Image couldn't load - you don't seem to have IPv6 connectivity

blog topics: BGP · IPv6 · more · my publications · my business: inet⁶ consult · contact: Twitter · LinkedIn · email · 🇺🇸 🇳🇱

These are all posts about BGP, including those originally published on

Be gone, AS_SETs!

As I was writing my RPKI path validation draft last week, I considered the issue of filtering BGP AS paths with AS_SETs in them.

Turns out that I'm not the only one who feels AS_SETs are unnecessary: there's an RFC saying the exact same thing: RFC 6472.

Full article / permalink - posted 2019-06-24

Path validation with RPKI draft

Last week, I suggested it's time fix those BGP route leaks. I live by the words everybody complains about the weather, but nobody does anything about it, so as such I wrote an Internet-Draft with the protocol changes necessary:


I think we can stop these route leaks with a relatively modest change to RPKI: by combining the ASes the origin trusts and the ASes the operator of an RPKI relying party server trusts, we have a list of all the ASes that may legitimately appear in the AS path as seen from this particular vantage point.

Full article / permalink - posted 2019-06-20

Let's fix those BGP route leaks

Last week, there was a large route leak that involved Swiss hosting company Safe Host and China Telecom. The route leak made internet traffic for European telecoms operators KPN, Swisscom and Bouygues Telecom, among others, flow through Safe Host and China Telecom against the wishes of the telecom operators involved. See this Ars Technica story for more details.

In this post, I'm going to explain how the interaction between the technical and business aspects of internet routing have made this issue so difficult to fix. At the end I'll briefly describe a proposal that I think can actually make that happen.

Read the article - posted 2019-06-13

→ Happy Birthday BGP

Geoff Huston has written a post on the APNIC blog congratulating BGP with its 30th birthday. BGP version 1 was published as RFC 1105 in June of 1989. Five years later, the BGP version 4 was published as RFC 1654. And we're still using BGP-4 today, 25 years later! Lots of things, including IPv6 support, were added later in backward compatible ways.

As usual, Geoff's story is comprehensive with lots of interesting details. For instance:

From time to time we see proposals to use geo-based addressing schemes and gain aggregation efficiencies through routing these geo-summaries rather than fine-grained prefixes.

Sorry about that. 😀 I still think it could work, though.

Well worth a read.

Permalink - posted 2019-06-10

→ - I just love looking at this stuff.

Permalink - posted 2019-03-08

Slides: NL-ix BGP security update

Slides from the presentation about BGP security that I did with Lucas van den Berg and Martin Hein for NL-ix in Copenhagen, 19 April 2018.

Permalink - posted 2018-04-19

older posts - newer posts

Search for:
RSS feed

Archives: 2000, 2001, 2002, 2003, 2004, 2005, 2006, 2007, 2008, 2010, 2011, 2013, 2014, 2015, 2016, 2018, 2019, 2020