Archive

Category Archives for "Networking"

Bytes from IETF 120 – Deep Space IP

It has been an enduring fascination to see how we could use packet networking in the context of digital communications in space. Why can't we just use the IP protocol suite and declare success? The tricky issue with space is that it is really very big!

Interesting: Crafting Endless AS Paths in BGP

Vincent Bernat documented a quirk I hope you’ll never see outside of a CCIE lab: combining BGP confederations with AS-override can generate endless AS paths.

I agree entirely with his conclusions (avoid both features). However, I still think that replacing an AS within the confederation part of an AS path (which should belong to a single well-managed AS) is not exactly the most brilliant idea I’ve seen.

How the Paris 2024 Summer Olympics has impacted Internet traffic

The Paris 2024 Summer Olympics, themed “Games Wide Open” (“Ouvrons grand les Jeux”), kicked off on Friday, July 26, 2024, and will run until August 11. A total of 10,714 athletes from 204 nations, including individual and refugee teams, will compete in 329 events across 32 sports. This blog post focuses on the opening ceremony and the initial days of the event, examining associated impact on Internet traffic, especially in France, the popularity of Olympic websites by country, and the rise in Olympics-related spam and malicious emails.

Cloudflare has a global presence with data centers in over 320 cities, supporting millions of customers, which provides a global view of what’s happening on the Internet. This is helpful for improving security, privacy, efficiency, and speed, but also for observing Internet disruptions and traffic trends.

We are closely monitoring the event through our 2024 Olympics report on Cloudflare Radar and will provide updates on significant Internet trends as they develop. 

An opening ceremony to remember

For the first time in modern Olympic history, the opening ceremony was held outside a stadium, lasting nearly four hours and clearly impacting Internet traffic in France. The nation’s engagement was evident during Continue reading

How the Paris 2024 Summer Olympics has impacted Internet traffic

The Paris 2024 Summer Olympics, themed “Games Wide Open” (“Ouvrons grand les Jeux”), kicked off on Friday, July 26, 2024, and will run until August 11. A total of 10,714 athletes from 204 nations, including individual and refugee teams, will compete in 329 events across 32 sports. This blog post focuses on the opening ceremony and the initial days of the event, examining associated impact on Internet traffic, especially in France, the popularity of Olympic websites by country, and the rise in Olympics-related spam and malicious emails.

Cloudflare has a global presence with data centers in over 320 cities, supporting millions of customers, which provides a global view of what’s happening on the Internet. This is helpful for improving security, privacy, efficiency, and speed, but also for observing Internet disruptions and traffic trends.

We are closely monitoring the event through our 2024 Olympics report on Cloudflare Radar and will provide updates on significant Internet trends as they develop.

An opening ceremony to remember

For the first time in modern Olympic history, the opening ceremony was held outside a stadium, lasting nearly four hours and clearly impacting Internet traffic in France. The nation’s engagement was evident during the Continue reading

HS079: Big Rock, Best-in-Breed, or Ecosystem: What’s the Best Vendor Procurement Strategy?

When choosing vendors, what strategy should you employ: big rock, best-in-breed, or ecosystem? The big rock approach consolidates vendor relationships around a few strategic partners. Best-in-breed focuses on selecting top solutions from various vendors. The ecosystem model combines elements of both. Today’s conversation explores all three models and also highlights the importance of integration, the... Read more »

HW032: What’s New With RUCKUS MDUs – From Wi-Fi 7 to AI (Sponsored)

Providing Wi-Fi in multi-dwelling units (MDUs) such as apartments or dormitories is complicated. These environments require dense AP deployments, have to provide secure access to lots of users, must support myriad device types, and must offer good performance. Our guests are Kyle Leissner, founder of Wire Star; and Bart Giordano, president of the RUCKUS at... Read more »

NB488: CrowdStrike Bug Tester Was Buggy; Can Starlink Match US ISP Performance?

Take a Network Break! We start with listener follow-up on CrowdStrike and Microsoft, and then examine a CrowdStrike incident review in which the security company says a bug in its content validator meant that a problematic update was mistakenly validated. An insurance company estimates the CrowdStrike Windows crash will cost the Fortune 500 about $5... Read more »

Avoiding downtime: modern alternatives to outdated certificate pinning practices

In today’s world, technology is quickly evolving and some practices that were once considered the gold standard are quickly becoming outdated. At Cloudflare, we stay close to industry changes to ensure that we can provide the best solutions to our customers. One practice that we’re continuing to see in use that no longer serves its original purpose is certificate pinning. In this post, we’ll dive into certificate pinning, the consequences of using it in today’s Public Key Infrastructure (PKI) world, and alternatives to pinning that offer the same level of security without the management overhead.  

PKI exists to help issue and manage TLS certificates, which are vital to keeping the Internet secure – they ensure that users access the correct applications or servers and that data between two parties stays encrypted. The mis-issuance of a certificate can pose great risk. For example, if a malicious party is able to issue a TLS certificate for your bank’s website, then they can potentially impersonate your bank and intercept that traffic to get access to your bank account. To prevent a mis-issued certificate from intercepting traffic, the server can give a certificate to the client and say “only trust connections if Continue reading

Avoiding downtime: modern alternatives to outdated certificate pinning practices

In today’s world, technology is quickly evolving and some practices that were once considered the gold standard are quickly becoming outdated. At Cloudflare, we stay close to industry changes to ensure that we can provide the best solutions to our customers. One practice that we’re continuing to see in use that no longer serves its original purpose is certificate pinning. In this post, we’ll dive into certificate pinning, the consequences of using it in today’s Public Key Infrastructure (PKI) world, and alternatives to pinning that offer the same level of security without the management overhead.  

PKI exists to help issue and manage TLS certificates, which are vital to keeping the Internet secure – they ensure that users access the correct applications or servers and that data between two parties stays encrypted. The mis-issuance of a certificate can pose great risk. For example, if a malicious party is able to issue a TLS certificate for your bank’s website, then they can potentially impersonate your bank and intercept that traffic to get access to your bank account. To prevent a mis-issued certificate from intercepting traffic, the server can give a certificate to the client and say “only trust connections if Continue reading

Crafting endless AS paths in BGP

Combining BGP confederations and AS override can potentially create a BGP routing loop, resulting in an indefinitely expanding AS path.

BGP confederation is a technique used to reduce the number of iBGP sessions and improve scalability in large autonomous systems (AS). It divides an AS into sub-ASes. Most eBGP rules apply between sub-ASes, except that next-hop, MED, and local preferences remain unchanged. The AS path length ignores contributions from confederation sub-ASes. BGP confederation is rarely used and BGP route reflection is typically preferred for scaling.

AS override is a feature that allows a router to replace the ASN of a neighbor in the AS path of outgoing BGP routes with its own. It’s useful when two distinct autonomous systems share the same ASN. However, it interferes with BGP’s loop prevention mechanism and should be used cautiously. A safer alternative is the allowas-in directive.1

In the example below, we have four routers in a single confederation, each in its own sub-AS. R0 originates the 2001:db8::1/128 prefix. R1, R2, and R3 forward this prefix to the next router in the loop.

BGP routing loop involving 4 routers: R0 originates a prefix, R1, R2, R3 make it loop using next-hop-self and as-override
BGP routing loop using a confederation

The router configurations are available in a Continue reading

Worth Reading 072624


Recent events involving CrowdStrike’s Falcon security software have underscored a critical lesson across the industry: the importance of having a robust, secure release process.


My analysis of the event has a lot of similarities with my reflections on the Optus outage last year, the incident underscores the critical issue of resilience in IT infrastructure, particularly in systems that lack diversity.


But recovery is just the beginning. What’s sure to follow is a barrage of regulatory oversight, hard feelings among the IT community, and a tough reminder that even a small slip-up in a software update can have catastrophic global consequences.


Over the years, there has been a lot of discussion on if VLAN 1 in Cisco switches is special or not. Does it have any characteristics that other VLANs donメt?


Are you considering the switch from network engineer to cloud engineer? This post wo’t teach you everything needed to become a cloud expert, but hopefully, it will create a level of comfort and familiarity such that you can start your journey to the cloud from here.


The creation of voluntary standards is an idea that may seem easier than imposing regulations. But devising voluntary standards presents unique challenges, different from Continue reading

1 35 36 37 38 39 3,417