RIPE NCC: The Future of BGP Security

By Russ | 8 May 2018 | Comments Off on RIPE NCC: The Future of BGP Security

I was recently invited to a webinar for the RIPE NCC about the future of BGP security. The entire series is well worth watching; I was in the final session, which was a panel discussion on where we are now, and where we might go to make BGP security better.

Reaction: DNS Complexity Lessons

By Russ | 16 April 2018 | Comments Off on Reaction: DNS Complexity Lessons

Recently, Bert Hubert wrote of a growing problem in the networking world: the complexity of DNS. We have two systems we all use in the Internet, DNS and BGP. Both of these systems appear to be able to handle anything we can throw at them and “keep on ticking.” this article was crossposted to CircleID…

Network Collective: Securing BGP

By Russ | 27 February 2018 | Comments Off on Network Collective: Securing BGP

Yet another protocol episode over at the Network Collective. This time, Nick, Jordan, Eyvonne and I talk about BGP security.

On the ‘net: BGP Traffic Engineering at the Network Collective

By Russ | 18 January 2018 | Comments Off on On the ‘net: BGP Traffic Engineering at the Network Collective

  Nick Russo and I stopped by the Network Collective last week to talk about BGP traffic engineering—and in the process I confused BGP deterministic MED and always compare MED. I’ve embedded the video below.

On the ‘web: The Value of MANRS

By Russ | 16 January 2018 | Comments Off on On the ‘web: The Value of MANRS

Route leaks and Distributed Denial of Service (DDoS) attacks have been in the news a good deal over the last several years; but the average non-transit network operator might generally feel pretty helpless in the face of the onslaught. Perhaps you can buy a DDoS mitigation service or appliance, and deploy the ubiquitous firewall at…

Section 10 Routing Loops

By Russ | 9 January 2018 |

A (long) time ago, a reader asked me about RFC4456, section 10, which says: Care should be taken to make sure that none of the BGP path attributes defined above can be modified through configuration when exchanging internal routing information between RRs and Clients and Non-Clients. Their modification could potentially result in routing loops. In…

Flowspec and RFC1998?

By Russ | 4 January 2018 | Comments Off on Flowspec and RFC1998?

In a recent comment, Dave Raney asked: Russ, I read your latest blog post on BGP. I have been curious about another development. Specifically is there still any work related to using BGP Flowspec in a similar fashion to RFC1998. In which a customer of a provider will be able to ask a provider to…

On the ‘net: BGP Peering at the Network Collective

By Russ | 21 December 2017 | Comments Off on On the ‘net: BGP Peering at the Network Collective

In this Community Roundtable episode, returning guests Russ White and Nick Russo start our three part deep dive into the Border Gateway Protocol, or BGP, with a look at terminology, how peer relationships form, the differences between internal and external BGP, and scaling techniques.

Do We Really Need a New BGP?

By Russ | 18 December 2017 |

From time to time, I run across (yet another) article about why BGP is so bad, and how it needs to be replaced. This one, for instance, is a recent example. cross posted at APNIC and CircleID It seems the easiest way to solvet this problem is finding new people—ones who don’t make mistakes—to work…

BGPsec and Reality

By Russ | 23 October 2017 |

From time to time, someone publishes a new blog post lauding the wonderfulness of BGPsec, such as this one over at the Internet Society. In return, I sometimes feel like I am a broken record discussing the problems with the basic idea of BGPsec—while it can solve some problems, it creates a lot of new…