Dimensions as a path to openness
Today we all live in a world like that. Similar IP transit services, DDoS neutralization, in general, almost any digital service can be found similar. That is a fact - there are many service providers on the market. And when comparing the services they offer with each other, the potential client often has a small circle of possibilities. As a result, the consumer is forced to compare exclusively marketing materials of different companies, that is, in fact, their own interpretations of companies regarding their own services. This is at least strange and far from an objective comparison, even in such a simple ratio as "price / quality".
For a long time there was no alternative to this situation. Yes, there are analytical agencies comparing and analyzing market offers; again - how accessible are they and are we ready to trust them completely? The market share, the financial condition of the company and other “business metrics” may not say anything about the quality of service and services. At the moment, we live in a world of brand comparison, not the quality of the services they offer. In our opinion, this is a rather bad symptom for the market.
However, the situation is changing and in recent years it has become possible to still conduct a free quantitative and qualitative assessment of the desired service before purchasing it. And one of the best such mechanisms is RIPE Atlas .
Atlas is a set of samples (probe - “probe”, in the key of network architecture - “sensor”), that is, some points to which you can send some kind of task. Samples are located around the world, several hundred are within the state borders of the Russian Federation. There are two types of samples: large (anchors) are located in the networks of telecom operators and data centers, and small ones, the size of a USB flash drive, can be placed anywhere - even on a home router.
RIPE Atlas samples provide an excellent opportunity for qualitative research, analysis and comparison of networks. Independent of the compared services. RIPE Atlas did a great job on this service and provided a public API with a basic set of commands, such as ping, traceroute, HTTP get. However, like any API, in itself it cannot be the final product, and until recently there were no ready-made mechanisms to quickly conduct a qualitative assessment of various services. The Qrator.Radar team developed a measurement visualization tool, the functionality of which includes several standard experiments - first of all, several options for visualizing network latency and visualization of DNS output. Additionally, an emergency check mechanism for the availability of a given service was implemented,
As a demonstration of the capabilities of this toolkit, we made a comparison, taking (anonymized) four fairly large providers of services for protection against DDoS attacks. We compared them primarily by delays. Why is it important to compare DDoS-mitigation services on this basis?
Historically, services for neutralizing DDoS attacks were created as services or equipment that was included in the work immediately at the time of the attack. However, for many high-risk and high-margin services, the constant on-off of such a service or equipment still leads to temporary unavailability. As a result, to avoid downtime, services are gradually moving from the inclusion model under attack into the model of constant and continuous traffic filtering. But this imposes additional requirements for low latency on services that provide filtering services. According to a recent studyAkamai, people's satisfaction falls in proportion to the decline in the quality of the video being watched and the presence of buffering problems inextricably linked to network latencies. Ping is extremely critical for online games and players, making competition impossible in case of high delays. Network delays even affect how we look for information on the Internet and make decisions related to it. Milliseconds have a huge, sometimes invisible, effect.
The first company claims on its website that there are more than 100 points of presence. The picture is beautiful and the delays, as we see, are globally quite low.
The second picture corresponds to a company with almost 40 points of presence, and, as you can see, the delay map has become worse.
The next is a company with only 10 points of presence, and here it is immediately evident that the delays are quite high in most regions. But if you look at another operator, also having 10 points of presence, the picture again changes for the better.
What is the conclusion? The number of PoPs (point-of-presence) and their geo-prevalence have a strong influence on the quality of the services provided, but this criterion cannot be a silver bullet per se. So, a delay in networks with the same number of points of presence can give completely different results, and a network with several times fewer points of presence can still have very low delays in a given region.
Let's look at the problem from a different angle. What can analysis of DNS issuance give when analyzing the services provided by traffic filtering networks? The following picture shows that 2 out of 4 operators use DNS balancing to control traffic. In other cases, balancing is based only on BGP. Why is it important? Both BGP Anycast and GeoDNS are methods of localizing traffic within a region, as a result, which can reduce delays for end users.
Historically, traffic balancing using GeoDNS has been popular among CDN providers (CDN - content delivery network). Compared to BGP Anycast, GeoDNS is easy to implement and control, there is a whole set of almost ready-made solutions. However, what is applicable to CDNs is not always applicable to traffic filtering services. So, unlike ordinary users, bots can safely ignore the issuance of a local DNS server and can easily create congestion in a separate region, eventually removing even geo-distributed networks from a healthy state.
As can be seen from this example, the possibility of a qualitative comparison can be very useful when choosing a service. And RIPE Atlas, with our set of methods, greatly simplifies the analysis of the connectivity of telecom operators, providers of DDoS-mitigation services and other services that you will definitely need tomorrow, but it is possible that today. All source code of our toolkit is available on GitHub .
To use the toolkit, you must have virtual loans that are accrued to users for the operation of their probes, as well as to all owners of autonomous systems with LIR status. It is worth noting that RIPE provides the samples themselves at a completely free cost .
For a long time there was no alternative to this situation. Yes, there are analytical agencies comparing and analyzing market offers; again - how accessible are they and are we ready to trust them completely? The market share, the financial condition of the company and other “business metrics” may not say anything about the quality of service and services. At the moment, we live in a world of brand comparison, not the quality of the services they offer. In our opinion, this is a rather bad symptom for the market.
However, the situation is changing and in recent years it has become possible to still conduct a free quantitative and qualitative assessment of the desired service before purchasing it. And one of the best such mechanisms is RIPE Atlas .
Atlas is a set of samples (probe - “probe”, in the key of network architecture - “sensor”), that is, some points to which you can send some kind of task. Samples are located around the world, several hundred are within the state borders of the Russian Federation. There are two types of samples: large (anchors) are located in the networks of telecom operators and data centers, and small ones, the size of a USB flash drive, can be placed anywhere - even on a home router.
RIPE Atlas samples provide an excellent opportunity for qualitative research, analysis and comparison of networks. Independent of the compared services. RIPE Atlas did a great job on this service and provided a public API with a basic set of commands, such as ping, traceroute, HTTP get. However, like any API, in itself it cannot be the final product, and until recently there were no ready-made mechanisms to quickly conduct a qualitative assessment of various services. The Qrator.Radar team developed a measurement visualization tool, the functionality of which includes several standard experiments - first of all, several options for visualizing network latency and visualization of DNS output. Additionally, an emergency check mechanism for the availability of a given service was implemented,
As a demonstration of the capabilities of this toolkit, we made a comparison, taking (anonymized) four fairly large providers of services for protection against DDoS attacks. We compared them primarily by delays. Why is it important to compare DDoS-mitigation services on this basis?
Historically, services for neutralizing DDoS attacks were created as services or equipment that was included in the work immediately at the time of the attack. However, for many high-risk and high-margin services, the constant on-off of such a service or equipment still leads to temporary unavailability. As a result, to avoid downtime, services are gradually moving from the inclusion model under attack into the model of constant and continuous traffic filtering. But this imposes additional requirements for low latency on services that provide filtering services. According to a recent studyAkamai, people's satisfaction falls in proportion to the decline in the quality of the video being watched and the presence of buffering problems inextricably linked to network latencies. Ping is extremely critical for online games and players, making competition impossible in case of high delays. Network delays even affect how we look for information on the Internet and make decisions related to it. Milliseconds have a huge, sometimes invisible, effect.
The first company claims on its website that there are more than 100 points of presence. The picture is beautiful and the delays, as we see, are globally quite low.
The second picture corresponds to a company with almost 40 points of presence, and, as you can see, the delay map has become worse.
The next is a company with only 10 points of presence, and here it is immediately evident that the delays are quite high in most regions. But if you look at another operator, also having 10 points of presence, the picture again changes for the better.
What is the conclusion? The number of PoPs (point-of-presence) and their geo-prevalence have a strong influence on the quality of the services provided, but this criterion cannot be a silver bullet per se. So, a delay in networks with the same number of points of presence can give completely different results, and a network with several times fewer points of presence can still have very low delays in a given region.
Let's look at the problem from a different angle. What can analysis of DNS issuance give when analyzing the services provided by traffic filtering networks? The following picture shows that 2 out of 4 operators use DNS balancing to control traffic. In other cases, balancing is based only on BGP. Why is it important? Both BGP Anycast and GeoDNS are methods of localizing traffic within a region, as a result, which can reduce delays for end users.
Historically, traffic balancing using GeoDNS has been popular among CDN providers (CDN - content delivery network). Compared to BGP Anycast, GeoDNS is easy to implement and control, there is a whole set of almost ready-made solutions. However, what is applicable to CDNs is not always applicable to traffic filtering services. So, unlike ordinary users, bots can safely ignore the issuance of a local DNS server and can easily create congestion in a separate region, eventually removing even geo-distributed networks from a healthy state.
As can be seen from this example, the possibility of a qualitative comparison can be very useful when choosing a service. And RIPE Atlas, with our set of methods, greatly simplifies the analysis of the connectivity of telecom operators, providers of DDoS-mitigation services and other services that you will definitely need tomorrow, but it is possible that today. All source code of our toolkit is available on GitHub .
To use the toolkit, you must have virtual loans that are accrued to users for the operation of their probes, as well as to all owners of autonomous systems with LIR status. It is worth noting that RIPE provides the samples themselves at a completely free cost .