When a Device Without an IP Address Wants to Play the IP Game

After I published the Source IP Address in Multicast Packets blog post, Erik Auerswald sent me several examples of network devices sending IP packets with source IP address set to 0.0.0.0:

• Cisco wireless access points using 0.0.0.0 as the source IP address in VRRP packets.
• Extreme (formerly Avaya) switches sending IGMP queries with source IP address 0.0.0.0 on VLANs on which they have no IP address.

When a Device Without an IP Address Wants to Play the IP Game

After I published the Source IP Address in Multicast Packets blog post, Erik Auerswald sent me several examples of network devices sending IP packets with source IP address set to 0.0.0.0:

• Cisco wireless access points using 0.0.0.0 as the source IP address in VRRP packets.
• Extreme (formerly Avaya) switches sending IGMP queries with source IP address 0.0.0.0 on VLANs on which they have no IP address.

Exercise: Fix BGP Route Leaks

I created a netlab topology you can use to practice BGP security tools I described in the Internet Routing Security webinar:

• The lab topology mirrors the sample topology I described in the Classification of BGP Route Leaks (RFC 7908) blog post with one router per autonomous system
• BGP is configured on all devices, and EBGP sessions are set up between all directly-connected devices.

Exercise: Fix BGP Route Leaks

I created a netlab topology you can use to practice BGP security tools I described in the Internet Routing Security webinar:

• The lab topology mirrors the sample topology I described in the Classification of BGP Route Leaks (RFC 7908) blog post with one router per autonomous system
• BGP is configured on all devices, and EBGP sessions are set up between all directly-connected devices.

Worth Reading: Some Blogging Myths

Julia Evans published another phenomenal blog post, this time focused on blogging myths including:

• You need to be original
• You need to be an expert
• Posts need to be 100% correct
• Writing boring posts is bad
• You need to explain every concept
• Page views matter
• More material is always better

Worth Reading: Some Blogging Myths

Julia Evans published another phenomenal blog post, this time focused on blogging myths including:

• You need to be original
• You need to be an expert
• Posts need to be 100% correct
• Writing boring posts is bad
• You need to explain every concept
• Page views matter
• More material is always better

Worth Reading: A Primer on Communication Fundamentals

Dip Singh published an excellent primer on communication fundamentals including:

• Waves: frequency, amplitude, wavelength, phase
• Composite signals, frequency domain and Fourier transform
• Bandwidth, fundamental and harmonic frequency
• Decibels in a nutshell
• Transmission impairments: attenuation, distortion, noise
• Principles of modern communications: Nyquist theorem, Shannon’s law, bit and baud rate
• Line encoding techniques, quadrature methods (including QPSK and QAM)

Even if you don’t care about layer-1 technologies you MUST read it to get at least a basic appreciation of why stuff you’re using to read this blog post works.

Worth Reading: A Primer on Communication Fundamentals

Dip Singh published an excellent primer on communication fundamentals including:

• Waves: frequency, amplitude, wavelength, phase
• Composite signals, frequency domain and Fourier transform
• Bandwidth, fundamental and harmonic frequency
• Decibels in a nutshell
• Transmission impairments: attenuation, distortion, noise
• Principles of modern communications: Nyquist theorem, Shannon’s law, bit and baud rate
• Line encoding techniques, quadrature methods (including QPSK and QAM)

Even if you don’t care about layer-1 technologies you MUST read it to get at least a basic appreciation of why stuff you’re using to read this blog post works.

Please Respond: MANRS Customer Survey

Andrei Robachevsky asked me to spread the word about the new MANRS+ customer survey:

MANRS is conducting a survey for organizations that contract connectivity providers to learn more about if and how routing security fits into their broader supply chain security strategy. If this is your organization, or if it is your customers, we welcome you to take or share the survey at https://www.surveymonkey.com/r/BDCWKNS

I hope you immediately clicked on the link and completed the survey. If you’re still here wondering what’s going on, here’s some more information from Andrei:

Please Respond: MANRS Customer Survey

Andrei Robachevsky asked me to spread the word about the new MANRS+ customer survey:

MANRS is conducting a survey for organizations that contract connectivity providers to learn more about if and how routing security fits into their broader supply chain security strategy. If this is your organization, or if it is your customers, we welcome you to take or share the survey at https://www.surveymonkey.com/r/BDCWKNS

I hope you immediately clicked on the link and completed the survey. If you’re still here wondering what’s going on, here’s some more information from Andrei:

EIGRP Stub Routers

Years ago I wrote an article describing how EIGRP stub routers work and how you should use them in redundant remote sites to make sure link- or node failures don’t result in partial connectivity. That article is now available on ipSpace.net; I hope at least someone will find it useful. I know it’s about ancient technology, but then people are still running COBOL on mainframes.

EIGRP Stub Routers

Years ago I wrote an article describing how EIGRP stub routers work and how you should use them in redundant remote sites to make sure link- or node failures don’t result in partial connectivity. That article is now available on ipSpace.net; I hope at least someone will find it useful. I know it’s about ancient technology, but then people are still running COBOL on mainframes.

Classification of BGP Route Leaks (RFC 7908)

While preparing the Internet Routing Security webinar, I stumbled upon RFC 7908, containing an excellent taxonomy of BGP route leaks. I never checked whether it covers every possible scenario¹, but I found it a handy resource when organizing my thoughts.

Let’s walk through the various leak types the authors identified using the following sample topology:

Classification of BGP Route Leaks (RFC 7908)

While preparing the Internet Routing Security webinar, I stumbled upon RFC 7908, containing an excellent taxonomy of BGP route leaks. I never checked whether it covers every possible scenario¹, but I found it a handy resource when organizing my thoughts.

Let’s walk through the various leak types the authors identified using the following sample topology:

netlab Release 1.5.4: New Junos Platforms

Stefano Sasso added two new Junos platforms in netlab release 1.5.4:

• vJunos Evolved (vPTX) – a new VM-based product Juniper released a few weeks ago
• vSRX running as a vrnetlab-packaged container.

There are also the usual bug fixes, and we moved the documentation to netlab.tools.

netlab Release 1.5.4: New Junos Platforms

Stefano Sasso added two new Junos platforms in netlab release 1.5.4:

• vJunos Evolved (vPTX) – a new VM-based product Juniper released a few weeks ago
• vSRX running as a vrnetlab-packaged container.

There are also the usual bug fixes, and we moved the documentation to netlab.tools.

Worth Reading: Building Stuff with Large Language Models Is Hard

Large language models (LLM) – ChatGPT and friends – are one of those technologies with a crazy learning curve. They look simple and friendly (resulting in plenty of useless demoware) but become devilishly hard to work with once you try to squeeze consistent value out of them.

Most people don’t want to talk about the hard stuff (sexy demoware results in more page views), but there’s an occasional exception, for example All the Hard Stuff Nobody Talks About when Building Products with LLMs describing all the gotchas Honeycomb engineers discovered when creating a LLM-based user interface.

Worth Reading: Building Stuff with Large Language Models Is Hard

Large language models (LLM) – ChatGPT and friends – are one of those technologies with a crazy learning curve. They look simple and friendly (resulting in plenty of useless demoware) but become devilishly hard to work with once you try to squeeze consistent value out of them.

Most people don’t want to talk about the hard stuff (sexy demoware results in more page views), but there’s an occasional exception, for example All the Hard Stuff Nobody Talks About when Building Products with LLMs describing all the gotchas Honeycomb engineers discovered when creating a LLM-based user interface.

Spoofing ICMP Redirects for Fun and Profit

Security researches found another ICMP redirect SNAFU: a malicious wireless client can send redirects on behalf of the access point redirecting another client’s traffic to itself.

I’m pretty sure the same trick works on any layer-2 technology; the sad part of this particular story is that the spoofed ICMP packet traverses the access point, which could figure out what’s going on and drop the packet. Unfortunately, most of the access points the researchers tested were unable to do that due to limitations in the NPUs (a fancier word for SmartNIC) they were using.

Spoofing ICMP Redirects for Fun and Profit

Security researches found another ICMP redirect SNAFU: a malicious wireless client can send redirects on behalf of the access point redirecting another client’s traffic to itself.

I’m pretty sure the same trick works on any layer-2 technology; the sad part of this particular story is that the spoofed ICMP packet traverses the access point, which could figure out what’s going on and drop the packet. Unfortunately, most of the access points the researchers tested were unable to do that due to limitations in the NPUs (a fancier word for SmartNIC) they were using.