Image couldn't load - you don't seem to have IPv6 connectivity

iljitsch.com

blog topics: BGP · IPv6 · more · my publications · my business: inet⁶ consult · contact: Twitter · LinkedIn · email · 🇺🇸 🇳🇱

These are all posts about BGP, including those originally published on BGPexpert.com.

Valid address space, bogons and martians

There are some advantages to filtering out packets with invalid addresses in them. That would be a packet with a private source or destination address, for instance. Those never have any business traveling across the internet. (Not to be confused with BCP 38 filtering.) For instance, there have been instances where spammers grab an unused prefix, start announcing it in BGP, do a spam run and then drop the prefix. When packets with private addresses enter your network, bad things may happen if you use those addresses yourself. And these invalid "martian" packets are just an annoyance, using up traffic and generating log entries.

Full article / permalink - posted 2019-11-28

Routing theory: are link state and distance vector the only games in town?

During his talk about 30 years of BGP, Geoff Huston said something along the lines of "someone should come up with another type of routing protocol besides distance vector and link state". That is of course too delicious a challenge to ignore...

Full article / permalink - posted 2019-10-15

Securing BGP: we can do it!

In this month's edition of The ISP Column Why is Securing BGP just so Damn Hard? Geoff Huston asks himself exactly this question. He lists ten reasons. I don't agree with most of them: this is a solvable problem.

Full article / permalink - posted 2019-09-20

Presentatie: BGP-beveiliging en route leaks

Mijn presentatie bij NiVo Network Architects over BGP-beveiliging en route leaks, 10 september 2019 in Weesp.

Permalink - posted 2019-09-10

Slides: Validating the BGP AS path with RPKI

Slides from my presentation about validating the BGP AS path with RPKI at the Euro-IX Route Server Workshop Amsterdam, 18 July 2019.

Permalink - posted 2019-07-18

Be gone, AS_SETs!

As I was writing my RPKI path validation draft last week, I considered the issue of filtering BGP AS paths with AS_SETs in them.

Turns out that I'm not the only one who feels AS_SETs are unnecessary: there's an RFC saying the exact same thing: RFC 6472.

Full article / permalink - posted 2019-06-24

older posts - newer posts

Search for:
RSS feed

Archives: 2000, 2001, 2002, 2003, 2004, 2005, 2006, 2007, 2008, 2010, 2011, 2013, 2014, 2015, 2016, 2018, 2019, 2020