We would like to provide you with a better user experience. Please re-enable Javascript in your web browser.
I’ve often heard that security is hard. And good security is very hard. Despite the best of intentions, and the investment of considerable care and attention in the design of a secure system, sometimes it takes the critical gaze of experience to sharpen the focus and understand what’s working and…
Last month, in January 2014, I reported on the size of the Internet’s inter-domain routing table, and looked at some projection models for the size of the default-free zone in the coming years. At present these projections are looking at relatively modest levels of growth of some 7 – 8%…
The Border Gateway Protocol, or BGP, has been toiling away, literally holding the Internet together, for more than two decades and nothing seems to be falling off the edge of the Internet so far. As far as we can tell everyone can still see everyone else, assuming that they want…
If the motivation behind the effort behind securing BGP was to allow any BGP speaker to distinguish between routing updates that contained “genuine†routing information and routing updates that contained contrived or false information, then these two reports point out that we’ve fallen short of that target. What’s gone wrong?…
The Internet has managed to collect its fair share of mythology, and one of the more persistent myths is that from its genesis in a cold war US think tank in the 1960’s the Internet was designed with remarkable ability to “route around damage.” Whether the story of this cold…
It seems that the discussion about route leaks and securing BGP continues. Here, I’d like to quickly explore the issues related to the distinction between routing protocols, routing policies, routing and packet forwarding, and look at why securing the routing protocol does not necessarily ensure that you have secured packet…
Its happened again. We’ve just had yet another major routing leak, this time bringing down the Internet for most of an entire country. Maybe twenty years ago no one would’ve noticed, let alone comment, but now of course its headline material in the media. What happened? And how could this…
Until recently IP network operators were encouraged to set up so-called “bogon address filters” at the edge of their networks. These filters were intended to discard all incoming traffic where the source address in the IP header was from a block of addresses that was known to be unallocated. The…
In the previous article on the growth trends of BGP we looked at the BGP routing table, and looked at some predictive models for the growth of the size of the Internet’s routing table. The conclusions made in that article were that while there is a very high level of…
BGP has been toiling away, literally holding the Internet together, for more than two decades, and nothing seems to be falling off the edge of the Internet. As far as we can tell everyone can still see everyone else, and routing appears to be working. So why should we be…
