Hedge 133: Brooks Westfield and Multifactor Testing

Multi-factor testing is one of the most important jobs a vendor takes on—and one of the most underrated. Testing across all possible configurations and use cases is nearly impossible. Brooks Westbrook joins Tom Ammon and Russ White on this episode of the Hedge to talk about the complexity of multi-factor testing and some of the consequences of that complexity.

Revisiting BGP Convergence

My video on BGP convergence elicited a lot of . . . feedback, mainly concerning the difference between convergence in a data center fabric and convergence in the DFZ. Let’s begin here—BGP hunt and the impact of the MRAI are very real in the DFZ. Withdrawing a route can take several minutes.

What about the much more controlled environment of a data center fabric?

Several folks pointed out that the MRAI is often set to 0 in DC fabrics (and many implementations by default). Further, almost all implementations will use an MRAI of 0 for the first received update, holding the second and subsequent advertisements by the MRAI. Several folks also pointed out that all the paths through a DC fabric are the same length, so the second part of the equation is also very small.

These are good points—how do they impact BGP convergence? Let’s use the network below, a small slice of a five-stage butterfly fabric, to think it through. Assume every router is in a different AS, so all the peering sessions are eBGP.

Weekend Reads 060322

This edition of weekend reads begins with a few straight security stories of interest. I knew key loggers existed in the wild, but the logging of keystrokes before a web form is submitted is apparently a lot more common than I realized—


They found that 1,844 websites gathered an EU user’s email address without their consent, and a staggering 2,950 logged a US user’s email in some form. Many of the sites seemingly do not intend to conduct the data-logging but incorporate third-party marketing and analytics services that cause the behavior.

Illustrating that security is often a game of “whack-a-mole,” web skimmers are obfuscating their operation—


Microsoft security researchers recently observed that web skimming campaigns now employ various obfuscation techniques to deliver and hide skimming scripts.

Hedge 132: DNS Complexity and the DNAME

We all intuitively know the DNS is complex—and becoming more complex over time. Describing just how complex, however, is difficult. Siva Kesava and Ryan Beckett just published a research paper taking on the task of describing DNS complexity, particularly in light of the new DNAME record type. It turns out its complex enough that you can no longer really validate zone files.

How BGP Really Converges

This lesson in Russ White’s BGP course gets into withdrawing a route, MRAI time, implicit withdraws, BGP Hunt, graceful restart, and other topics.

Original link at Packet Pushers here

Weekend Reads 052722

Leading off this weekend, an article by Simon Sharwood on the impact of the centralization of the Internet. I wrote a somewhat longer article on the Public Discourse a while back on the same topic.


The internet has become smaller, the result of a rethinking of when and where to use the ‘net’s intended architecture. In the process it may also have further concentrated power in the hands of giant technology companies.

Is softwarization really going to change the way we build networks from the ground up? I suspect things will change, but they’ve always changed. I also suspect we’ll be hearing about how software is going to eat the world ten years from now, and IPv6 still won’t be fully deployed.


DOCSIS 4.0 is set to deliver faster speeds for cable network operators, but the next generation technology will also spur an operational sea change, telecom consultant Sean McDevitt told Fierce.

Hedge 131: Easier for the Computer or the Person?

One of the mainstays of scripting—and now network management—are increasingly focused on making things “easier” for the human operator. Does this focus on making things “easier” for the operator produce a better experience, though? Or does it create frustration as humans try to “outguess” the computer’s programming and process? Join Tom Ammon and Russ White as they discuss the problems with scripting, automation, and ease-of-use.

Hedge 130: The Importance of Network Inventories

Inventories are generally hard, and hence don’t tend to be where you’d like to spend your time. The importance of having a good inventory, however, can hardly be overstated. Malcom Booden joins Tom Ammon and Russ White to talk about the importance of inventories and inventory ideas.