Skip to content

Distributed Denial of Service Open Threat Signaling (DOTS)

3 April 2017 | Comments Off on Distributed Denial of Service Open Threat Signaling (DOTS)

When the inevitable 2AM call happens—”our network is under attack”—what do you do? After running through the OODA loop (1, 2, 3, 4), used communities to distribute the attack as much as possible, mitigated the attack where possible, and now you realist there little you can do locally. What now? You need to wander out…

Don’t Leave Features Lying Around

27 March 2017 | Comments Off on Don’t Leave Features Lying Around

Many years ago, when multicast was still a “thing” everyone expected to spread throughout the Internet itself, a lot of work went into specifying not only IP multicast control planes, but also IP multicast control planes for interdomain use (between autonomous systems). BGP was modified to support IP multicast, for instance, in order to connect…

Middleboxes and the End-to-End Principle

20 March 2017 | Comments Off on Middleboxes and the End-to-End Principle

The IP suite was always loosely grounded in the end-to-end principle, defined here (a version of this paper is also apparently available here), is quoted in RFC2775 as: The function in question can completely and correctly be implemented only with the knowledge and help of the application standing at the endpoints of the communication system.…

CoDel and Active Queue Management

6 March 2017 |

Buffering packets in a network is both good and bad. It is good because a buffer can hold packets from one stream while another stream’s packets are being processed, to take up and release short bursts of traffic, to hold and then release packets when there is a very short interruption on the wire (or…

OSPF TLVs: Taking advantage of improvements in computing power

25 January 2017 | Comments Off on OSPF TLVs: Taking advantage of improvements in computing power

[time-span] OSPF was originally designed in an age when processors were much less capable, available memory was much smaller, and link bandwidths were much lower. To conserve processing power, memory, and n-the-wire bandwidth, OSPF was designed using fixed length fields (FLFs). TLVs are more difficult to process than an FLF; to process a set of…

BGP Flowspec Indirection

11 January 2017 | Comments Off on BGP Flowspec Indirection

While Flowspec has been around for a while (RFC5575 was published in 2009), deployment across AS boundaries has been somewhat slow. The primary concern in deploying flowspec is the ability to shoot oneself in the foot, particularly as opening Flowspec to customers can also open apn entirely new, and not well understood, attack surface. Often…

Can I2RS Keep Up? (I2RS Performance)

20 September 2016 |

What about I2RS performance? The first post in this series provides a basic overview of I2RS; there I used a simple diagram to illustrate how I2RS interacts with the RIB— One question that comes to mind when looking at a data flow like this (or rather should come to mind!) is what kind of performance…

Scroll To Top