Don’t Leave Features Lying Around

27 March 2017 | Comments Off on Don’t Leave Features Lying Around

Many years ago, when multicast was still a “thing” everyone expected to spread throughout the Internet itself, a lot of work went into specifying not only IP multicast control planes, but also IP multicast control planes for interdomain use (between autonomous systems). BGP was modified to support IP multicast, for instance, in order to connect…

Into the Gray Zone: Considering Active Defense

28 February 2017 | Comments Off on Into the Gray Zone: Considering Active Defense

Most engineers focus on purely technical mechanisms for defending against various kinds of cyber attacks, including “the old magic bullet,” the firewall. The game of cannons and walls is over, however, and the cannons have won; those who depend on walls are in for a shocking future. What is the proper response, then? What defenses…

TCP, Congestion Control, and Buffer Bloat

21 February 2017 | 2 Comments

Cardwell, Neal, Yuchung Cheng, C. Stephen Gunn, Soheil Hassas Yeganeh, and Van Jacobson. “BBR: Congestion-Based Congestion Control.” Queue 14, no. 5 (October 2016): 50:20–50:53. doi:10.1145/3012426.3022184. Article available here Slides available here In the “old days,” packet loss was a major problems; so much so that just about every routing protocol has a number of different…

The Back Door Feature Problem

4 January 2017 | Comments Off on The Back Door Feature Problem

In Don’t Forget to Lock the Back Door! A Characterization of IPv6 Network Security Policy, the authors ran an experiment that tested for open ports in IPv4 and IPv6 across a wide swath of the network. What they discovered was interesting— IPv6 is more open than IPv4. A given IPv6 port is nearly always more…

Traffic Pattern Attacks: A Real Threat

5 December 2016 | Comments Off on Traffic Pattern Attacks: A Real Threat

Assume, for a moment, that you have a configuration something like this— Some host, A, is sending queries to, and receiving responses from, a database at C. An observer, B, has access to the packets on the wire, but neither the host nor the server. All the information between the host and the server is…

Reactive Malicious Domain Detection (ENTRADA)

15 November 2016 | Comments Off on Reactive Malicious Domain Detection (ENTRADA)

One interesting trend of the last year or two is the rising use of data analytics and ANI (Artificial Narrow Intelligence) in solving network engineering problems. Several ideas (and/or solutions) were presented this year at the IETF meeting in Seoul; this post takes a look at one of these. To lay the groundwork, botnets are…

BGP Security and SPAM

24 May 2016 | Comments Off on BGP Security and SPAM

Spam might seem like an annoyance in the US and other areas where bandwidth is paid for by the access rate—and what does spam have to do with BGP security? In many areas of the world, however, spam makes email practically unusable. When you’re paying for Internet access by the byte transmitted or received, spam…

Universal Scaling and Complexity

18 May 2016 | Comments Off on Universal Scaling and Complexity

The universal scaling law is a model designed to help engineers understand transaction based systems, particularly databases and applications. What could a transaction based system have to do with network design? After all, networks aren’t really transaction based, are they? Or maybe they are… Let’s ignore the data flowing through the network for a moment…

The CORD Architecture

30 March 2016 | Comments Off on The CORD Architecture

Edge provider networks, supporting DSL, voice, and other services to consumers and small businesses, tend to be more heavily bound by vendor specific equipment and hardware centric standards. These networks are built around the more closed telephone standards, rather than the more open internetworking standards, and hence they tend to be more expensive to operate…

Research ‘net: Decoding Firepath

24 February 2016 | Comments Off on Research ‘net: Decoding Firepath

While it is true that huge scale is a different mindset, and not just “more of the same only bigger,” there are also a lot of lessons to learn by looking at how truly large scale networks are built. In this vein, Google released a paper explaining the evolution of their network. While the hardware…