Dispersing a DDoS: Initial thoughts on DDoS protection

By Russ | 23 January 2017 | Comments Off on Dispersing a DDoS: Initial thoughts on DDoS protection

Distributed Denial of Service is a big deal—huge pools of Internet of Things (IoT) devices, such as security cameras, are compromised by botnets and being used for large scale DDoS attacks. What are the tools in hand to fend these attacks off? The first misconception is that you can actually fend off a DDoS attack.…

BGP Flowspec Indirection

By Russ | 11 January 2017 | Comments Off on BGP Flowspec Indirection

While Flowspec has been around for a while (RFC5575 was published in 2009), deployment across AS boundaries has been somewhat slow. The primary concern in deploying flowspec is the ability to shoot oneself in the foot, particularly as opening Flowspec to customers can also open apn entirely new, and not well understood, attack surface. Often…

snaproute Go BGP Code Dive (14): First Steps in Processing an Update

By Russ | 12 December 2016 | Comments Off on snaproute Go BGP Code Dive (14): First Steps in Processing an Update

In the last post on this topic, we found the tail of the update chain. The actual event appears to be processed here— case BGPEventUpdateMsg: st.fsm.StartHoldTimer() bgpMsg := data.(*packet.BGPMessage) st.fsm.ProcessUpdateMessage(bgpMsg) —which is found around line 734 of fsm.go. The second line of code in this snippet is interesting; it’s a little difficult to understand what…

On the ‘net: BGP Security, LACNOG 26

By Russ | 29 November 2016 | Comments Off on On the ‘net: BGP Security, LACNOG 26

BGP security: where we are now, where we are going, as presented at LACNOG 26 in November of 2016.

BGP Tools for the DFZ (2)

By Russ | 14 November 2016 | Comments Off on BGP Tools for the DFZ (2)

In the last post in this series, I looked at the whois database to make certain the registration information for a particular domain name is correct. Now it’s time to dig a little deeper into the DFZ to see what we can find. To put this series in the widest context possible, we will begin…

BGP Tools for the DFZ (1)

By Russ | 7 November 2016 | Comments Off on BGP Tools for the DFZ (1)

Why isn’t inbound load balancing working the way I expect? Why are users having a hard time reaching my web site? What is that strange advertisement I see in my local routing table, and where does it lead? The Default Free Zone (DFZ), the land where there is no default route from the edge of…

snaproute Go BGP Code Dive (13): Finding the tail of the update chain

By Russ | 31 October 2016 | Comments Off on snaproute Go BGP Code Dive (13): Finding the tail of the update chain

Just in time for Hallo’ween, the lucky thirteenth post in the BGP code dive series. In this series, we’re working through the Snaproute Go implementation of BGP just to see how a production, open source BGP implementation really works. Along the way, we’re learning something about how larger, more complex projects are structured, and also…

I2RS and Remote Triggered Black Holes

By Russ | 24 October 2016 | 2 Comments

In our last post, we looked at how I2RS is useful for managing elephant flows on a data center fabric. In this post, I want to cover a use case for I2RS that is outside the data center, along the network edge—remote triggered black holes (RTBH). Rather than looking directly at the I2RS use case,…

snaproute Go BGP Code Dive (12): Moving to Established

By Russ | 10 October 2016 | Comments Off on snaproute Go BGP Code Dive (12): Moving to Established

In last week’s post, the new BGP peer we’re tracing through the snaproute BGP code moved from open to openconfirmed by receiving, and processing, the open message. In processing the open message, the list of AFIs this peer will support was built, the hold timer set, and the hold timer started. The next step is…

snaproute Go BGP Code Dive (11): Moving to Open Confirm

By Russ | 26 September 2016 | Comments Off on snaproute Go BGP Code Dive (11): Moving to Open Confirm

In the last post in this series, we began considering the bgp code that handles the open message that begins moving a new peer to open confirmed state. This is the particular bit of code of interest— case BGPEventBGPOpen: st.fsm.StopConnectRetryTimer() bgpMsg := data.(*packet.BGPMessage) if st.fsm.ProcessOpenMessage(bgpMsg) { st.fsm.sendKeepAliveMessage() st.fsm.StartHoldTimer() st.fsm.ChangeState(NewOpenConfirmState(st.fsm)) } We looked at how this…