A (long) time ago, a reader asked me about RFC4456, section 10, which says:

Care should be taken to make sure that none of the BGP path attributes defined above can be modified through configuration when exchanging internal routing information between RRs and Clients and Non-Clients. Their modification could potentially result in routing loops. In addition, when a RR reflects a route, it SHOULD NOT modify the following path attributes: NEXT_HOP, AS_PATH, LOCAL_PREF, and MED. Their modification could potentially result in routing loops.

On first reading, this seems a little strange—how could modifying the next hop, Local Preference, or MED at a route reflector cause a routing loop? While contrived, the following network illustrates the principle.

Note the best path, from an IGP perspective, from C to E is through B, and the best path, from an IGP perspective, from B to D is through C. In this case, a route is advertised over eBGP from F towards E and D. These two eBGP speakers, in turn, advertise the route to their iBGP neighbors, B and C. Both B and C are route reflectors, so they both reflect the route on to A, which advertises the route to some other Continue reading

I’ve reorganized the menu on the left just a little, combining some items under “reading,” and adding a new item called “topics.” Under this new item, you’ll find collections of articles on specific topics from other sources, starting with the ‘net neutrality page and the meltdown and spectre post reformatted as a page, with some new additions. I’m always trying to find new ways to organize the information here, making it easier to find things; hopefully this is a useful change.

At the outset, it should be noted that the Reversal Order exudes its own political blather — kissing the internet vibrancy ring, extolling the virtues of the free market, and reciting the “internet freedom” incantation. Never mind that the present internet was nothing more than a U.S. version of Pouzin’s datagram invention that was funded with many billions of taxpayer dollars, controlled, hyped, and marketed for decades by the U.S. government to gain various perceived global strategic advantages that have largely proven illusory if not national security liabilities. —Anthony Rutkowski @ CircleID

EVPN gives us the ability to deploy VXLAN tunnels without controllers. Plus, it offers a range of other benefits such as reduction of data center traffic through ARP suppression, quick convergence during mobility, one routing protocol for both underlay and overlay and the inherent ability to support multi-tenancy (just to name a few). So EVPN for VXLAN for all of your layer 2 needs, right? Well it’s a little more complicated than that. —Diane Patton @ Cumulus

The folks over at the Network Collective brought on Jeff Tantsura to talk about the history of segment routing—another great show on networking history!

The data center technology evolution is going through an inflection point that will be very strongly driven during 2018/2019. Until now the industry was driving for cloud services centralization and transition of small and mid-sized enterprises to that cloud, I believe the next couple of years will show a change in the data center trends. It is very clear that all the mega data center operators will continue scale-out their data centers rapidly however that will just be a scale out effort not a technology change. While that massive scale-out effort is interesting to observe and be part of, the actual technology inflection point is not going to happen there in my opinion. —Yuval Bacher @ LinkedIn

One of the biggest mobile stories of the month has been Apple’s acknowledgement that it deliberately throttles the performance of its recent phones as their battery life decreases. While the company argues this is a helpful feature that extends the useable time of their devices between charges, the announcement has sparked public outcry and multiple lawsuits due to the company’s failure to alert users when throttling was activated or to let them know that if they just replaced their battery their phone would immediately and significantly speed right back up. What does this story reveal about our modern digital rights to the devices we buy? —Kalev Leetaru @ Forbes

That plane flying overhead could very well be scooping up your most intimate data, especially if you live in Texas. The Texas National Guard has reportedly equipped two of its RC-26 military aircraft with cell phone data-collecting dragnets, known as dirt boxes. The ability of government agencies to add new modifications to their aerial surveillance capabilities without any real oversight should sound an alarm for all Americans, not just those who live in the Lone Star State. —Dan King @ The American Conservative

Yesterday, David Benjamin posted a pretty esoteric note Continue reading

When the Internet started to become widely used in the 1990s, most traffic used just a few protocols: IPv4 routed packets, TCP turned those packets into connections, SSL (later TLS) encrypted those connections, DNS named hosts to connect to, and HTTP was often the application protocol using it all. —Mark Nottingham @ APNIC

As a result, ICANN, although notionally multi-stakeholder, in practice fails to fulfil the criterion of balance. Its processes do not place a priority on the facilitation of understanding and consensus between warring stakeholder groups, and this feeds politicking and strategic behavior. Even many industry stakeholders acknowledge this shortcoming; for example Jonathan Matkowsky, who works for a digital threat management company, said in an ICANN mailing list post recently, “It’s very sad to see the open Internet breaking down as a result of the multistakeholder process failing to work.” —Jeremy Malcom @ The Electronic Frontier Foundation

In a recent comment, Dave Raney asked:

Russ, I read your latest blog post on BGP. I have been curious about another development. Specifically is there still any work related to using BGP Flowspec in a similar fashion to RFC1998. In which a customer of a provider will be able to ask a provider to discard traffic using a flowspec rule at the provider edge. I saw that these were in development and are similar but both appear defunct. BGP Flowspec-ORF https://www.ietf.org/proceedings/93/slides/slides-93-idr-19.pdf BGP Flowspec Redirect https://tools.ietf.org/html/draft-ietf-idr-flowspec-redirect-ip-02.

This is a good question—to which there are two answers. The first is this service does exist. While its not widely publicized, a number of transit providers do, in fact, offer the ability to send them a flowspec community which will cause them to set a filter on their end of the link. This kind of service is immensely useful for countering Distributed Denial of Service (DDoS) attacks, of course. The problem is such services are expensive. The one provider I have personal experience with charges per prefix, and the cost is high enough to make it much less attractive.

Why would the cost be so high? The same Continue reading

Just a friendly reminder that I keep the ‘net Neutrality page up to date with a selection of articles I find from all sorts of different viewpoints. I am trying to avoid the “this is what you can do,” and “the fight is not over” sorts of articles, and focus on arguments making points in either one direction or the other, or some perspective I have not seen before.

I just added three more articles today.

Collaboration and information silos are a reality in most organizations today. People tend to regard them as huge barriers to innovation and organizational efficiency. They’re also a favorite target for solutions from software tool vendors of all types. Tools by themselves, however, are seldom (if ever), the answer to a problem like organizational silos. The reason for this is simple: Silos are made of people, and human dynamics are key drivers for the existence of silos in the first place. —Guy Martin @ opensource.com

While many have already seen something on these two, this is the best set of articles I’ve found on these vulnerabilities and the ramifications.

Meltdown and Spectre exploit critical vulnerabilities in modern processors. These hardware bugs allow programs to steal data which is currently processed on the computer. While programs are typically not permitted to read data from other programs, a malicious program can exploit Meltdown and Spectre to get hold of secrets stored in the memory of other running programs. This might include your passwords stored in a password manager or browser, your personal photos, emails, instant messages and even business-critical documents. —meltdownattack.com

Windows, Linux, and macOS have all received security patches that significantly alter how the operating systems handle virtual memory in order to protect against a hitherto undisclosed flaw. This is more than a little notable; it’s been clear that Microsoft and the Linux kernel developers have been informed of some non-public security issue and have been rushing to fix it. But nobody knew quite what the problem was, leading to lots of speculation and experimentation based on pre-releases of the patches. —ARS Technica

You don’t have to worry if you patch. If you download the Continue reading

Another installment in the History of Networking over at the Network Collective. This time we continue the conversation with Alistair Woodman on the history of Voice over IP.

The fragility of “smart homes” was brought to the forefront this week as a letter made the rounds allegedly sent by an ISP to its customers noting that those accused of repeated online copyright infringement activity could have their internet access suspended. Such a letter is hardly remarkable in today’s copyright aware environment, but what made this one stand out is the ISP’s notice that suspension of a user’s internet connection “may affect other services which you may have connected to your internet service, such as the ability to control your thermostat remotely or video monitoring services.” Does this really mean our ISP has the ability to cut off our heat in the middle of the winter? —Kalev Leetaru @ Forbes

The proliferation of mobile devices and the interconnectivity between them has created new application opportunities. These new applications are no longer limited to a single system space but are spread across many system spaces. This shift of application from single system-spaced, host-based systems to multisystem-spaced solutions is being hampered by software toolsets that are stuck in the older sequential computational models. —Antony Alappatt @The Association of Computing Machinery

Network Engineering and coding, like many other things in the information technology world, share overlapping concepts—even if we don’t often recognize the overlap because we are too busy making up new names to describe the same thing. For this week’s video, I turn my attention to the Application Programming Interface, or the API.

In the United States the debate between advocates of market-based resolution of competitive tensions and regulatory intervention has seldom reached the fever pitch that we’ve seen over the vexed on-again off-again question of Net Neutrality in recent weeks. It seems as it the process of determination of communications policy has become a spectator sport, replete with commentators who laud our champions and demonize our opponents. On the other hand, the way in which we communicate, the manner, richness and reach of our communications shapes our economy and our society, so its perhaps entirely proper that considerations of decisions relating to its form of governance are matters that entail public debate. —Geoff Huston @ potaroo