Episode 17 – BGP: Peering and Reachability

In this Community Roundtable episode, returning guests Russ White and Nick Russo start our three part deep dive into the Border Gateway Protocol, or BGP, with a look at terminology, how peer relationships form, the differences between internal and external BGP, and scaling techniques.

 

Show Links

https://tools.ietf.org/html/rfc4271

https://www.ietf.org/rfc/rfc1771.txt

http://bgp.us/

 

Show Notes

Overview

  • BGP is an external gateway protocol used widely in both the public internet and with enterprise organizations
  • BGP is the only external gateway protocol and is traditionally used primarily to connect networks to other networks
  • BGP was built primarily for policy propagation to provide reliability, scalability, and control
  • BGP v4 is created which is the base version we still use today though updated over the year

 

Terminology

  • Devices running BGP are called speakers
    • A connection between two speakers is called a peering session
    • The two speakers are often called peers or neighbors
  • Network Layer Reachability Information is a key term to remember — NLRI
    • Address Families (AFs) carry NLRIs for different topologies and different kinds of reachability information (v4, v6, ethernet, mpls, etc.
  • Autonomous System–a set of bgp speakers contained within a single administrative domain (with some rather loose Continue reading

Building An Enterprise Blockchain

The word has come down from the top: Your company is going blockchain, and you will be implementing it. You have heard the buzz and are aware there is a difference between blockchain – the distributed, peer-to-peer ledger system – and its digital currency cousin, Bitcoin, which has been in the headlines. But how do you build an enterprise-class blockchain?

Let’s start with the basic premise, as that will inform the architectural and technical choices you make. Organizations are jumping on the blockchain bandwagon as a means of making transactions that span multiple parties simpler, more efficient and available at

Building An Enterprise Blockchain was written by Timothy Prickett Morgan at The Next Platform.

The Curious Case of Caching CSRF Tokens

The Curious Case of Caching CSRF Tokens

It is now commonly accepted as fact that web performance is critical for business. Slower sites can affect conversion rates on e-commerce stores, they can affect your sign-up rate on your SaaS service and lower the readership of your content.

In the run-up to Thanksgiving and Black Friday, e-commerce sites turned to services like Cloudflare to help optimise their performance and withstand the traffic spikes of the shopping season.

The Curious Case of Caching CSRF Tokens

In preparation, an e-commerce customer joined Cloudflare on the 9th November, a few weeks before the shopping season. Instead of joining via our Enterprise plan, they were a self-serve customer who signed-up by subscribing to our Business plan online and switching their nameservers over to us.

Their site was running Magento, a notably slow e-commerce platform - filled with lots of interesting PHP, with a considerable amount of soft code in XML. Running version 1.9, the platform was somewhat outdated (Magento was totally rewritten in version 2.0 and subsequent releases).

Despite the somewhat dated technology, the e-commerce site was "good enough" for this customer and had done it's job for many years.

They were the first to notice an interesting technical issue surrounding how performance and security can often Continue reading

The Curious Case of Caching CSRF Tokens

The Curious Case of Caching CSRF Tokens

It is now commonly accepted as fact that web performance is critical for business. Slower sites can affect conversion rates on e-commerce stores, they can affect your sign-up rate on your SaaS service and lower the readership of your content.

In the run-up to Thanksgiving and Black Friday, e-commerce sites turned to services like Cloudflare to help optimise their performance and withstand the traffic spikes of the shopping season.

The Curious Case of Caching CSRF Tokens

In preparation, an e-commerce customer joined Cloudflare on the 9th November, a few weeks before the shopping season. Instead of joining via our Enterprise plan, they were a self-serve customer who signed-up by subscribing to our Business plan online and switching their nameservers over to us.

Their site was running Magento, a notably slow e-commerce platform - filled with lots of interesting PHP, with a considerable amount of soft code in XML. Running version 1.9, the platform was somewhat outdated (Magento was totally rewritten in version 2.0 and subsequent releases).

Despite the somewhat dated technology, the e-commerce site was "good enough" for this customer and had done it's job for many years.

They were the first to notice an interesting technical issue surrounding how performance and security can often Continue reading

New Amazon Echo Discounted $20 Right Now – Deal Alert

Amazon has a discount of $20 active right now on their all new Echo smart speaker, which features a new speaker, new design, and is available in a range of styles including fabrics and wood veneers. Echo connects to Alexa to play music, make calls, set alarms and timers, ask questions, control smart home devices, and more -- instantly. Echo averages 4 out of 5 stars on Amazon from over 2,200 reviewers, and with the current discount you can grab it for yourself (or someone else) now for just $79.99. See the discounted Echo deal now on Amazon.To read this article in full, please click here

DockerCon 2018 San Francisco CFP is Open

DockerCon CFP

Deadline: January 18th at 11:59 PST

The DockerCon San Francisco 2018 Call for Proposals is open! From beginners to experts, the Docker and Moby community come to DockerCon to learn, share and contribute. If you have Docker story to share, submit your talk today. The deadline for submissions is January 18th, 2018 at 11:59 PST.

 

Submit a talk

IT Pros How-tos (new)

SysAdmins, what is your container story? How did you operationalize Docker in your organization and what changes did it bring about? Tell us about a day or week in your life, and be sure to share your learnings, insights, recommendations and future plans!

Containers in Production – Customer Stories

Are you a Docker EE customer with production implementation advice and learnings to share? Can you share your technology stack, architecture decisions and trade offs, and your ROI? When attendees leave your session, they should understand how to apply your take-aways to their use case.

Great examples from previous events: Beyond Chicken Nuggets: 1 year and 1,000 Containers Later at ADP by James Ford and Taking Docker from Local to Production at Intuit by JanJaap Lahpor and Harish Jayakumar

Cool Apps

What are you building with the Continue reading

Reflections from the Global Commission on the Stability of Cyberspace

Two weeks ago, a small delegation from the Internet Society was in Delhi for a series of meetings. (See yesterday’s post about GCCS and GFCE.) In this post, I’ll pick up with the Global Commission on the Stability of Cyberspace (GCSC).

The international community has been trying to develop cybernorms for international behaviour for over a decade. This has been happening through UN processes, through the GCCS, through international law discourse, and other fora. And, some progress has been made. For instance, the Tallin manuals provide some insights on how international law applies to cyber war and cyber operations, while the UN GGE, among others, recognized the applicability of international law on the digital space and has provided some protection to cybersecurity incident response teams (CIRTs) and critical infrastructure.

However, these processes are slow, and certainly not without roadblocks. The 5th UN Group of Governmental Experts on Information Security (GGE), for example, failed to reach consensus on whether certain aspects of international law, in particular the right to self-defence, apply to cyberspace as well as issues related to attribution. During a panel at GCCS, five participants in the 5th UN GGE shared their perspectives. To me Continue reading

Fish Gets a New Job: “Solutions Architect”

Many of the best things that have happened in my life weren’t planned.  ?  Becoming a “Solutions Architect” is one of those things.  I didn’t plan it.  I’ve been in CPOC (Customer Proof of Concept) for almost 17 years now.  ?  Why?  Cause truthfully, having fun and enjoying my job is exceedingly important to me.  And I’ve never seen a job (in Cisco or outside) that would be more of an absolute perfect fit for me and what I consider “fun”.

But like I said…. Many of the best things that have happened in my life weren’t planned.  ?

For those of you who know how very much I totally love CPOC… you might be wondering “Fish, what happened that made you decide to look for another job?”.    Uh… nothing.  Like I said… it wasn’t planned.  In fact, i didn’t even interview or apply for the job.

The new job is actually

  • a newly created position in a
  • just created team
  • reporting to an awesome leader
  • with 2 technical playmates I adore (ahem.. sorry.. co-workers)

 

Solutions Architect: What I Will Be Doing

Teehee… well the team literally just came Continue reading

Fish Gets a New Job: “Solutions Architect”

Many of the best things that have happened in my life weren’t planned.  ?  Becoming a “Solutions Architect” is one of those things.  I didn’t plan it.  I’ve been in CPOC (Customer Proof of Concept) for almost 17 years now.  ?  Why?  Cause truthfully, having fun and enjoying my job is exceedingly important to me.  And I’ve never seen a job (in Cisco or outside) that would be more of an absolute perfect fit for me and what I consider “fun”.

But like I said…. Many of the best things that have happened in my life weren’t planned.  ?

For those of you who know how very much I totally love CPOC… you might be wondering “Fish, what happened that made you decide to look for another job?”.    Uh… nothing.  Like I said… it wasn’t planned.  In fact, i didn’t even interview or apply for the job.

The new job is actually

  • a newly created position in a
  • just created team
  • reporting to an awesome leader
  • with 2 technical playmates I adore (ahem.. sorry.. co-workers)

 

Solutions Architect: What I Will Be Doing

Teehee… well the team literally just came Continue reading

Popular Destinations rerouted to Russia

Early this morning (UTC) our systems detected a suspicious event where many prefixes for high profile destinations were being announced by an unused Russian Autonomous System.

Starting at 04:43 (UTC) 80 prefixes normally announced by organizations such Google, Apple, Facebook, Microsoft, Twitch, NTT Communications and Riot Games were now detected in the global BGP routing tables with an Origin AS of 39523 (DV-LINK-AS), out of Russia.

Looking at timeline we can see two event windows of about three minutes each. The first one started at 04:43 UTC and ended at around 04:46 UTC. The second event started 07:07 UTC and finished at 07:10 UTC.

Even though these events were relatively short lived, they were significant because it was picked up by a large number of peers and because of several new more specific prefixes that are not normally seen on the Internet. So let’s dig a little deeper.

One of the interesting things about this incident is the prefixes that were affected are all network prefixes for well known and high traffic internet organizations. The other odd thing is that the Origin AS 39523 (DV-LINK-AS) hasn’t been seen announcing any prefixes for many years (with one exception below), so why Continue reading
1 1,783 1,784 1,785 1,786 1,787 3,832