Buying IP Bandwidth Across a Peering Exchange

Stephen Fulton sf at
Mon Dec 1 00:19:15 UTC 2014

Hi Clayton,

Putting on my TorIX hat, I'll address what you've brought up:

1. We implemented port security because MAC ACL's were not effectively 
blocking certain types of bad traffic, which was a problem with the 
hardware in place at the time.  As you are certainly aware, getting 
vendors to work on esoteric problems faced by a small number of their 
customers can be frustrating.

2. Port security effectively logs rogue MAC's received on the port, 
which was/is not always the case when certain types of "bad or unwanted 
traffic are received.  This has proven invaluable for trouble-shooting 
and is very easy to pass along that info to the peer for further 
investigation without having to begin a separate trouble-shooting 
process with all parties online and aligned, and hoping the problem 

3. Since we implemented port security, the stability of TorIX has been 
excellent.  No more sudden outages due to peer human error or bad peer 
architecture.  (some of which is mind blowing).

4. If you think the 60 minute lock-down is excessive, bring it up on 
torix-members and begin a discussion, which we're certainly open to when 
it will not adversely affect the integrity of the IX.

5. If Netflix was at TorIX, I guarantee you would see traffic shoot 
through the roof, and that's why we'd welcome NF and others like FB, 
Edgecast etc. joining TorIX.  We are one of the largest IX'es in terms 
of number of peers in the world after all.

Back onto the original topic, a number of peers sell transit over the 
IX.  TorIX does not offer SLA's, but we do not stop peers from 
maximizing their value of the IX.

-- Stephen (volunteer at TorIX)

On 2014-11-30 6:51 PM, Clayton wrote:
> We peer at TorIX and Equinix.  I have to say that despite the fact that
> Equnix charges us more for our port, we're getting far more value from it
> than TorIX.  Around double the traffic, and they don't have silly punative
> measures like locking your port if you leak a MAC address other than the
> one you registered with them (Equnix filters the MAC, but doesn't apply a
> 60 minute port shut down penalty if you leak like TorIX does).

More information about the NANOG mailing list