How Direct Private Peering Can Enhance your Network Security

How Direct Private Peering Can Enhance your Network Security

From routing policy mistakes to BGP hijacks, how do enterprise businesses secure their network to avoid emerging security threats?

83% of enterprise workloads will be in the cloud by 2020 and as more and more data is delivered between on-premises and public environments, the network perimeter is starting to change. With this comes new security challenges faced by enterprise businesses.

Network security issues often come about when Border Gateway Protocol (BGP) routes are compromised. Let’s break this down:

The internet is composed of a mesh of ISPs, each one represented by an Autonomous System (AS) that peer to each other using BGP. Routes are then exchanged through BGP between the various ASs. Each BGP-learned route is accompanied by an AS path. Think of this AS path as the trail you follow to reach the destination.

This example shows what an AS path would look like from a given enterprise business labeled “MyAS” traversing the internet to reach Amazon Web Services (AWS), AS 14618.
I        

As you can see, there are three intermediary hops between the enterprise ‘MyAS’ and AWS ‘14618’. Each one of those ASs are also connected to multiple other ASs upstream which provides a highly interconnected network that is highly redundant and fault tolerant. Unfortunately, this also provides multiple opportunities for the company’s data to be rerouted and intercepted between the source and destination.

Oracle’s Internet Intelligence team monitors the internet for these interceptions and analyses the outcome. It could be a routing policy mistake that causes your traffic between Washington DC and Los Angeles to be routed through China. Or, a routing error could actually appear to be more intentional when Google, Facebook, Microsoft, and Apple traffic is routing through Russia.

Then, of course, there are blatant acts of cyber crime that happen more often than you might think. Take the April 2018 BGP hijack of Amazon’s DNS to steal cryptocurrency followed by the BGP hijack targeting payment systems in August. When attacks such as these happen, business impacts can result in anything from a disruption in services to data loss that could cost millions of dollars.

Traversing the open internet leaves data open to misdirection through BGP mishap. When migrating workloads from their private network to the public cloud, businesses need to make sure they are taking appropriate precautions to protect their data in transit.

Establishing direct, private peering between networks can help mitigate this threat. Megaport provides this level of high-performance, dedicated connectivity that can be extended to both private and public services with the most popular cloud providers. Users can enjoy the security of peering between their source and destination without any intermediary ASs (as shown in this example):

As massive volumes of data continue to be pushed to the public cloud, new security threats will likely develop. Direct peering with Megaport can provide extra protection for those critical workloads without exposing data traversing your backend servers over the internet.

How does it work? Well, Megaport has direct API integrations with the world’s leading cloud providers. When connecting to your chosen cloud via Megaport, you’re peering with their direct connectivity product (for example, AWS Direct Connect) via a Virtual Cross Connect (VXC). The VXC forms the Layer 2 component of the connection. Layer 3 BGP connectivity is established directly between your network and the cloud.

For more information about the pitfalls of public internet connectivity, including security, read our blog post here. If you’d like to get in contact with us or have any further questions answered, go to our contact page.

Related Posts

Partner Spotlight: Datacom

Partner Spotlight: Datacom

Datacom partners with Megaport to deliver secure, scalable data center solutions with seamless global cloud connectivity. With Megaport’s presence in Datacom’s APAC facilities, customers gain reliable, high-performance access to a neutral ecosystem, enhancing cloud transitions and workload efficiencies. Explore connectivity options at Datacom’s locations in New Zealand and Australia.

Read More
Getting the most out of ExpressRoute’s price reduction

Getting the most out of ExpressRoute’s price reduction

Microsoft’s updated ExpressRoute pricing for Office 365 connectivity now makes Premium routing more accessible, dropping costs to as low as USD$75/month for 50Mbps circuits. This overhaul provides global edge connectivity and improved routing via Microsoft’s network. Learn how Megaport simplifies ExpressRoute deployment, from hybrid cloud setups with private peering to Office 365 configurations using public or Microsoft peering. Explore step-by-step guidance for both Azure Resource Manager and Classic consoles, ensuring seamless integration with your existing network.

Read More
Should You Adopt a Zero Trust Network Architecture?

Should You Adopt a Zero Trust Network Architecture?

From what it is to how it works, we look at Zero Trust Network Access and whether it’s time for your enterprise to adopt a zero trust architecture.

Read More