially an additional interface card, so there are real costs associated with each incremental peering session.) Small peering sessions often exhibit a high degree of variability in their traffic levels, making them perfect for aggregation. Since not all peers peak at the same time, multiple peers can be multiplexed onto the shared peering fabric, with one peer’s peak traffic filling in the valleys of another peer's traffic. This helps make peering very cost effective: “I can’t afford to dedicate a whole gigE card to private peering with this guy, but public peering is a no-brainer.”

b. Public peering ports usually have very large gradations of bandwidth: 100Mbps Ethernet upgrades to 1Gbps Ethernet, which upgrades to 10Gbps Ethernet. With such large gradations, it is easier for smaller peers to maintain several times more capacity via public peering than they are currently using, which reduces the likelihood of congestion due to shifting traffic patterns, bursty traffic, or uncontrolled Denial of Service attacks. “Some peers aren’t as responsive to upgrading their peering infrastructure, nor are they of similar mind with respect for the desire for peering bandwidth headroom.” The large gradations of public peering bandwidth help reconcile these two issues.


2. Ease of administration

a.Public peering is the easiest and fastest way to both turn up and turn down a peering sessions, since no physical work is required. Peering is soft configured by the two parties on the router and the peering session is up.

b.It is common for a network to set up a trial peering session to determine the amount of traffic that would be exchanged should a session be turned up. If there is public peering capacity available, there is no incremental cost or extra administrative work required to turn up a trial peer, and the information gathered may prevent choosing an incorrect private peering port size if the traffic is moved to a private peer later.

c.Many Peering Coordinators must work within a budget, and do not have decision making authority for purchases within their company. Once the public peering switch port is ordered, there is no additional cost and therefore no additional hurdle to peering for the Peering Coordinator.

d.Public Peering provides financial predictability. The hardware requirements and monthly recurring costs of peering are the same every month. This makes planning and budgeting much easier.

e.10G Public Peering scales large peering sessions (those greater than 1Gbps) seamlessly, while private peering beyond gigE capacities requires private peering at 10G (very expensive), or connecting multiple gigEs together, which can be tricky.


3. Public Peering is used as Selection Criteria by Customers

a.Corporate and Enterprise customers continue to ask to see the list of the ISP’s public peering points.


4. Public Peering May Be the only Cost Effective way to Peer across multiple Colos

a.Across Europe, where public peering across multiple collocation centers is the norm, private peering is often a much more expensive solution. Purchasing private peering circuits within a metro is potentially very expensive, while the same traffic can traverse a shared peering fabric for much less.

Argument: Public Peering is Better

Argument: Private Peering is Better

2. Private Peering is Very Cost Effective

a.If an expected peering port and cross connect costs were $400 per month and the parties expected to send 40Mbps to each other, the EPPR would be $400/40Mbps=$10/Mbps, a very attractive price in today’s transit market.

  1. b.For those who exchange traffic with a few large peers, the 80%/20% rule applies; the majority of peering benefits can be derived by peering with the 20% of potential peers that deliver 80% of your traffic. This suggests fewer larger peers is preferable over picking up lots of small peers across a public peering fabric.


3. Private Peering is more reliable and easier to debug.

a.Private Peering involves fewer network components that could breakIt should be noted that this argument weakens when the “private” peering are provisioned across VLANs, though optical interconnects, telco provisioned SONET services, or other active electronics.

b.An architecture of private peering removes the variability of support processes across IXes. Across Europe, each IX is different, and a NOC Operator may need to understand the processes, the levels of support and debugging capabilities of the switch support staff on call at the IX, and may even need to craft NOC scripts to navigate through the IX operations tasks. A private peering architecture provides consistency that helps the NOC debug and fix things more rapidly.

  1. c.   The greater fear is that layer 2 fabrics could be connected through other layer two fabrics perhaps without the knowledge or consent of the peer, resulting in a very difficult debugging and diagnostics situation if a peering failure occurs.


4. Private Peering Sessions are More Secure

a.A private peering network that is directly connected only with those with whom there is an explicit peering arrangement is more secure than a network that connects to a public peering fabric that includes participants with whom there is no relationship with the company. There is some history here; early exchange points were places where “traffic stealing” was accomplished by pointing default at an unsuspecting and poorly secured public peer. Other problems included peers tunneling traffic across the ocean across a peer’s network. These things are explicitly disallowed in most peering and IX terms and conditions and can be further secured through filtering, but are still seen as potential hazards minimized by privately peering.

  1. b.An architecture that solely privately peers is less likely to be compromised. Since fiber has no active components that can be administered, there is nothing that can be broken into.  With a switch or other active electronics in between peers, there is the possibility that traffic can be captured at the peering point without their detection. It is relatively easy to mirror a public peering port as compared with tapping into private peering fiber cross connects without the detection of the peers involved. A few ISPs pointed to technology that can passively tap into fiber interconnects, which if true, would decrease the strength of this argument.


5. Private Peering Inclination Signals a More Attractive Peer.

a.The “Big Players” privately peer with each other and some even loath Public Peering Fabrics for historical reasons. Adopting this attitude puts one in the company of the largest Tier 1 ISPs in the world. “For certain very large networks, public peering makes no sense at all. For certain very small networks, public peering may make perfect sense.”  Or put more harshly, “if you think that public peering is a good idea, you're just not large enough yet."



Hybrid Approach (Public + Private Peering)

A combination of public and private peering is the most common, where ISPs peer publicly and “peel off” peering sessions to private peering as the volume of traffic to and from those peers increases. The “40% rule” is sometimes used whereby both parties contractually obligate each other to migrate their public peering session to private peering sessions when either party reaches 40% aggregate usage of their public peering port. This provides a safeguard for those concerned about the “Blind Oversubscription Problem” described above.

One ISP primarily uses private peering but does maintain public peering for reserve and emergency interconnect capacity. The ability to scale public peering quickly and seamlessly was seen as a key attribute here. History has shown that traffic generally grows, incrementally or sporadically from emergencies and spot events.

Vijay Gill (AOL) pointed out that there may be a “life cycle” of peering inclinations, where peers migrate from public towards private peering as the scale increases. There is much debate regarding the virtues of de-peering, and of pulling away from public peering.

At NANOG in Seattle, we held a Peering BOF IV session which included a great debate. The debate topic was Public vs Private Peering - which is better?  We used this debate as a vehicle to compare notes and practices, and preferences for public or for private peering. This page documents the results of the debate and discussions afterwards.

The Top 5 Reasons Private Peering is better than Public Peering

Here are the strongest argument private peering advocates shared with the author.


1. Private Peering Sessions are Easier to Monitor

a.SNMP Counters can be easily collected on each peering port to monitor the utilization of the Peering Session resources. No time intensive Netflow or expensive network analysis software is required to sort through shared peering fabric data to determine per-peering-session traffic volume.

b.Greater Visibility: No Blind Oversubscription Problem. With public peering, the remote peer could be congesting his port with the other peering sessions and you have no visibility into their public peering port utilization. Packets could be dropped due to port oversubscription resulting in poor peering performance. Since Private Peering involves only the two parties, when the port reaches an agreed upon utilization (say 60% utilization for example), both parties can see that it is time to upgrade the peering session.

Related Topics:

Peering Inclinations and Peering Policies

The Life Cycle of a Peering Policy