iljitsch.com

blog topics: BGP · IPv6 · more · my publications · my business: inet⁶ consult · contact: Twitter · LinkedIn · email · 🇺🇸 🇳🇱

These are all posts about BGP, including those originally published on BGPexpert.com.

When the BGP table hits 1 million prefixes, will history repeat itself?

On the APNIC blog, Danny Pinto asks What will happen when the routing table hits 1024k? Back in 2014, the IPv4 BGP table reached 512k, a common limit in many routers at the time, and some bad things happened. See my post BGP table hitting 512k limit in older routers. And pretty much the same thing happened in 2008, when the BGP table hit 256k.

Full article / permalink - posted 2021-03-23

→ The dark side of BGP community attributes

An article I wrote for the Noction blog looking at possible attacks using the BGP community attribute.

A while ago, RIPE Labs published the two-part article BGP Communities – A Weapon for the Internet. That may have been a bit of a shock for those of us making good use of BGP community attributes as an important tool in our BGP arsenal.

Conclusions:

This community-based attack is definitely something we need to be prepared for and defend against. But does this warrant considering BGP communities “a weapon for the internet”? That seems a bit extreme.

But:

Treat your BGP communities with respect, you don’t want to encounter their dark side.

Permalink - posted 2020-12-07

RPKI tools and deployment

Recently, Cloudflare launched Is BGP safe yet?. And they immediately answer their own question: No.

What they're getting at is RPKI deployment. RPKI is a mechanism that lets the owner of a block of IP addresses specify which network gets to use those addresses. (Which AS gets to originate a prefix, in BGP speak.) RPKI protects to some forms of (mostly accidental) address hijacking. But for RPKI to work, the address owner needs to publish a "route origination authorization" (ROA) and networks around the globe need to filter based on these ROAs.

Five years ago, I wrote that RPKI is ready for real-world deployment. So where are we now? The US National Institute of Standards and Technology (NIST) has a very nice RPKI deployment monitor, showing the following graph:

Full article / permalink - posted 2020-05-04

→ BGP – the right tool for so many jobs

This is a post that I wrote for the Noction blog:

Like other very successful protocols such as HTTP and DNS, over the years BGP has been given more and more additional jobs to do. In this blog post, we’ll look at the new functionality and new use cases that have been added to BGP over the years. These include various uses of BGP in enterprise networks and data centers.

Recently, I've been looking a bit at BGP in datacenters, and it's really interesting to see how BGP is used in such different ways than it is for global inter-domain routing.

Permalink - posted 2020-03-23

BGP hands-on training courses in 2020

For 2020, there will be hands-on BGP training courses in association with NL-ix on the following dates:

Permalink - posted 2020-02-12 - 🇳🇱 Nederlandse versie

Winner doesn't take all: IPv6 is now a success, even at 25% deployment

We shouldn't gauge the success of IPv6 by looking at how much IPv6 replaces IPv4, but by how much IPv6 complements IPv4. And it's already doing that quite well today by making IPv4aaS (IPv4 as a service) possible. And IPv4aaS will make ISPs require IPv6 when peering with streaming services and other big content providers.

Permalink - posted 2020-01-23 - 🇳🇱 Nederlandse versie

older posts - newer posts

Search for:
RSS feed

Archives: 2000, 2001, 2002, 2003, 2004, 2005, 2006, 2007, 2008, 2010, 2011, 2013, 2014, 2015, 2016, 2018, 2019, 2020, 2021