BGP. It’s that magical protocol that runs the internet. For for as much as BGP is a fundamental, critical, irreplaceable part of the core functioning of the internet, it is a protocol that has not aged well as far as security is concerned. See, BGP was born when the internet was really still an academic experiment. Handshakes and loose agreements were totally fine for connecting a new site. 

A few months ago Kevin Myers of IP Architechs introduced me to a really interesting project called FreeRouter. Being that I absolutely love alternative routing platforms and feature complete simulation environments, this really got me going. I tend to define “feature complete” in a routing platform as something that can do both IS-IS and MPLS. Given that there aren’t many platforms that do both correctly or within a reasonable budget, and offer simulation options, I was pretty…

Anyone that looks at this site with any regularity may have noticed that I have been pretty remiss in adding posts - for that I apologize, things have been busy. However, I have not been absent in the tech world…quite the opposite, in fact. I’ve been spending more and more time on podcasts and other forms of tech media which I have not provided links for here. So, to help expose that, here are a few of the other media resources I’ve been popping up in. Professionally…

Edit: Going against my normal “just get the content out there” methodology, I’ve been mulling over this blog post since July of 2016.  Segment routing is such a beautifully elegant solution I have had trouble articulating that fact. WAN technologies are squarely within my wheelhouse, and this one fits in so well I was going over and over the post never really satisfied with it, continuing to find mistakes and decided to just get it out there. 

     I was recently at a meeting where BGP RPKI was the topic de jour. While this has been a topic that I have visited on occasion of the last few years and something I wanted to spend significant time on, I have found that setting aside the time has been difficult and sparse, much like the deployment of BGP RPKI. In order to better understand the options available, it’s important to break down the pieces and terminology involved; BGP is daunting enough to those unfamiliar with it and…

A few years ago I wrote some text on interdomain SDN. Years later, work is being done, smart people are thinking about it and building ways to make it a reality. Not being one to give up on an idea, I gave this presentation in may at ChiNOG  on what my take on what that architecture should be. I (we) propose that the use of existing protocols such as BGP FlowSpec will make this realistically deployable and maintainable given some simple, pluggable middleware. As work continues to happen on this,…

For those that run BGP networks, BGPmon is often a tool they turn to for some really unique and hard to find information. Remember back in February 2008 when Pakistan Telecom “blocked” Youtube? That one was a really, really public example of something that BGPMon caught. BGPmon has been around for a long, long time. Quietly watching prefixes. Silently noting changes and reporting them to the ones lucky enough to know of its existence. For those that don’t know how BGP works, I…

In a few weeks I’ll have the opportunity to participate in another Network Field Day. I’ve been lucky enough to have the opportunity to attend in the past and have done some remote participation when possible, but like some of the other rare opportunities I have had in my career, NFD is fairly unique in that it is constantly evolving in both the information provided and the individuals involved. As the saying goes, variety is the spice of life. I’m particularly excited about…

I admit that the title was meant to be inflammatory.  However, there are use cases that aren’t terribly uncommon where an in-line security appliance is just not the correct tool for the job.  Someone once told me “a firewall protects a network like a fuse protects an electrical circuit”, and it’s mostly a correct statement. Firewall vendors will probably argue this and enterprise folks may discount this as heresy and call for burning me at the stake.  I can say, though,…

I’ve blathered on about BGP forever.  Say what you will about the venerable protocol, it runs the interwebs, is reliable, extendable and well documented.  I’ve also espoused”) ad nauseam about IPv6, so none of this [admitted] rant should really be a surprise coming from me. As of 8/12/2014, according to the CIRD report (and many mailing lists), the default free global ipv4 routing table has reached 512k routes.  This is a milestone from many perspectives, but more importantly,…