Worth Reading: Why System Security Is Like Poker, Not Chess

13 May 2020

We don’t like thinking about offense and attack in cyber. But if you think about offense, can’t you develop a better defense? It can be tricky to do informally, what we need are decision and strategy making frameworks. —David Brumley

Worth Reading: Measuring the IPv6 network periphery

13 May 2020

Widespread IPv6 adoption is proportionate to IPv6 measurement initiatives, which characterize, map, and better understand the use and deployment of IPv6. In many respects, IPv6 is no different than IPv4, while in others we find significant differences and, often, need to develop new measurement tools and techniques specific to IPv6. —Erik Rye

Worth Reading: It’s always MTU, unless it’s DNS

12 May 2020

One of the most common questions I hear from small and even medium sized ISPs is “why should I run my own DNS resolver(s)?” The perception that DNS is hard, complicated, or even unnecessary is often cited as a reason to just farm it out to one of the “free” anycast resolver services available across the internet. —Nick Buraglio

Worth Reading: SRv6 Deployed use-cases

12 May 2020

As of 2019, Segment Routing over IPv6 data plane (SRv6) has been: deployed in eight large-scale networks; supported more than 25 hardware implementations at line rate; implemented in 11 open-source platforms/applications; and, importantly, is undergoing IETF standardization (RFC 8402, RFC 8754). —Clarence Filsfils

Worth Reading: To Microservices and Back Again

11 May 2020

While almost every engineering team has considered moving to microservices at some point, the advantages they bring come with serious trade-offs. —Thomas Betts

Worth Reading: What is SRv6 network programming?

11 May 2020

The open-source community is also largely backing up SRv6 with 11 open-source platforms/applications. SRv6 is not only supported in the native Linux kernel and FD.io VPP (since 2017) but also in P4, Wireshark, tcpdump, iptables, nftables, snort, ExaBGP and Contiv-VPP. —Clarence Filsfils

Worth Reading: Build an XDP based BGP peering router

7 May 2020

Over the last few years, we’ve seen an increase in projects and initiatives to speed up networking in Linux. Because the Linux kernel is slow when it comes to forwarding packets, folks have been looking at userland or kernel bypass networking. —Andree Toonk

Worth Reading: Incorrect Working IPv6 Clients & Networks

7 May 2020

I did a short presentation at the spring 2020 roundtable of the UK IPv6 Council. The talk was about a case study I did with my NTP server listed in the NTP Pool project: For 66 days I captured all NTP requests for IPv6 and legacy IP while analyzing the returning ICMPv6/ICMPv4 error messages. (A much longer period than my initial capture for 24 hours.) Following are my presentation slides along with the results. —Johannes Weber

Worth Reading: Power of the packet

6 May 2020

Our society is now totally dependent on packet communications. Even before COVID-19 our society had moved to become reliant on “massive communications”, our current situation just shows how much packet communications can do for us, and indeed highlights some of its current limitations. —David Stokes

Worth Reading: How do you know what time it is?

6 May 2020

At the basic level, to measure time you need something that ‘ticks’ (for example, sand in an hourglass or the oscillations of a caesium atom) and something that enables you to count the frequency of these ticks. If the frequency is stable, it makes it easier to measure time accurately. —Patrik Fältström