BGP Hijacks: Two more papers consider the problem

By Russ | 5 November 2018 | Comments Off on BGP Hijacks: Two more papers consider the problem

The security of the global Default Free Zone DFZ) has been a topic of much debate and concern for the last twenty years (or more). Two recent papers have brought this issue to the surface once again—it is worth looking at what these two papers add to the mix of what is known, and what…

BGP and Suboptimal Route Reflection

By Russ | 15 October 2018 | 2 Comments

One of the crucial points in understanding the operation of BGP is the reliance on the AS path to ensure all routes are loop-free. Within a single AS, however, there is no AS path. How, then, can you ensure the path through an AS is loop-free? The original plan was to fully mesh all the…

History of Networking: BGP Route Servers and the IXP

By Russ | 3 October 2018 | Comments Off on History of Networking: BGP Route Servers and the IXP

Short Take: BGP Peering Updates

By Russ | 2 October 2018 | Comments Off on Short Take: BGP Peering Updates

BGP Security: A Gentle Reminder that Networking is Business

By Russ | 24 September 2018 | 1 Comment

At NANOG on the Road (NotR) in September of 2018, I participated in a panel on BGP security—specifically the deployment of Route Origin Authentication (ROA), with some hints and overtones of path validation by carrying signatures in BGP updates (BGPsec). This is an area I have been working in for… 20 years? … at this…

Is BGP Good Enough?

By Russ | 3 September 2018 | Comments Off on Is BGP Good Enough?

In a recent podcast, Ivan and Dinesh ask why there is a lot of interest in running link state protocols on data center fabrics. They begin with this point: if you have less than a few hundred switches, it really doesn’t matter what routing protocol you run on your data center fabric. Beyond this, there…

Research: Facebook’s Edge Fabric

By Russ | 23 August 2018 | Comments Off on Research: Facebook’s Edge Fabric

The Internet has changed dramatically over the last ten years; more than 70% of the traffic over the Internet is now served by ten Autonomous Systems (AS’), causing the physical topology of the Internet to be reshaped into more of a hub-and-spoke design, rather than the more familiar scale-free design (I discussed this in a…

Recent BGP Peering Enhancements

By Russ | 9 July 2018 | Comments Off on Recent BGP Peering Enhancements

BGP is one of the foundational protocols that make the Internet “go;” as such, it is a complex intertwined system of different kinds of functionality bundled into a single set of TLVs, attributes, and other functionality. Because it is so widely used, however, BGP tends to gain new capabilities on a regular basis, making the…

History of Networking: BGP Security

By Russ | 15 May 2018 | Comments Off on History of Networking: BGP Security

RIPE NCC: The Future of BGP Security

By Russ | 8 May 2018 | Comments Off on RIPE NCC: The Future of BGP Security

I was recently invited to a webinar for the RIPE NCC about the future of BGP security. The entire series is well worth watching; I was in the final session, which was a panel discussion on where we are now, and where we might go to make BGP security better.