Archive

Category Archives for "Russ White"

Securing BGP: A Case Study (2)

In part 1 of this series, I pointed out that there are three interesting questions we can ask about BGP security. The third question I outlined there was this: What is it we can actually prove in a packet switched network? This is the first question I want dive in too—this is a deep dive, so be prepared for a long series. :-) This question feels like it is actually asking three different things, what we might call “subquestions,” or perhaps “supporting points.” These three questions are:

  • If I send a packet to the peer I received this update from, will it actually reach the advertised destination?
  • If I send this information to this destination, will it actually reach the intended recipient?
  • If I send a packet to the peer I received this update from, will it pass through an adversary who is redirecting the traffic so they can observe it?

These are the things I can try to prove, or would like to know, in a packet switched network. Note that I want to intentionally focus on the data plane and then transfer these questions to the control plane (BGP). This is the crucial point to remember: If I Continue reading

Technology ‘net: End-to-end Disaggregation?

Quite a lot seems to be going on on the technology side of things—as the morning paper points out, everything seems to be changing at once right now. Ever feel like you’re sipping from a firehose? Maybe there’s a reason… Let’s discuss just a few of these in a little more detail.

First, there has been a lot of discussion around IPv6 in the last year or so. The folks within the IETF who designed IPv6 decided to do “more than just” adding more address space, instead deciding to change some fundamental things about the way IP works in the process of developing a new protocol. For instance, fragmentation by network devices is gone in IPv6, and the option headers are much richer. These kind of fundamental changes in protocol design invariably lead to the question—what impact do these things have on performance? A recent series of tests set out to answer this question. The results are pretty clear; over time, as IPv6 has been deployed natively, the protocol’s performance has moved closer to the performance of IPv4. There are still some gaps, but they are narrowing. Those gaps may never be gone, but IPv6 may come close enough, over Continue reading

Security ‘net: Digital Copyright Edition

security-netThe world of digital copyright is somewhat tangential to “real” security, but it’s a culture issue that impacts every network engineer in myriad ways. For instance, suppose you buy a small home router, and then decide you really want to run your own software on it. For instance, let’s say you really want to build your own router because you know what you can build will outperform what’s commercially available (which, by the way, it will). But rather than using an off box wireless adapter, like the folks at ARS, you really want to have the wireless on board.

Believe it or not, this would be considered, by some folks, as a pretty large act of copyright infringement. For instance, the hardware manufacturer may object to you replacing their software. Or the FCC or some other regulatory agency might even object because they think you’re trying to hog wireless spectrum, or because you don’t like what the wireless providers are doing. The EFF has a good piece up arguing that just such tinkering as replacing the operating system on a commercially purchased device is at the heart of digital freedom.

One of the most crucial issues in the fight for Continue reading

Securing BGP: A Case Study (1)

What would it take to secure BGP? Let’s begin where any engineering problem should begin: what problem are we trying to solve?

A small collection of autonomous systems

In this network—in any collection of BGP autonomous systems—there are three sorts of problems that can occur at the AS level. For the purposes of this explanation, assume AS65000 is advertising 2001:db8:0:1::/64. While I’ve covered this ground before, it’s still useful to outline them:

  1. AS65001 could advertise 2001:db8:0:1::/64 as if it is locally attached. This is considered a false origination, or a hijacked route.
  2. AS65001 could advertise a route to 2001:db8:0:1::/64 with the AS path [65000,65001] to AS65003. This is another form of route hijacking, but instead of a direct hijack it’s a “one behind” attack. AS65001 doesn’t pretend to own the route in question, but rather to be connected to the AS that is originating the route.
  3. AS65000 could consider AS65003 a customer, or rather AS65003 might be purchasing Internet connectivity from AS65000. This would mean that any routes AS65000 advertises to AS65003 are not intended to be retransmitted back to AS65004. If, for instance, 2001:db8:0:1::/64, is advertised by AS65000 to AS65003, and AS65003 readvertises it to AS65004, AS65003 would be an unintentional transit AS in the Continue reading