Interesting People mailing list archives

Previous By Date Next
Previous By Thread Next

Another youtube-ish BGP problem threatens the global routing tables

From: David Farber <dave () farber net>
Date: Tue, 11 Nov 2008 04:19:29 -0500


Begin forwarded message:

From: "jamie rishaw" <j () arpa com>
Date: November 11, 2008 1:04:23 AM EST
To: dave () farber net
Subject: Another youtube-ish BGP problem threatens the global routing tables 

[For IP]
You may recall the event just a few months ago that alleged a Pakistani "hijack" of the BGP route-advertisements leading to Youtube.. the same is under way as I type this. 

:: Short Story / "Breaking News" ::
Hundreds to thousands of networks connected to the internet are being threatened and "black holed" by what appears to be a failure of trust in the policies implementing the Internet routing protocol BGP. 

:: More details :: -->
Thousands of network routes on the Internet are being advertised('originated') by an end-point-network that should NOT be doing so. (To put in other terms, Company XYZ is advertising the IP routes of companies A, B, C, D, 123, 99F, D3ADB33F and nine thousand others -- black-hole-ing them to major parts of the internet).
How? In the sometimes blind trust that network operators give other network operators, a failure to limit the BGP 'advertisements' of customers' networks is turning into a sharp reminder of the fragility of our Internets. (All of them). ;)
I'm going to go "out on a limb" here and assert that while I don't believe what's going on right now is an Attack, it certainly highlights and front-burners the reality that our global routing tables are extremely vulnerable. As an extremely bright fellow engineer[1] pointed out recently, BGP is a fragile - nay - crumbling - protocol and practice that needs to be rearchitected.
The routing of my own networks and the networks of many others was brought front-burner tonight when alerts were raised[2] about possible route-hijacking. Intended to serve the purpose of alerting of situations just like this, network operators across in the states and across the pond collaborated on the NANOG (the North American Network Operators' Group) mailing list, and, of course, real-time in a private realtime-messaging environment. Call after call was made, to deaf ears, and the network advertisements persist.
Nobody anticipates any response before tomorrow, at which point damage has been done.
Serious improvements to. and rearchitecture of, the limitations and vulnerabilities of BGP, needs to be brought to light. Two incidents, both directly attributable to bgp, in one six month period, are proving to be serious challenges to the "structural integrity" of the Internet. 

  What will it take to get serious response?

-jamie


[1] Tony Kapela, http://blog.wired.com/27bstroke6/2008/08/revealed-the-in.html
[2] Via BGPMon, bgpmon.net

--
jamie rishaw <j *(at)* arpa-dot-com>
arpa :: instigating advancement
did :: +1-(800)-827-2096 x100




-------------------------------------------
Archives: https://www.listbox.com/member/archive/247/=now
RSS Feed: https://www.listbox.com/member/archive/rss/247/
Powered by Listbox: http://www.listbox.com
Previous By Date Next
Previous By Thread Next

Current thread: