War Story: RPKI is Working as Intended
• 8 min read
Three weeks ago, Fastly was the target of a BGP hijack similar to a far more widely-reported incident that happened back in 2008. But this time, barely anyone noticed. Why is that?
Based in Amsterdam, Netherlands
Articles
Likes on articles
Job Snijders is an Internet Engineer at Fastly where he analyzes and architects global networks for future growth. Job has been actively involved in the Internet community in both operational, engineering, and architectural capacity, as a frequent presenter at network operator events such as NANOG, ITNOG, DKNOG, RIPE, NLNOG & APRICOT, and in a number of community projects for over 15 years. Job is co-chair of the IETF GROW & SSHM working groups, director of the Route Server Support Foundation, and developer for the OpenBSD project. Job's special interests are BGP routing policies, RPKI based routing security, and large Internet scale PKIX-RPKI & BGP deployments. Job helps maintain several software projects such as rpki-client, StayRTR, & bgpq4, and is active in the IETF where he have coauthored and contributed to numerous Internet-Drafts and RFCs. Job has experience with the implementation and operation of RPKI Certificate Authorities, Publication Servers, and Relying Parties.
Website: https://sobornost.net/~job
• 2 min read
How can you quickly figure out if a network you are using is dropping invalid Resource Public Key Infrastructure (RPKI) BGP announcements? You can do so by opening up a browser and visiting our RPKI test web page.
• 8 min read
Thanks to the RIPE NCC Community Project Fund we were able to revive the OpenBGPD daemon and bring more diversity to the Route Server landscape.
• 23 min read
Are settlement free interconnection agreements at scale, or otherwise, really a secret? They can be. This article provides a peep hole into the world of codified private interconnections. Did you learn something? Let us know.
• 4 min read
This article describes the BGP Large Communities Playground, and encourages people to utilise automated regression testing and compliance checking when developing new protocol features.
• 11 min read
Large BGP Communities are an addition to BGP that solves a communication problem between networks that want to use 32-bit AS Numbers. We measured how Large BGP Communities behave "in the wild" and if they create any problems.
Showing 5 article(s)
You mention fantastic open source projects, I’ve worked with all of them and even contributed code to some. But note that not all of them have the functionality required to operate as a route server, or a need for external funding. The fact that numerous IXPs (DE-CIX, Netnod, AMS-IX, BCIX, LONAP, Asteroid, Namex, University of Oslo) helped fund this project together with the RIPE NCC community fund shows that the market disagrees with your sentiment. Clearly a number of people saw a need for this software!
“I'm a bit confused. Bert Hubert, shareholder of Open-Xchange, the parent company of PowerDNS is fed up with PowerDNS behavior around EDNS workarounds removal. Why is this not solved within Open-Xchange?”
I think you may misunderstand. Bert, PowerDNS, and various other Open Source projects are fed up with having to maintain workarounds for some poorly constructed EDNS implementations. As a result, this is being resolved, by removing those workarounds: https://blog.powerdns.com/2018/03/22/removing-edns-workarounds/
Showing 2 comment(s)