Akamai Diversity

The Akamai Blog

An Introduction to Internet Hygiene

Despite the common misperception, there are not a lot of rules for ISPs. There are a lot of things people think are rules or perhaps even are called rules, but in reality, they are merely suggestions.

You may think to yourself, "how can that be?" Especially when things such as "Request for Comments" (RFCs), "Best Common Operational Practices" (BCOPs), and "Internet Official Protocol Standards" (STDs), all spell out the rules for protocols, servers, networks, and even higher level activities. These documents use words like SHOULD and MUST (yes, in all caps), with rigid definitions. However, when an ISP does not follow the rules there is no fine, no penalty, no Internet police to take them off to Internet jail. These "rules" end of feeling more like suggestions or recommendations.

But, they're called rules for a reason, and they do exist to make the Internet a safer, more reliably operating place. And, we know that ignoring the rules can lead to problems, so most ISPs follow most of the rules. But in some situations disobeying the rules does not cause an immediate or massive effect. ISPs may not even realize that something is wrong, even if the impact is large.

And therein lies the problem. The Internet is the largest shared medium in the history of humanity. If the users of the shared medium do not act in a way conducive to the medium's shared fate, it is harmful to all users. There are plenty of examples where a single ISP or a small number of ISPs playing fast & loose with the rules caused major problems for the entire Internet.

Following the rules - keeping your network clean - is considered good Internet hygiene. Complying with all the standards might not be sexy, but just like brushing your teeth, it is vitally important to maintaining good health. Besides, who wants an ISP with rotten teeth and bad breath? Yuck!

Unfortunately, there are literally thousands of RFCs, STDs, BCPs, etc. It can be difficult to figure out which ones apply to each individual situation.

Over the next several weeks, I am going to do a series of posts highlighting the most common things ISPs miss when configuring their network. Each of these actions is relatively low-cost or even no-cost, and will help not only the ISP configuring them but the Internet as a whole.

My initial focus will be on looking at those Internet hygiene issues that can help stop Distributed Denial of Service (DDoS) attacks. DDoS is a scourge on the Internet, almost always harming the intended victim and frequently enlisting the help of unwitting ISPs, which harms those ISPs. Worse, they can harm networks in between the attacker and the victim. There just is no such thing as a good DDoS attack. My hope is these posts will spur into action some ISPs who did not realize that by following the rules they can protect themselves and the whole Internet.

I welcome your comments. The more people who get involved the better, and all ideas are welcome.


Patrick Gilmore is chief network architect at Akamai


woow ! Very interesting post I like your website keep up the great posts

This is such an interesting piece. Thank you for sharing your ideas through this article. We all should comply with the standards and keep our network clean.