Welp, there's a lot that needs addressing in this comment, but I'll stick to the heavy-hitters.
> they've had near daily network interruptions due to DDoS attacks since Christmas of last year, with some outages lasting up to almost a day
Whoa, nope[1].
> It also leaves them highly vulnerable to DDoS attacks through exchanges.
We aggressively de-peer with networks that regularly originate attack traffic, allowing us to size our ports according to utilization rather than worst case attack sizes. Multilateral peering is actually a bit more expensive than transit these days - much more expensive if you intend to significantly overprovision capacity.
> Who else can you name that utilizes up to 7 transit providers in a given city
That's fair, but missing context. We're figuring out who works best for our traffic profile. We will scale back/remove the underperformers and scale up those that prove their worth.
> It's not cost effective, is sub-optimal for resiliency against attacks, and fails to leverage peering effectively.
Perhaps fewer issues in the last month, but your own status page shows a litany of issues in September and earlier months. And I am fairly certain your status page has not covered every instance of attacks / packet loss on your network(s).
> We aggressively de-peer with networks that regularly originate attack traffic, allowing us to size our ports according to utilization rather than worst case attack sizes.
The Internet is far from perfect, and every network of sufficient scale is going to have a number of compromised machines on it, especially eyeball networks, who should be your most desirable peers. Rather than blanket de-peering such networks, you should be looking at PNI's with them.
True, there are a number of 'bulletproof' networks, but they are few and far between.
> Multilateral peering is actually a bit more expensive than transit these days - much more expensive if you intend to significantly overprovision capacity.
That is simply not true either. Even if taking the worst case of leasing waves across 3 major long-haul routes across the continent, you're looking at about $0.20/Mb. 100Gb waves have gotten cheap in the last year, almost cut in half of what they were not too long ago. Unlike transit though, you get full use of both directions, so your effective rate as a content heavy network is going to be closer to $0.10/Mb. And this is just a small minority of your traffic; most peering traffic is local and much of it would travel much shorter distances as the majority of non-local destinations aren't going to be at extreme ends of the continent. And at the end of the day, you can simply limit not accepting peering routes in a given city from other cities that are too far away, and push those out through local transit instead if you prefer.
Some exchanges are even one-time fee only, and most others are priced quite reasonably. You peer with networks available on those exchanges first, and only peer with networks at the more expensive exchanges if they're exclusively there. Believe it or not, other networks like to save money too, and those worth peering with are usually at the more cost effective exchanges.
> That's fair, but missing context. We're figuring out who works best for our traffic profile. We will scale back/remove the underperformers and scale up those that prove their worth.
That's a very expensive way to do things, considering minimum 1 year terms for most providers. Would've been significantly cheaper for you to hire some consultants with extensive experience working with the networks you were considering. Heck, you could have just sent some of the more outgoing members of your network team to a NANOG and gathered feedback for free over a few vendor sponsored beers.
It's also not exactly rocket science to figure out which Tier 1's are strongest in which corner of the world. At the end of the day, you're not dependent on their support if you're multi-homing (and shouldn't be because most of them are terrible).
> they've had near daily network interruptions due to DDoS attacks since Christmas of last year, with some outages lasting up to almost a day
Whoa, nope[1].
> It also leaves them highly vulnerable to DDoS attacks through exchanges.
We aggressively de-peer with networks that regularly originate attack traffic, allowing us to size our ports according to utilization rather than worst case attack sizes. Multilateral peering is actually a bit more expensive than transit these days - much more expensive if you intend to significantly overprovision capacity.
> Who else can you name that utilizes up to 7 transit providers in a given city
That's fair, but missing context. We're figuring out who works best for our traffic profile. We will scale back/remove the underperformers and scale up those that prove their worth.
> It's not cost effective, is sub-optimal for resiliency against attacks, and fails to leverage peering effectively.
All of this is dramatically incorrect.
[1] https://cloudharmony.com/status