Random Thoughts on Grey Failures and Scale

17 July 2017 | Comments Off on Random Thoughts on Grey Failures and Scale

I have used the example of increasing paths to the point where the control plane converges more slowly, impacting convergence, hence increasing the Mean Time to Repair, to show that too much redundancy can actually reduce overall network availability. Many engineers I’ve talked to balk at this idea, because it seems hard to believe that…

Anycast and Latency

30 May 2017 | Comments Off on Anycast and Latency

One of the things I hear from time to time is how smaller Internet facing service deployments, with just a few instances, cannot really benefit from anycast. Particularly in the active-active data center use case, where customers can connect to one data center or another, the cost of advertising the service as an anycast, and…

Network Slices

23 May 2017 | Comments Off on Network Slices

There has been a lot of chatter recently in the 5G wireless world about network slices. A draft was recently published in the IETF on network slices—draft-gdmb-netslices-intro-and-ps-02. But what, precisely, is a network slice? Perhaps it is better to begin with a concept most network engineers already know (and love)—a virtual topology. A virtual topology…

MegaSwitch: an interesting new data center fabric

25 April 2017 |

Data center fabrics are built today using spine and leaf fabrics, lots of fiber, and a lot of routers. There has been a lot of research in all-optical solutions to replace current designs with something different; MegaSwitch is a recent paper that illustrates the research, and potentially a future trend, in data center design. The…

Don’t Leave Features Lying Around

27 March 2017 | Comments Off on Don’t Leave Features Lying Around

Many years ago, when multicast was still a “thing” everyone expected to spread throughout the Internet itself, a lot of work went into specifying not only IP multicast control planes, but also IP multicast control planes for interdomain use (between autonomous systems). BGP was modified to support IP multicast, for instance, in order to connect…

Into the Gray Zone: Considering Active Defense

28 February 2017 | Comments Off on Into the Gray Zone: Considering Active Defense

[time-span] Most engineers focus on purely technical mechanisms for defending against various kinds of cyber attacks, including “the old magic bullet,” the firewall. The game of cannons and walls is over, however, and the cannons have won; those who depend on walls are in for a shocking future. What is the proper response, then? What…

TCP, Congestion Control, and Buffer Bloat

21 February 2017 |

Cardwell, Neal, Yuchung Cheng, C. Stephen Gunn, Soheil Hassas Yeganeh, and Van Jacobson. “BBR: Congestion-Based Congestion Control.” Queue 14, no. 5 (October 2016): 50:20–50:53. doi:10.1145/3012426.3022184. Article available here Slides available here In the “old days,” packet loss was a major problems; so much so that just about every routing protocol has a number of different…

The Back Door Feature Problem

4 January 2017 | Comments Off on The Back Door Feature Problem

In Don’t Forget to Lock the Back Door! A Characterization of IPv6 Network Security Policy, the authors ran an experiment that tested for open ports in IPv4 and IPv6 across a wide swath of the network. What they discovered was interesting— IPv6 is more open than IPv4. A given IPv6 port is nearly always more…

Traffic Pattern Attacks: A Real Threat

5 December 2016 | Comments Off on Traffic Pattern Attacks: A Real Threat

Assume, for a moment, that you have a configuration something like this— Some host, A, is sending queries to, and receiving responses from, a database at C. An observer, B, has access to the packets on the wire, but neither the host nor the server. All the information between the host and the server is…

Reactive Malicious Domain Detection (ENTRADA)

15 November 2016 | Comments Off on Reactive Malicious Domain Detection (ENTRADA)

One interesting trend of the last year or two is the rising use of data analytics and ANI (Artificial Narrow Intelligence) in solving network engineering problems. Several ideas (and/or solutions) were presented this year at the IETF meeting in Seoul; this post takes a look at one of these. To lay the groundwork, botnets are…