Deconfusing the Static Route

Configuring a static route is just like installing an entry directly in the routing table (or the RIB).

I have been told this many times in my work as a network engineer by operations people, coders, designers, and many other folks. The problem is that it is, in some routing table implementations, too true. To understand, it is best to take a short tour through how a typical RIB interacts with a routing protocol. Assume BGP, or IS-IS, learns about a new route that needs to be installed in the RIB:

• The RIB into which the route needs to be installed is somehow determined. This might be through some sort of special tagging, or perhaps each routing process has a separate RIB into which it is installing routes, etc.. In any case, the routing process must determine which RIB the route should be installed in.
• Look the next hop up in the RIB, to determine if it is reachable. A route cannot be installed if there is no next hop through which to forward the traffic towards the described destination.
• Call the RIB interface to install the route.

The last step results in one of two possible reactions. The first Continue reading

Worth Reading: OpenPower at the inflection point

When IBM launched the OpenPower initiative publicly five years ago, to many it seemed like a classic case of too little, too late. But hope springs eternal, particularly with a datacenter sector that is eagerly and actively seeking an alternative to the Xeon processor to curtail the hegemony that Intel has in the glass house. —Timothy Prickett Morgan @The Next Platform

Oriental Lantern

Weekend Reads 033018: Olympic Destroyer, SONiC, and all the rest

The crippling Olympic Destroyer attack that hit several systems supporting the Pyeongchang Winter Olympics last month may have forever changed the game of attack attribution: the sophisticated attackers created a convincing forgery of malware associated with the North Korean nation-state Lazarus Group, fooling several experts who initially pinned the blame for the attacks on the DPRK. —Kelly Jackson Higgins @Dark Reading

SONiC is the default switch OS powering Azure and many other parts of the Microsoft Cloud. Since last year’s Summit, we have grown its footprint substantially and are now also powering services such as our AI platform, making sure researches have the very best experience when working on solving some of the world’s most pressing problems. —Yousef Khalidi @Azure

For decades, academics and technologists have sparred with the government over access to crypographic technology. In the 1970s, when crypto started to become an academic discipline, the NSA was worried, fearing that they’d lose the ability to read other countries’ traffic. And they acted. For example, they exerted pressure to weaken DES. —Steve Bellovin @CircleID

Cybersecurity attacks have become a weekly occurrence in many news columns. One recent example was that of one of our customers, QIWI payment system, successfully Continue reading

Worth Reading: FRR turns one

The Free Range Routing project, a project we at Cumulus Networks set out to collaborate on with innovators in the industry to help shape the future of web-scale networking. —Kelsey Havens @Cumulus

History of Networking: Dinesh Dutt on the divergence of compute and networking

Worth Reading: One QUIC bit

I’m never surprised by the ability of an IETF Working Group to obsess over what to any outside observer would appear to be a completely trivial matter. —Geoff Huston @APNIC

Worth Reading: The problem with self-driving cars

Whatever happened to baby steps? @I, Cringely

Updated Icons

I’ve updated the icon set to add two switches—yes, they are square.

Policing, Shaping, and Performance

Policing traffic and shaping traffic are two completely different things, but it is hard to know, in the wild, what the impact of one or the other will have on a particular traffic flow, or on the performance of applications in general. While the paper under review here, An Internet-Wide Analysis of Traffic Policing, is largely focused on the global ‘net, specifically from a content provider’s perspective, it contains lessons for just about every network operator who needs to manage Quality of Service (QoS) in a sane and meaningful way.

Flach, Tobias, Pavlos Papageorge, Andreas Terzis, Luis Pedrosa, Yuchung Cheng, Tayeb Karim, Ethan Katz-Bassett, and Ramesh Govindan. 2016. “An Internet-Wide Analysis of Traffic Policing.” In Proceedings of the 2016 ACM SIGCOMM Conference, 468–482. SIGCOMM ’16. New York, NY, USA: ACM. https://doi.org/10.1145/2934872.2934873.

Traffic policing involves setting up a queue with a pool of tokens. For some unit of traffic—assume a packet here—received, a token is consumed. When a packet is transmitted, the token is added back to the pool. If the pool is sized correctly, short bursts in the traffic stream will be allowed through, but if the application attempts to establish a session using more bandwidth Continue reading

Worth Reading: The forgotten half

In 2008, network researcher Dan Kaminsky announced a DNS vulnerability that would let any determined attacker, for the cost of about 10 minutes of packet bombing, insert data into the DNS such that any victim could be made to see whatever an attacker wanted them to see. —Paul Vixie and Joe St. Sauver @farsight

Worth Reading: White papers don’t impress me much

Typically, most companies release white papers that claim to detail their architecture (or math, as one claimed). In reality, and with rare exception (Datrium actually comes to mind here), they’re little more than five to seven pages of marketing-style technical claims with no citations or justification. —Rachel Traylor @The Math Citadel

Short Take: Complexity Wormhole

Worth Reading: GEO versus MEO

Until the advent of medium earth orbit (MEO) provider O3b (short for ‘Other 3 billion [users]’), geostationary (GEO) satellites were the only option for such ISPs. That meant huge dish antennas and, most of all, bandwidth prices of many hundreds of dollars per megabit per second per month (Mbps/month). —Ulrich Speidel @APNIC

Worth Reading: Magical thinking on Internet security

Most of us expect Internet security spending to increase from $70B to $140B by the end of this decade. But even at $70B, our spending is in the same order of magnitude as our losses. —Paul Vixie @Far Sight Security

Reaction: The importance of diversity of sources

If you are like the rest of the world in the way you consume news, you are probably reading this because you followed a link in social media. If this is true, I have a request: set up an RSS reader, and start following technical and social content through feeds rather than exclusively through social networks. Why?

On Wednesday, Digg announced that it will be shutting down Digg Reader on March 26. The RSS reader, for me and likely many others, was a godsend after the 2013 shuttering of Google Reader. The rest of Digg is safe, rest assured, and the site gave no reason for discontinuing Digg Reader, but it’s likely as simple as “that’s not how people consume the internet anymore.”

Don’t get me wrong—I believe social media networks are important. Social media networks are a great place to keep up with people and products, with larger movements discovered by neural networks and put on your RADAR through a news feed.

But social media networks should not be the only place you learn about network engineering—or anything else of importance in your life. It is a bit like when I used to have a collection of Continue reading

Worth Reading: IPv6 and containers

None of the ‘big three’ cloud providers (AWS, Azure, and GCP) have an IPv6 feature set that is capable of reasonably supporting containers. Their support ranges from non-existent (yep, it’s 2018 and there are still public cloud providers with zero IPv6 support!) to ‘it’s just like IPv4, but with colons!’. —Matt Palmer @APNIC

Weekend Reads 032318

Today, we are discussing some of our more complex, heuristic techniques to detect malicious use of this vital protocol and how these detect key components of common real-world attacks. These analytics focus on behavior that is common to a variety of attacks, ranging from advanced targeted intrusions to the more mundane worms, botnets and ransomware. Such techniques are designed to complement more concrete signature-based detection, giving the opportunity to identify such behavior prior to the deployment of analyst driven rules. —John Booth @Azure

List of Third Parties (other than PayPal Customers) with Whom Personal Information May be Shared

There appears to be a huge disconnect here between the EU’s professed concern for keeping Europeans safe — as expressed in the one-hour rule — and the EU’s actual refusal to keep Europeans safe in the offline world. The result is that Europeans, manipulated by an untransparent, unaccountable body, will not be kept safe either online or off. And what if the content in question, as has already occurred, may be trying to warn the public about terrorism? —Judith Bergman @ Gatestone

Ransomware has long been a headache for PC and smartphone users, but in the future, it could be robots that Continue reading

Sleeping Lion

Worth Reading: The evolution of DDoS attacks

When the dust had settled, and services had been restored, one thing seemed certain: a new era of DDoS attacks was upon us. —Patrick Vernon @CircleID