Path Prepending in BGP

In this article I’d like to look at one particular aspect of the Internet’s inter-domain routing framework, namely the role of the Autonomous System (AS) Path in the operation of BGP, and in particular the use of AS Prepending. What is an Autonomous System? To introduce this topic a brief…


DNS Resolver Centrality

At various times the Internet has been touted as a triumph of the power of open markets and competition. This line of argument says that unfettered by the often regressive and stultifying hand of government regulation, open markets are able to react to the needs of consumers. The rigors of…


Why is Securing BGP just so Damn Hard?

Stories of BGP routing mishaps span the entire thirty-year period that we’ve been using BGP to glue the Internet together. We’ve experienced all kinds of route leaks from a few routes to a few thousand or more. We’ve seen route hijacks that pass by essentially unnoticed, and we’ve seen others…


DNS Query Privacy

Much has been said and written in recent times about the use of the DNS as a means of looking at the behaviour of end systems and inferring user behaviours. Almost every transaction starts with a DNS query, and if one were to assemble the complete set of DNS queries…


TCP MSS Values

At the recent IEPG meeting in Montreal in July 2019 Joel Jaeggli of Fastly talked on the topic of the settings of the TCP Maximum Segment Size (MSS) field in TCP implementations. There has been a recent vulnerability published (described in CVE-2019-11477, 11478 and 11479) relating to the Linux TCP…


No So Private Thoughts at IETF 105

At IETF 105, held in Montreal at the end of July, the Technical Plenary part of the meeting had two speakers on the topic of privacy in today’s Internet, Associate Professor Arvind Narayanan of Princeton University [1] and Professor Steven Bellovin of Colombia University [2]. They were both quite disturbing…


Looking for What’s Not There

DNSSEC is often viewed as a solution looking for a problem. It seems only logical that there is some intrinsic value in being able to explicitly verify the veracity and currency of responses received from DNS queries, yet fleshing this proposition out with practical examples has proved challenging. The relatively…


Network Protocols and their Use

In June I participated in a workshop, organized by the Internet Architecture Board, on the topic of protocol design and effect, looking at the differences between initial design expectations and deployment realities. These are my impressions of the discussions that took place at this workshop. 1 – Case Studies In…


Happy Birthday BGP

The first RFC describing BGP, RFC 1105, was published in June 1989, thirty years ago. By any metric that makes BGP a venerable protocol in the internet context and considering that it holds the Internet together it’s still a central piece of the Internet’s infrastructure. How has this critically important…


Report: DNS OARC 30 Meeting

DNS OARC held its 30th meeting in Bangkok on the 12th and 13th May. Here’s what attracted my interest from two full days of DNS presentations and conversations, together with a summary of the other material that was presented at this workshop. Some Bad News for DANE (and DNSSEC) For…