Interesting People mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Another youtube-ish BGP problem threatens the global routing tables

From: David Farber <dave () farber net>
Date: Tue, 11 Nov 2008 09:04:25 -0500


Begin forwarded message:

From: Tony Lauck <tlauck () madriver com>
Date: November 11, 2008 8:52:11 AM EST
To: dave () farber net
Subject: Re: [IP] Another youtube-ish BGP problem threatens the global routing tables
The linked article implies that BGP as a "core" internet protocol was developed in the 1970's. It was not. I was on the IAB in the early 1990's when BGP was introduced. The IAB was well aware of many limitations of this protocol, but it was the best available technology at the time that (partially) solved a critical problem and so we were forced to accept it. 

>http://blog.wired.com/27bstroke6/2008/08/revealed-the-in.html
If it had not been for concerted government efforts in the 70's, 80's and 90's to impede or suppress encryption technology perhaps we would not be facing these particular difficulties. Export controls on encryption made it difficult in this period for manufacturers to incorporate encryption technology into their products. (I have first hand experience of this.) Political pressure from large governmental customers may also have contributed, but I can only speculate about that, as those who I have questioned in the past were close mouthed. (It was difficult to carry on reasonable conversations on these subjects with individuals who had the appropriate knowledge, because their security clearances required them to be "split brain".) 


Tony Lauck
https://www.aglauck.com

http://blog.wired.com/27bstroke6/2008/08/revealed-the-in.html
David Farber wrote:

Begin forwarded message:
*From: *"jamie rishaw" <j () arpa com <mailto:j () arpa com>>
*Date: *November 11, 2008 1:04:23 AM EST
*To: *dave () farber net <mailto:dave () farber net>
*Subject: **Another youtube-ish BGP problem threatens the global routing tables* 
[For IP]
You may recall the event just a few months ago that alleged a Pakistani "hijack" of the BGP route-advertisements leading to Youtube.. the same is under way as I type this. 
:: Short Story / "Breaking News" ::
Hundreds to thousands of networks connected to the internet are being threatened and "black holed" by what appears to be a failure of trust in the policies implementing the Internet routing protocol BGP. 
:: More details :: -->
Thousands of network routes on the Internet are being advertised('originated') by an end-point-network that should NOT be doing so. (To put in other terms, Company XYZ is advertising the IP routes of companies A, B, C, D, 123, 99F, D3ADB33F and nine thousand others -- black-hole-ing them to major parts of the internet). How? In the sometimes blind trust that network operators give other network operators, a failure to limit the BGP 'advertisements' of customers' networks is turning into a sharp reminder of the fragility of our Internets. (All of them). ;) I'm going to go "out on a limb" here and assert that while I don't believe what's going on right now is an Attack, it certainly highlights and front-burners the reality that our global routing tables are extremely vulnerable. As an extremely bright fellow engineer[1] pointed out recently, BGP is a fragile - nay - crumbling - protocol and practice that needs to be rearchitected. The routing of my own networks and the networks of many others was brought front-burner tonight when alerts were raised[2] about possible route-hijacking. Intended to serve the purpose of alerting of situations just like this, network operators across in the states and across the pond collaborated on the NANOG (the North American Network Operators' Group) mailing list, and, of course, real-time in a private realtime-messaging environment. Call after call was made, to deaf ears, and the network advertisements persist. Nobody anticipates any response before tomorrow, at which point damage has been done. Serious improvements to. and rearchitecture of, the limitations and vulnerabilities of BGP, needs to be brought to light. Two incidents, both directly attributable to bgp, in one six month period, are proving to be serious challenges to the "structural integrity" of the Internet. 
 What will it take to get serious response?
-jamie
[1] Tony Kapela, http://blog.wired.com/27bstroke6/2008/08/revealed-the-in.html
[2] Via BGPMon, bgpmon.net <http://bgpmon.net>
--
jamie rishaw <j *(at)* arpa-dot-com>
arpa :: instigating advancement
did :: +1-(800)-827-2096 x100
------------------------------------------------------------------------
Archives <https://www.listbox.com/member/archive/247/=now> <https://www.listbox.com/member/archive/rss/247/ > [Powered by Listbox] <http://www.listbox.com> 




-------------------------------------------
Archives: https://www.listbox.com/member/archive/247/=now
RSS Feed: https://www.listbox.com/member/archive/rss/247/
Powered by Listbox: http://www.listbox.com
Previous By Date Next
Previous By Thread Next

Current thread: