Slashdot Mirror
The Status of Routing Reform — How Fragile is the Internet?
crimeandpunishment points out the Associated Press's look (as carried by SkunkPost) "at an issue the government has been aware of for more than 20 years, but still isn't fixed and continues to cause Internet outages: a flaw in the routing system that sends data from carrier to carrier. Most outages are innocent and fixed quickly, but there's growing concern the next one could be devastating. A general manager at Renesys Corporation, which tracks the performance of Internet data routes, says, 'It amazes me every day when I get into work and find it's working.'"
So the strength of the internet ( no single point of failure) is it's weakness.
...i'm glad I decided to wait for internets2 before i get online.
[posted via FIDOnet]
THL phish sticks
Kind of. However, it has also always been this way, and it has survived so far. All that has really changed is the number of players has increased, and the size of the routing tables are increasing.
It has to work, so a lot of people should notice very quickly if something large goes wrong.
It also cannot very easily be fixed, as many players would have to spend a lot of money for it to change, and there is little financial incentive to chase that ghost.
And you thought IPv6 or DNSSEC adoption was taking a long time... imagine how many decades it would take for SBGP adoption?
First of all, the US federal government shouldn't have the power to do this even in America, and it definitely doesn't have the power to enforce this in the rest of the world.
Secondly, no sane ISP will forward BGP data.
This limits the problem to people with access to core internet routers. Companies that own these routers should only give access to extremely trustworthy people, and even then, they should still only need to access the server when there's a legitimate change. The issue then lies with accidents, which will always happen, no matter what you do, and corruptness. Corrupt ISPs should be removed from the network as soon as they are found to be corrupt.
BGP Filtering. There, fixed that for you.
Seeing as Al Gore invented the internet and all, I presume this 'Inconvenient Truth' could be fixed by a consortium of Ted Stevens, Gore, and some good tube management.
'We are trying to prove ourselves wrong as quickly as possible, because only in that way can we find progress.' RPF
WHY should the government intervene? It's not the government's internet!
Get them involved and it'll really be fixed beyond repair!
"In the meantime, network administrators deal with hijacking an old-fashioned way: calling their counterparts close to where the hijacking is happening to get them to manually change data routes. Because e-mails may not arrive if a route has been hijacked, the phone is a more reliable option, says Tom Daly, chief technical officer of Dynamic Network Services Inc., which provides Web hosting and other Internet services."
Last week we were running out of IPv4 and now it's BGP hijacking and next week who knows. The sky will not be falling and the Internet(s) is not going to die. I actually read the whole article and omg Pentagon's Defense Advanced Research Projects Agencys Peiter Zatko claims he can take the Internet(s) down in a few hours. I say BS.
This "hijacking" happens all the time, people immediately see it and fix it and nobody notices.
9/11: Never forget it was a false-flag operation
Route filtering, USE IT!
Especially when peering with Pakistani/Chinese/etc ISPs.
This is why RIRs such as RIPE/ARIN/APNIC have their information publicly available.
So you know which addresses belong to who.
Only accept routes from your BGP peers that you know belong to them.
This also (in addition to hijack prevention) prevents a clueless NOC monkey from another autonomous system from messing up your whole network by announcing a default route.
The only reason a Major ISP hasn't had a full, network wide outage is simply a lack of desire on the part of the people that would be capable of doing such a thing. In fact, many ISPs do have network wide outages fairly regularly but are able to keep it hidden. Most customers think it was local to them. What makes networks so week? The same thing that caused the oil spill in the gulf. It costs to much to do things correctly. And what are the chances anything bad will happen... right?
What?! Anyone can edit it?! Really???
'It amazes me every day when I get into work and find the Wikipedia front page has not been blanked or filled with goatse porn.'
Routing reform? The answer is simple. Just fine Cisco $750 for every router until it starts routing correctly (or they go bankrupt and take Federal bailout money in exchange for incorporating federal guidelines in all future router designs; including backdoor, and mandating USGaBGP, US government-authorized BGP, where the government will issue every router operator who pays the fee and follows the rules a digital certificate to use their AS number, and a digital certificate for each IP prefix the router owner obtains, after filling out 100000 reams of paperwork).
There, fixed it for you.
From TFA:
"It's kind of everybody's problem, because it impacts the stability of the Internet, but at the same time it's nobody's problem because nobody owns it," says Doug Maughan, who deals with the issue at the Department of Homeland Security.
So clearly we need one centrally owned routing system under the watchful and benevolent eye of DHS, right? With help from advisors provided by Microsoft and Disney.
Decentralized routing is a feature, not a bug. And although the problems identified in the article are real enough, the implications of this kind of discussion always scare the hell out of me.
The correlation between ignorance of statistics and using "correlation is not causation" as an argument is close to 1.
From the article: "My fear is that innovation on the Internet would slow down if there's a need to go through a central authority," Poll says. "I see little appetite for that in the industry." --- Is there an argument against this (quote above)?
Turn on IP6, people. Duh.
This is ridiculous, I suspect this is FUD created to take control of the Internet. Routing tables are a feature of the Internet that are designed to ensure the Internet doesn't have a single point of failure. Hacked router?, connection hit by bomb?, satellite suffering from solar flares?... change a few routes and it's fixed. Security?... TLS. The moron even suggests that creating a central authority would make the Internet more secure!!! Imagine if you wanted to take out the Internet and it relied on a central authority, hmm, what would you attack, billions of Internet clients, millions of routers, or the one authority?
Or, as Arthur C. Clarke put it, "Any sufficiently advanced technology is indistinguishable from magic."
For it would deprive us of these terrible sensationalist articles. The InterWebz is doomed!
Mistakes will be made. And some people will lose their Internet connectivity (in some form or other) for a period of time.
During that time, the people who control the routers will be working to fix whatever problem happened and the idiots who caused the problem will either learn how to do it CORRECTLY or be fired. Although the executives who insisted on cutting the budget so that they couldn't hire people with the knowledge in the first place will still keep their bonuses and their jobs.
At work, our Internet connection is through Verizon. Within the past two months, we've had 1 day of no connection (and Verizon still denies that there was any problem) and a few days massive packet loss (and still there is no problem noticed by Verizon).
BGP works and works well. But it does require people with the knowledge of how to make it work.
With the FCC stymied in its attempts to regulate the internet, it's going to be basically an ISP fur ball. Layer general greed and self-interest of individual providers on top of load and routing problems, take away the regulators ability to maintain order and you have a recipe for disaster.
I got a bad feeling about this.
That's our life, the big wheel of shit. - The Fat Man, Blue Tango Salvage
if the government gets to "fix" the internet, i may just have to give up slashdot.
If you mod me down, I will become more powerful than you can imagine....
ya strength of what 20 years ago cold war still existed so technically if it all went down we could a been commutatively screwed.
nice work they upgrade the networks so well with capitalism working so great and all.
Route filtering. Trust me, if the 12 occasionally scattered folk I work with every day can manage block leaks of inappropriate routes within 15-60 minutes, so can everyone else, and they typically do...generally they're properly filtered to begin with. The open nature of the internet and diversity amongst transit carriers is precisely what contains these leaks to segmented populations rather than causing a massive nationwide failure. The fact that largely Internet standards have been left to technocratic, Balkanized organizations rather than via Congress is what keeps everyone playing nice. The "next one" may be "a big one", but anyone running a truly important network should and will have diverse carriers...anyone critical to the US infrastructure should and does generally run over dark fiber that would not be affected. Not seeing the call to action here, but I have very little faith in the media to actually competently understand and relate this one. HangingChad, exactly: "I got a bad feeling about this"
I've seen alternate routing protocols proposed wherein your traffic has to barter/haggle its way through the network at every hop, as some new troll demands a passage fee for a certain QOS.
These new methods look to me like they would create two issues:
1. Unpredictable permutations of complex, balkanized, and non-local routing strategies. Performance of the system as a whole would be unpredictable and possibly unstable.
2. It really is back to the old circuit-switching network of ma bell, on top of IP. A few nice low-latency end-to-end Concorde-like connections for those willing to fork over the dough, clogging up the routers so all the proletariat traffic suffers in a poverty of routes and bandwidth.
Deep Simplicity at the core of routing protocol is the only thing that will work at the scale of the Internet. Maybe a "voluntary-QOS-downgrade" flag on email packets etc, and a "pretty please low latency" flag on video packets, might work, but these should not have monetary contracts associated with them. They should just indirectly affect the end-consumer's bandwidth bill if anything.
Where are we going and why are we in a handbasket?
I wonder if something should be done to limit the deployment of straight Ethernet as opposed to OC-[0-9]+, ATM, Sonet, etc... for Tier-1 backbone traffic.
I don't have real numbers or statistics I can back up my claims with, but having experimented with implementing SONET and ethernet VLSI simulations, I'm convinced that SONET maintains a much more reliable connection and is able to recover from glitches MUCH quicker than Ethernet. Sure, we're talking about milliseconds, but over long distances, glitches must be common enough to allow these glitches to screw up UDP traffic on a massive scale.
On the other hand, maybe it's time for a new extension for Ethernet to be made which re-frames Ethernet packets for easy redundancy. So, basically an Ethernet wrapper which simply numbers the packets and passes it over two separate lines or over two different wavelengths in the same fiber. Then the receive discards the packets which come late. It obviously won't resolve bottleneck related packet loss, but it will help to resolve the issue of glitch related packet loss.
Things like trying to force proliferation of BGP (or similar) routing technologies on an international scale would simply be irresponsible. Though, I'd imagine that governments would love it as it would simplify line snooping substantially for them.
Can we please have a tag "moronswithnobasicunderstandingofthetechnologyproposestupidsolutions" ? The article is mostly fear-mongering and a a waste of time. Should we be looking at what every idiot on the planet thinks about something he doesn't understand?
If so, can I write something on how bad particle physics is, because there are always problems with the accelerators and they carry a lot of energy and can open black holes?
As on the BGP hijacks, etc. - there are BGPmon and a ton of other projects that track the internet. There are established ways to stop all leaks/hijacks within a hour or two, and there's the way of making the person responsible NOT do that again. Go read on NANOG or a similar list the discussions on the topic, they're far more useful.
True story: When I was a kid I once tried with some friends to build a motorized go-card out of an old moped and a pedal car. The thing was actually able to move quite quickly, and I'm still amazed that nobody got hurt before it was seized by the police. However, for some obscure reason, I'm not THAT amazed that regular cars made by professional motor vehicle manufacturers mostly work fine (cue toyota jokes here).
Where's BGPSEC when you need it?
now we need to go OSS in diesel cars
RADB had been around a long time and is a loose description of AS peers and AS routes in BGP. This describes which AS and IP ranges peer based on published IP database information (whois).
All carriers are meant to create their BGP filters from the RADB information, using standard tools, which then means that bogus route advertisements are filtered.
Unfortunately some peers get put on the net without going through the process and these become essentially "trusted" peers. The simple thing to do with these peers that then advertise bogus routes
is to tell them they're no longer trusted and force then to create proper RADB entries so we can control their routes.
As someone who's accidentally announced the entire Internet routing table to an ISP when setting up a dual-homed configuration, I can confirm that good upstream ISPs do BGP filtering. I was trying to troubleshoot what was going on, and the Tech on the other end was helpful enough to tell me that I was sending him the full route table. Fortunately they had filters in place to stop them from going out any further and impacting anything. But I had it clearly demonstrated to me how important filters are on both ends of the connections.
Violence is the answer.
'It amazes me every day when I get into work and find it's working.'"
Sounds like he is ready to start administrating an exchange server.
Having to work for a living is the root of all evil.
xkcd explained this a while ago. Basically, if the internet ever *stops* working, even for a few seconds, alarms go off and people panic and do anything necessary to get it working again immediately. It turns out this is actually a fairly reliable system.
Cut that out, or I will ship you to Norilsk in a box.
The author does seem to be sensationalizing a bit. Though one can zoom in and criticize the frailty of a given component of the system, the overall system is far less frail. This is analagous to me to hard drives in a sever room. If I have more hard drives (which is the case when distributing your data for resiliency purposes , ie. RAID), there's generally going to be more individual HD failures. However, there's less data loss. Systems that are designed to accommodate & recover from failures (such as the Internet) don't necessarily mean less failures, but hopefully mean less impact on the users of the system when a failure does occur.
BGPF. There, fixed that for you.
"It's as if a driver had to get from Philadelphia to Pittsburgh without a map, navigating solely by traffic signs he encountered along the way — but the signs weren't put up by a central authority. If a sign pointed in the wrong direction, that driver would get lost."
Such a bad analogy on so many levels. The driver (the traffic) is never really aware of the route they are taking. Ignoring this for a second, a slightly better analogy would be that the driver gets a updated map of the route at each city along the way. And these maps are almost always the same.
An even better analogy is the usual post office one - but that's not as useful for trying to spread panic in the interwebs
Violence is the answer.
XML is the answer