The title of the paper Who controls the Internet? Analyzing global threats using property traversal graphs is enough to ensnare any Internet researcher. The control plane for a number of attacks, as the paper points out, is the DNS due to the role it plays in mapping names to resources. MX records in the DNS control the flow of mail, CNAME records are used to implement content delivery networks (CDN) services, and TXT records are used to confirm access to and control over a namespace when implementing third party services. This post will cover an interesting case where control is exercised first via the DNS and then using BGP.
Below the DNS, in the depths of internet plumbing, is the lizard brain of internet routing, which is governed by the border gateway protocol (BGP). A common term to describe BGP routing is “hot potato” routing. BGP conversations occur between autonomous systems, ASes, which are identified by their autonomous system number ASN. The ASN represents a system of networks and the policy associated with their routing. ASes are issued regionally by Regional Internet Registries (RIRs), which receive blocks of AS numbers to hand out from the Internet Assigned Numbers Authority Continue reading
In this video, Tony Fortunato describes testing the throughput of Ubiquiti EdgeRouterX.
One of my readers sent me an email that’s easiest paraphrased into: “Why can’t I have a different IPv6 link-local address (LLA) on every access port connected to a VLAN interface?”
There’s probably nothing stopping someone from implementing such an approach, but it would go against the usual understanding of how bridging and routing interact in L2+L3 switches.
Read more ...I’ve been spending more time on the MX recently and I thought it would be worthwhile to document some of the basics around interface configuration. If you’re like me, and come from more of a Cisco background, some of configuration options when working with the MX weren’t as intuitive. In this post, I want to walk through the bare bone basic of configuring interfaces on a MX router.
ge-0/0/0 { unit 0 { family inet { address 10.20.20.16/24; } } }
The most basic interface configuration possible is a simple routed interface. You’ll note that the interface address is configured under a unit
. To understand what a unit is you need to understand some basic terminology that Juniper uses. Juniper describes a physical interface as an IFD (Interface Device). In our example above the IFD would be the physical interface ge-0/0/0
. We can then layer one or more IFL (Interface Logical) on top of the IFD. In our example the IFL would be the unit configuration, in this case ge-0/0/0.0
. Depending on the configuration of the IFD you may be able to provision additional units. These additional units (Logical interfaces (IFLs)) Continue reading
MIT recently announced it was selling about 8 million of its unused IPv4 addresses.
Dell EMC, HPE, Lenovo, and Cisco are hardware partners.
Virtualization makes repairs easier but does not eliminate labor costs.
The post Worth Reading: Moving Computing to the Edge (Again) appeared first on rule 11 reader.
In recent years, we have become accustomed to—and often accosted by—the phrase software eats the world. It’s become a mantra in the networking world that software defined is the future. full stop This research paper by Microsoft, however, tells a different story. According to Baumann, hardware is the new software. Or, to put it differently, even as software eats the world, hardware is taking over an ever increasing amount of the functionality software is doing. In showing this point, the paper also points out the complexity problems involved in dissolving the thin waist of an architecture.
The specific example used in the paper is the Intel x86 Instruction Set Architecture (ISA). Many years ago, when I was a “youngster” in the information technology field, there were a number of different processor platforms; the processor wars waged in full. There were, primarily, the x86 platform, by Intel, beginning with the 8086, and its subsequent generations, the 8088, 80286, 80386, then the Pentium, etc. On the other side of the world, there were the RISC based processors, the kind stuffed into Apple products, Cisco routers, and Sun Sparc workstations (like the one that I used daily while in Cisco TAC). The argument Continue reading
Zscaler's large data center footprint means it can provide security for enterprises worldwide.
IETF 99 is next week in Prague, and I’d like to take a moment to discuss some of the interesting things happening there related to Internet infrastructure resilience in this installment of the Rough Guide to IETF 99.
Simple solutions sometimes have a huge impact. Like a simple requirement that “routes are neither imported nor exported unless specifically enabled by configuration”, as specified in an Internet draft “Default EBGP Route Propagation Behavior Without Policies”. The draft is submitted to IESG and expected to be published as a Standards Track RFC soon.