A story I wrote for Ars Technica about depeering between Cogent and Telia, with some info about BGP hot potato and cold potato routing.
Permalink - posted 2008-03-21
►
In january, Geoff Huston wrote to the NANOG list:
George Michaelson, Randy Bush and myself have successfully tested the
implementation of 4Byte AS BGP on a public Internet transit. The
above BGP RIB snapshot was taken at a 4Byte BGP speaker in North
America, showing a transit path across AS 1221, AS 4637, AS 1239 and
AS 3130 , with correct reconstruction of the originating AS at the
other (4Byte AS) end.
At the time of this writing, their prefix is no longer visible in the global BGP table...
Full article / permalink - posted 2007-04-12
▼
In january, Geoff Huston wrote to the NANOG list:
George Michaelson, Randy Bush and myself have successfully tested the
implementation of 4Byte AS BGP on a public Internet transit. The
above BGP RIB snapshot was taken at a 4Byte BGP speaker in North
America, showing a transit path across AS 1221, AS 4637, AS 1239 and
AS 3130 , with correct reconstruction of the originating AS at the
other (4Byte AS) end.
At the time of this writing, their prefix is no longer visible in the global BGP table, but
telnet to route-views.oregon-ix.net and type:
show ip bgp regexp _23456_
Until the Route Views server is upgraded to support 32-bit ASes, this will give you
all the prefixes/AS paths with a 32-bit AS number in them. Currently, those are:
- 84.205.88.0/24, "RIPE-NCC-RIS 4-byte ASN testing prefix", advertised from AS 196615 aka AS 3.7
- 145.125.0.0/20, "SURFNET-TEST-NETWORK 4BYTE ASN", advertised from AS 196613 aka AS 3.5
There are now patches to make OpenBGPD 32-bit AS capable and also patches for Quagga.
For more information on 32-bit ASes, have a look at an earlier article on BGPexpert.com.
Permalink - posted 2007-04-12
►
Old dogs can learn new tricks. That's a good thing, because securing inter-domain routing requires a whole bag of them. After lots of talk about S-BGP and soBGP over the past years, more recently, work in the IETF on making inter-domain routing more secure has shifted to a different approach.
Full article / permalink - posted 2007-03-21
▼
Warning: spoiler. Last week's episode (#74) of MythBusters showed that, in fact, old dogs can learn new tricks. That's a good thing, because securing inter-domain routing requires a whole bag of them. After lots of talk about S-BGP and soBGP over the past years, more recently, work in the IETF on making inter-domain routing more secure has shifted to a different approach. The relatively new secure inter-domain routing (sidr) working group is now working on providing a public key infrastructure that makes it possible to link an IP prefix to an origin AS with certificates. In the future, this mechanism may be used in S-BGP, soBGP or a similar mechanism, but in the mean time, it allows generating and validating filters. Although it's possible to choose arbitrary trust anchors, the idea is that IANA and the RIRs will serve as certificate authorities as they are the ones giving out the address space and AS numbers. Although the basic idea is simple enough, I'm slightly worried about how this is going to work in practice, because the underlying mechanisms are very complex, and not something "BGP people" are likely to be familiar with. Have a look at the sidr page on the IETF website and the links to the current drafts to get an idea. A good one to start with is draft-ietf-sidr-arch-00.txt or "An Infrastructure to Support Secure Internet Routing". (Link to the latest version.)
Permalink - posted 2007-03-21
OpenBSD, the security conscious sibling in the BSD operating system family, has its own BGP daemon implementation: OpenBGPD.
Permalink - posted 2007-01-30
As Zebra progress has been glacial, a group of people created a fork under the name Quagga. Quagga is more community-based and a somewhat better choice than Zebra in an operational environment.
Permalink - posted 2007-01-30
2006 was another busy year for the five Regional Internet Registries: together, they gave out 161.48 million IPv4 addresses, just shy of the 165.45 million given out in 2005 as measured on january first 2006.
Lots more information in the 2006 IPv4 Address Use Report.
Permalink - posted 2007-01-01
older posts
- newer posts
