Uncategorized

If you run connections to the ‘net at any scale, even if you are an “enterprise” (still a jinxed term, IMHO), you will quickly find it would be very useful to have a time series record of the changes in BGP at your edge. Even if you are an “enterprise,” knowing what changes have taken place in the routes your providers have advertised to you can make a big difference in tracking down an application performance issue, or knowing just when a particular service went off line. Getting this kind of information, however, can be difficult.

BGP is often overloaded for use in data center fabrics, as well (though I look forward to the day when the link state alternatives to this are available, so we can stop using BGP this way). Getting a time series view of BGP updates in a fabric is often crucial to understanding how the fabric converges, and how routing convergence events correlate to application issues.

One solution is to set up the BGP Monitoring Protocol (BMP—an abbreviation within an abbreviation, in the finest engineering tradition).

BMP is described in RFC7854 as a protocol intended to “provide a convenient interface for obtaining route views.” How is BMP different from setting up an open source BGP process and peering with all of your edge speakers? If you peer using eBGP, you will not see parroted updates unless you look for them; if you peer using iBGP, you might not receive all the updates (depending on how things are configured). However you peer, you will not get a “time series” view of the updates along your edge that can be correlated with other events in your network. Any time you peer using BGP, you are receiving routes after bestpath.

When you pull a BMP feed, in contrast, you are getting the BGP updates as the speaker sees them—before bestpath, before inbound filters, etc. This means you receive a full feed just as the edge speaker receives it. This is all provided in a format that is easily pushed into a database and correlated through timestamps—a huge wealth of information that can be quite useful not only to monitor the health of your network edge, but for troubleshooting. BMP includes messaging for:

• An initial dump of the current BGP table, called route monitoring
• Peer down notification, including a code indicating why the peer went down
• Stat reports, including number of prefixes rejected by inbound policy, number of duplicate prefixes, number of duplicate withdraws, etc.
• Peer up notification
• Route mirroring, in which the speaker sends copies of updates it is receiving

To set BMP up, you need to start with a BGP speaker that supports sending a BMP feed. Juniper supports BMP, as does Cisco. The second thing you will need is a BMP collector, a handy open source version of which is available at openbmp.org.

You will note that the openbmp collector has interfaces to a RESTful database interface, as well as a KAFKA producer. One of these two interfaces should allow you to tie BMP into your existing network management system, or set up a new database to collect the information.

BMP is becoming a bit of an ecosystem in its own right; the GROW working group has already a draft to extend BMP to report on the local routing table, which would allow you to see what is received by BGP but not installed. Another draft accepted by the GROW WG extends BMP to support the adj-rib-out, which would allow you to see the difference between what a BGP speaker receives and what it sends to its peers.

Several other drafts have been proposed but not accepted by GROW, including adding a namespace for the BGP peer up event, and using BMP as part of a BGP based traffic engineering system.

Hopefully, at some point in the future, I’ll be able to follow this post up with a small lab showing what BMP looks like in operation. For now, though, you should definitely try setting BMP up in your network if you have any sort of ‘net edge scale, or a data center using BGP as its IGP.

While we tend to focus on work/life balance, perhaps the better question is: how effective are we at using the time we use for work? From a recent study (which you may have already seen):

• Workers average just 2 hours and 48 minutes of productive device time a day
• 21% of working hours are spent on entertainment, news, and social media
• 28% of workers start their day before 8:30 AM (and 5% start before 7 AM)
• 40% of people use their computers after 10 PM
• 26% of work is done outside of normal working hours
• Workers average at least 1 hour of work outside of working hours on 89 days/year (and on ~50% of all weekend days)
• We check email and IM, on average, every 6 minutes

This is odd—we are starting work earlier, finishing later, and working over weekends, but we still only “work” less than three hours a day.

The first question must be: is this right? How are they measuring productive versus unproductive device time? What is “work time,” really? I know I don’t keep any sort of recognizable “office hours,’ so it seems like it would be hard to measure how much time I spend on the weekend versus during the “work day.”

On the other hand, no matter how flawed they might be, these numbers are still interesting. They do not, it seems to me, necessarily tell of “overwork.” Instead, they tell a tale of spending a lot of time work while not actually getting anything done.

Here is the thing: we already all know the strategies we could use to help bring the productive time up, the nonproductive time down, and “personal time” up. I try to macrotask as much as possible—take on one job for as long as it takes to reach either my limit of being able to focus on it or a point where I need to stop to do something else. During this time, I try not to look at social media, email, etc. There are commercial solutions to help you focus, as well.

So if we know there is a problem, and we know there are solutions, why don’t we fix this?

The first option—we don’t think this is really a problem. For instance, it could be that we don’t understand our own behaviors well enough to realize we are killing our own productivity by checking email constantly.

A second option—We are more afraid of missing out than we are of not getting anything done. Or perhaps we are replacing actual productivity with having an empty inbox, or a caught up news feed. Maybe we are afraid to just delete all the email we’ve not read, or mark the entire slack channel read without actually reading it.

A third option—these technologies are addictive.

Any of these will do, of course, and they are all probably partly. But I think there is another problem at the root of all of these, a problem we don’t want to talk about because it isn’t something you say in polite company. Perhaps—just maybe—the problem goes back to a spiritual ailment. Maybe we are trying to build the meaning of our lives around work.Maybe we need to realize just how much workism has infected our lives—our attachment work as the primary means through which we gain meaning in life.

And that problem, I think, is a bit harder to solve than just installing an application to rule the other applications, forcing you to focus.

How many tabs do you have open in your web browser right now? Be honest. A dozen? Two dozen? It’s okay, I’m no better. If you’re like me, you blame yourself for your horrible habit of leaving tabs open forever. —Luke Larsen

C-level executives often don’t have a clue when it comes to IT and application development. I’ve been analyzing survey data from IT end users for over 15 years, and responses received from business managers and even CIOs are often drastically different than what actual practitioners say. —Lawrence Hecht

If it’s now difficult to simply transport data from one place to the next, it’s humanly impossible to monitor and manage the data produced from distributed, hybrid, multicloud applications and environments. —Bhanu Singh

What could be more frightening than a service informing you that all your data is gone—every file and every backup servers are entirely wiped out? —Swati Khandelwal

The consolidation trend also has the potential to affect who participates in the IETF and how those in the industry view the value of standardization. Larger, more prosperous companies tend to have a greater ability to support standardization work, which is often paid for out of R&D or innovation budgets. —The Internet Society

Domains are an important element of internet infrastructure; their functionality and security rely upon many factors such as their delegated name servers. Name server delegations introduce complex and subtle inter-dependencies between domains and their authoritative name servers. —Matt Thomas

A recent DNS cache-poisoning attack that exploits a vulnerability found in mDNSResponder, a component used in name resolution in a variety of operating systems, illustrates one of the ways in which academic research is having an impact on commercial computing on a far faster cycle than the years typically associated with research and publication at universities. —Curtis Franklin, Jr.

Much has been written about blockchains and how they displace, reshape, or eliminate trust. But when you analyze both blockchain and trust, you quickly realize that there is much more hype than value. Blockchain solutions are often much worse than what they replace. —Bruce Schneier

Applications do not need to use all elements of a system all the time, and usually not all at the same time for that matter. And not all elements of a system need to be upgraded at the same time, either. A composable system architecture, which seeks to smash the server and put it back together again with interconnects and software and which a number of system makers are working on right now, aims to solve these problems. —Timothy Prickett Morgan

KrebsOnSecurity recently had a chance to interview members of the REACT Task Force, a team of law enforcement officers and prosecutors based in Santa Clara, Calif. that has been tracking down individuals engaged in unauthorized “SIM swaps” — a complex form of mobile phone fraud that is often used to steal large amounts of cryptocurrencies and other items of value from victims. Snippets from that fascinating conversation are recounted below, and punctuated by accounts from a recent victim who lost more than $100,000 after his mobile phone number was hijacked. @Krebs on Security

PortSmash, as the new attack is being called, exploits a largely overlooked side-channel in Intel’s hyperthreading technology. A proprietary implementation of simultaneous multithreading, hyperthreading reduces the amount of time needed to carry out parallel computing tasks, in which large numbers of calculations or executions are carried out simultaneously. The performance boost is the result of two logical processor cores sharing the hardware of a single physical processor. The added logical cores make it easier to divide large tasks into smaller ones that can be completed more quickly. —Dan Goodin @ARS Technica

Security researchers have unveiled details of two critical vulnerabilities in Bluetooth Low Energy (BLE) chips embedded in millions of access points and networking devices used by enterprises around the world. Dubbed BleedingBit, the set of two vulnerabilities could allow remote attackers to execute arbitrary code and take full control of vulnerable devices without authentication, including medical devices such as insulin pumps and pacemakers, as well as point-of-sales and IoT devices. —Swati Khandelwal @The Hacker News

Crooks who hack online merchants to steal payment card data are constantly coming up with crafty ways to hide their malicious code on Web sites. In Internet ages past, this often meant obfuscating it as giant blobs of gibberish text that was obvious even to the untrained eye. These days, a compromised e-commerce site is more likely to be seeded with a tiny snippet of code that invokes a hostile domain which appears harmless or that is virtually indistinguishable from the hacked site’s own domain. @Krebs on Security

Over the last several years, Facebook has gone from facilitating the free flow of information to inhibiting it through incremental censorship and account purges. What began with the ban of Alex Jones last summer has since escalated to include the expulsion of hundreds of additional pages, each political in nature. And as more people become wary of the social media platform’s motives, one thing is absolutely certain: we need more market competition in the realm of social media. —Brittany Hunter @Interllectual Takeout

Tim Berners-Lee, a London-born computer scientist who invented the Web in 1989, said he was disappointed with the current state of the internet, following scandals over the abuse of personal data and the use of social media to spread hate. “What naturally happens is you end up with one company dominating the field so through history there is no alternative to really coming in and breaking things up,” Berners-Lee, 63, said in an interview. “There is a danger of concentration.” —Guy Faulconbridge, Paul Sandle @Reuters

It’s been three years since Australia adopted a national copyright blocking system, despite widespread public outcry over the abusive, far-reaching potential of the system, and the warnings that it would not achieve its stated goal of preventing copyright infringement. Three years later, the experts who warned that censorship wouldn’t drive people to licensed services have been vindicated. According to the giant media companies who drove the copyright debate in 2015, the national censorship system has not convinced Australians to pay up. —Cory Doctorow @EFF

Thiel said Silicon Valley has fallen victim to groupthink, citing its politically insular atmosphere for his moving away to Los Angeles. “There’s a sense that the network effects that made Silicon Valley good have gone haywire,” he said, according to CNBC. “It’s not the wisdom of crowds, it’s the madness of crowds.” @Market Watch

Google Chrome is the most popular browser in the world. Chrome routinely leads the pack in features for security and usability, most recently helping to drive the adoption of HTTPS. But when it comes to privacy, specifically protecting users from tracking, most of its rivals leave it in the dust. —Bennett Cyphers and Mitch Stoltz @EFF

I just redid my slides for the network troubleshooting seminar I teach on Safari Books from time to time. This new set of slides should make for a better webinar. The outline now covers—

Segment 1: Foundations
Length: 50 minutes

• MTTR, MTBM, MTBM
• Resiliency in terms of troubleshooting
• Positive feedback loops
• Automated processes and fragility
• The troubleshooting process
• Avoiding the narrows
• Using models to dive deeper
• Using abstraction to counter the combinatorial explosion
• When abstractions leak
• What, how, and why models

10 Minute Break

Segment 2: Process
Length: 50 minutes

• The theory of half split, as seen from search trees
• Putting it together: a simple troubleshooting loop and the half-split
• Using manipulability theory to prove it
• Observations on observations

10 Minute Break

Segment 3: Examples
Length: 50 minutes

• The EIGRP case
• The BGP case
• IS-IS and BFD

10 minute final Question and Answer Period

You can register here. Note the name of the seminar is changing, so the URL might change, as well.