On the ‘net: Is Networking a Commodity?

It seems, based on this, that all businesses care about, in terms of the network, is the ability to move packets. To use a comparison that is often made: It might be “nice” to drive a “nicer car,” but in the end, a car is a car is a car. All that matters in cars is that they get you from point A to point B, wherever those points might be. If all the data a business cares about can be packed up into packets, and all that matters is getting them from point A to point B—wherever those two places might be, then the kind of equipment you use to move packets does not matter. @ECI

RIPE NCC: The Future of BGP Security

I was recently invited to a webinar for the RIPE NCC about the future of BGP security. The entire series is well worth watching; I was in the final session, which was a panel discussion on where we are now, and where we might go to make BGP security better.

Why is the Feasibility Condition Less Than?

A reader recently emailed me with this question: Why isn’t the condition for a Feasible Successor set to less than (<), rather than less than of equal (<=), in EIGRP? It certainly seems, as noted in the email, that this rules out a lot of possible possible loop free alternate paths. The network below will be used to illustrate.

First, assume all links are cost of 1 except D->C, which is cost of 2. Here D will choose B as the Successor, and the FC will be set to 2. The RD of C will be 1, so C will be an FS. Now consider two failures. The first failure is D->B. D will immediately reroute to the FS, which is C, without changing the FC. This works, because C’s cost to 100::/64 via D is 4, much higher than it’s cost to 100::64 along C->A. Now consider what happens if A->100::/64 fails. If the timing of the query “works right,” C and B will be notified first, then finally D. Even if D is somehow notified before C, and D switches to C as its FS, the traffic is dropped, rather than looped—so all is happy.

Now change the situation a little. Assume the A->C link is cost of 2, and the remaining links are 1. Now assume you make the FS condition <=, rather than "just" <. From D's perspective, C is still an FS. From C's perspective, D is also an FS. Suppose the B->D link fails. D switches to C, who’s path is intact; this works. Assume the C->A link fails. C switches to D, who’s path is intact; this works.

Finally, assume the A->100::/64 link fails. If the timing is just right, D and C will receive the update with this failure at the same moment, and will both switch to their FS’s. Now you have a loop. How long will this loop last? Until C and D can do a diffusing update — probably around 250ms or less… But if you count the outside computation time, it’s the SIA timer, which is around 10 minutes in more recent versions. Hence, “just the wrong circumstances” can cause up to a 10 minute loop. Not good.

The bottom line is this: any time you have a situation where two routers can end up pointing at one another as their local FS, you have a ring of some number of hops. If the final destination is outside the ring, some member of the ring must be the point at which traffic leaves the ring, and moves towards the destination. If the link connecting the ring to the destination fails, the update carrying the information about the loss of connectivity to the destination must travel around the ring in both directions.

When the update reaches the point at which routing would normally split horizon—the “point at which the waterfall splits,” so-to-speak, it will like reach both sides of the split horizon point at a close enough interview to cause a loop in the forwarding tables. This situation causes microloops in a link state protocol, but microloops are often resolved quickly, and hence tend to be tolerable. In a distance vector protocol, like EIGRP, the length of time the microloop can exist can be much longer—ultimately it depends on the speed at which a distributed computation can take place (because the computation is not local to each node), and, failing that, the amount of time the network can remain in an unstable state before “something is done about it.”

This, by the way, is why I am always opposed to increasing the SIA timer in EIGRP above the “factory defaults.” The SIA timer is essentially the amount of time you are willing to allow your network to remain unconverged in the worst case, and hence either dropping or looping traffic.

Weekend Reads 05042018: It’s time to opt in to security

Start with your business goals and decide which metrics are required to accurately measure the state of these goals. For example, say an ISP wishes to ensure that their subscribers get the best performance possible during peak usage time — this can be monitored by measuring the oversubscription ratio and uplink utilization of the terminating device. The required metrics to do this are the number of connected sessions, ifHCInOctets, ifHCOutOctets, ifHCSpeed of the uplink from the terminating device. —Tim Raphael @APNIC

What is the best threat management system for a business network? It’s a difficult question to answer because threat management isn’t about finding a single solution to every problem; it’s about layering multiple solutions in a way that offers the best protection against a variety of threats. —Diana Shtil @Dark Reading

Tomorrow, the House Judiciary Committee will host what’s likely to be a wide-ranging discussion of how social media companies moderate content, in its hearing on Filtering Practices of Social Media Platforms. While the hearing is sure to include some spectacle and grandstanding, make no mistake: This is a deeply serious issue that deserves thoughtful consideration by policymakers, companies, and users alike. Here are a few key themes we hope members of the committee will consider… —Emma LLanso @CDT

Combine exploits of two of the Internet’s foundation protocols with a human behavior “vulnerability” and you get an attack that can be quite successful: That’s what happened on Amazon’s domain name service on April 24, and the result is a $150,000 lesson in stacked vulnerabilities. —Curtis Franklin Jr. @Dark Reading

In a way, cybersecurity has become a victim of SSH’s success. Because SSH comes pre-installed, most organizations have no group or individual responsible for monitoring SSH activities. In fact, most businesses make the leap that SSH equals encryption and encryption equals security. And who doesn’t want more encryption and security? The premise that encryption alone negates the need for vigilance and oversight of SSH use is dangerously flawed. —Thomas MacIsaac @Data Center Journal

The demand for compute is so strong among the hyperscalers and cloud builders that nothing seems to be slowing down Intel’s datacenter business. Not delays in processor rollouts due to the difficulties in ramping 14 nanometer and 10 nanometer processes as the pace of Moore’s Law increases in transistor density and the lowering of the cost of chips slows. —Timothy Prickett Morgan @The Next Platform

Evidence of the demise of the U.S. retail industry is clear in almost every household. It exists in every neighborhood, even in the White House, and it was clear again Thursday. —Thomas H. Kee Jr. @MarketWatch

Despite the largest scandal in data collection history, there are no signs of consumers taking majors steps to further protect their privacy. Facebook hasn’t tried to conceal its relief. What’s next? A far-reaching effort from the EU to contain the use of data. Its most likely effect will be to reinforce the position of the tech giant… —Frederic Filloux @Monday Note

On two occasions this past year I’ve published stories here warning about the prospect that new European privacy regulations could result in more spams and scams ending up in your inbox. This post explains in a question and answer format some of the reasoning that went into that prediction, and responds to many of the criticisms leveled against it. —Krebs on Security

Another BGP hijacking event is in the news today. This time, the event is affecting the Ethereum cryptocurrency. (Read more about it here, or here.) Users were faced with an insecure SSL certificate. Clicking through that, like so many users do without reading, they were redirected to a server in Russia, which proceeded to empty the user’s wallet. —Megan Kruse and Aftab Siddiqui @The Internet Society

April 2018

Deconfusing the Static Route

Configuring a static route is just like installing an entry directly in the routing table (or the RIB). I have

March 2018