Forgot your password?
typodupeerror
Networking The Internet Technology

The Status of Routing Reform — How Fragile is the Internet? 139

Posted by timothy
from the hopefully-comcast-is-not-the-standard-bearer dept.
crimeandpunishment points out the Associated Press's look (as carried by SkunkPost) "at an issue the government has been aware of for more than 20 years, but still isn't fixed and continues to cause Internet outages: a flaw in the routing system that sends data from carrier to carrier. Most outages are innocent and fixed quickly, but there's growing concern the next one could be devastating. A general manager at Renesys Corporation, which tracks the performance of Internet data routes, says, 'It amazes me every day when I get into work and find it's working.'"
This discussion has been archived. No new comments can be posted.

The Status of Routing Reform — How Fragile is the Internet?

Comments Filter:
  • by gandhi_2 (1108023) on Sunday May 09, 2010 @10:59PM (#32151330) Homepage

    ...i'm glad I decided to wait for internets2 before i get online.

    [posted via FIDOnet]

    • Better still, wait for Internet 2.1 - we all know x.0 releases just aren't up to snuff.
  • It is fragile (Score:5, Insightful)

    by mysidia (191772) on Sunday May 09, 2010 @11:04PM (#32151354)

    Kind of. However, it has also always been this way, and it has survived so far. All that has really changed is the number of players has increased, and the size of the routing tables are increasing.

    It has to work, so a lot of people should notice very quickly if something large goes wrong.

    It also cannot very easily be fixed, as many players would have to spend a lot of money for it to change, and there is little financial incentive to chase that ghost.

    And you thought IPv6 or DNSSEC adoption was taking a long time... imagine how many decades it would take for SBGP adoption?

    • This sort of thing always works the same way. Something works well, really well (considering just how many things it's connecting), because of a lack of government control.

      So they invite a problem, something that everyone knows isn't a problem at all, but the only solution is total submission to government control.

      Democrats will, obviously, not stop this. Heck, I'd be amazed if republicans would stop it, but at least they'd be somewhat more restrained.

    • by ginbot462 (626023)

      Yea ... it's Hyperbole Headline Monday from slashdot!!!

      (Day extends to tues-sun as well).

    • by mysidia (191772)

      Speaking of the internet... civilized society as we know it is pretty fragile too. One volcanic eruption, or one really big earthquake, tsunami, or meteor strike -- pretty minor common events in the cosmic scale, and suddenly we've stopped all travel, everyone's hiding under a table, running, or civilization as we know it is over.

      P.S. The internet may be a very large, fragile sculpture, in an area where earthquakes sometimes happen, but if so, there is a large army of trained monkeys, each one watching

      • by EdIII (1114411)

        but if so, there is a large army of trained monkeys, each one watching their own piece very carefully.

        If anything should happen, they have bottle of superglue, duct tape, and welding equipment, all in hand, and are willing to help their friends mend their piece, if the big one ever hits.

        I have never heard the various IT departments responsible for keeping everything going referred to like that.

        You are wrong about one little thing. They are not so willing to help friends mend their pieces. Most of the tim

  • Not a problem (Score:5, Insightful)

    by Anonymous Coward on Sunday May 09, 2010 @11:08PM (#32151370)

    First of all, the US federal government shouldn't have the power to do this even in America, and it definitely doesn't have the power to enforce this in the rest of the world.

    Secondly, no sane ISP will forward BGP data.

    This limits the problem to people with access to core internet routers. Companies that own these routers should only give access to extremely trustworthy people, and even then, they should still only need to access the server when there's a legitimate change. The issue then lies with accidents, which will always happen, no matter what you do, and corruptness. Corrupt ISPs should be removed from the network as soon as they are found to be corrupt.

    • Re: (Score:2, Insightful)

      I agree completely. Why does it have to be the governments job to fix everything. Personally I think we are all a lot better off if they have nothing to do with it.
      • Re:Not a problem (Score:5, Insightful)

        by KahabutDieDrake (1515139) on Monday May 10, 2010 @02:03AM (#32152086)
        Yeah, I wish the government would have never even gotten involved. The internet was so much better before those bastards stuck their dirty fingers in there. :stare:
      • by Alcemenes (460409)

        Society has been conditioned to think the government needs to take care of everything. We become more of a nanny state with each passing day because a select few refuse to accept responsibility for their actions. These same people want the government to protect us from ourselves for our own good. Bad people will do bad things, that's a fact of life. Hell, good people do bad things sometimes too. Oh well, my opinion matters not. Give them a few years and they will turn the Internet into another over-re

        • by drkim (1559875)
          Right on...

          I just pray that the government doesn't start getting involved with Medicare and start screwing that up.
    • umm...Comcast. They need to be nuked.

    • I wonder if something should be done to limit the deployment of straight Ethernet as opposed to OC-[0-9]+, ATM, Sonet, etc... for Tier-1 backbone traffic.

      I don't have real numbers or statistics I can back up my claims with, but having experimented with implementing SONET and ethernet VLSI simulations, I'm convinced that SONET maintains a much more reliable connection and is able to recover from glitches MUCH quicker than Ethernet. Sure, we're talking about milliseconds, but over long distances, glitches mus
    • by alfredos (1694270)

      Completely agreed. I don't understand why any government is quoted at all. The issue, if it exists, is more a technological one than any other thing. Definately (and thankfully) no politicians are or should be involved.

      The current system has shown not only its outstanding scalability and reliability, but also its usefulness to filter out bad guys when they come in large chunks (which they do - look at the McColo incident for a dramatic example.)

      My conclusion is that we're looking for problems to fix, of w

    • by samson13 (1311981)

      Secondly, no sane ISP will forward BGP data.

      What? That's what the ISP is payed for. If they don't advertise the routes we give them then they won't receive the traffic we want them to forward to us. If they don't forward their BGP routes from the rest of the Internet how do we know what they can reach (hopefully everything but probably nothing if they don't forward BGP)?

      Hopefully they are being reasonably careful with their filtering but there is not an awful lot they can do. Hopefully they make sure that we only advertise our routes against our AS n

  • Two words.. (Score:3, Informative)

    by Anonymous Coward on Sunday May 09, 2010 @11:09PM (#32151380)

    BGP Filtering. There, fixed that for you.

    • by RichiH (749257)

      Tier 1 & 2 ISPs tend not to filter between themselves because they have no way of verifying everything. A notable exception is address space assigned by RIPE as you have actually useful route objects, there. With those, anyone can filter root AS for any given prefix. But those are origin-specific filters without path verification. I could still claim that AS X is behind me and either drop your traffic or sniff it. The latter is more complicated, granted. Toss in a few more specific routes and sloppy fil

  • by schwit1 (797399) on Sunday May 09, 2010 @11:17PM (#32151424)
    Better make sure your phone system is not on the same network or any affected.

    "In the meantime, network administrators deal with hijacking an old-fashioned way: calling their counterparts close to where the hijacking is happening to get them to manually change data routes. Because e-mails may not arrive if a route has been hijacked, the phone is a more reliable option, says Tom Daly, chief technical officer of Dynamic Network Services Inc., which provides Web hosting and other Internet services."

  • Last week we were running out of IPv4 and now it's BGP hijacking and next week who knows. The sky will not be falling and the Internet(s) is not going to die. I actually read the whole article and omg Pentagon's Defense Advanced Research Projects Agencys Peiter Zatko claims he can take the Internet(s) down in a few hours. I say BS.

    This "hijacking" happens all the time, people immediately see it and fix it and nobody notices.
  • Route filtering (Score:5, Informative)

    by Anonymous Coward on Sunday May 09, 2010 @11:32PM (#32151504)

    Route filtering, USE IT!
    Especially when peering with Pakistani/Chinese/etc ISPs.
    This is why RIRs such as RIPE/ARIN/APNIC have their information publicly available.
    So you know which addresses belong to who.
    Only accept routes from your BGP peers that you know belong to them.
    This also (in addition to hijack prevention) prevents a clueless NOC monkey from another autonomous system from messing up your whole network by announcing a default route.

    • For it would deprive us of these terrible sensationalist articles. The InterWebz is doomed!

      Mistakes will be made. And some people will lose their Internet connectivity (in some form or other) for a period of time.

      During that time, the people who control the routers will be working to fix whatever problem happened and the idiots who caused the problem will either learn how to do it CORRECTLY or be fired. Although the executives who insisted on cutting the budget so that they couldn't hire people with the kno

    • Re: (Score:3, Interesting)

      by sych (526355)

      What about ISPs whose customers bring their own portable IP address space along with them, and then multi-home? (i.e. have two or more ISPs, and request BGP peering with both?)

      The directly-connected ISPs can do their checks to make sure that their customer owns that IP address and adjust their filters accordingly... but anybody else with BGP peering to these ISPs (i.e. other ISPs) can only hope and pray that their peers are doing the right thing. Blind faith might not be good enough.

      As I understand it, SBGP [cisco.com]

    • by alfredos (1694270)

      This also (in addition to hijack prevention) prevents a clueless NOC monkey from another autonomous system from messing up your whole network by announcing a default route.

      If you have a full table, or even half of it, even if you allow default routes being accepted, no harm will be done. More specific networks win over less specific, and the default is the least specific of all.

      Accepting a default route can even be an elegant way of doing things in certain scenarios, for example for small but multihomed stubs.

    • by inKubus (199753)

      Use Route Views [routeviews.org].

    • by BitZtream (692029)

      So I peer with Sprint, and Time Warner. I accept their address space ... how exactly do you expect me to communicate with places outside of the US or large portions of the US?

      What you're proposing simply isn't the way it works and thank god as it would be nearly impossible to get anywhere that you don't directly peer with otherwise.

      On the flip side, how does someone like Cox Cable ever communicate with me since I don't directly peer with them? How about someone on Telia in Europe?

      Thanks for your ignorant

  • The only reason a Major ISP hasn't had a full, network wide outage is simply a lack of desire on the part of the people that would be capable of doing such a thing. In fact, many ISPs do have network wide outages fairly regularly but are able to keep it hidden. Most customers think it was local to them. What makes networks so week? The same thing that caused the oil spill in the gulf. It costs to much to do things correctly. And what are the chances anything bad will happen... right?
  • by mysidia (191772) on Sunday May 09, 2010 @11:55PM (#32151622)

    What?! Anyone can edit it?! Really???

    'It amazes me every day when I get into work and find the Wikipedia front page has not been blanked or filled with goatse porn.'

    • by AndrewNeo (979708)

      Well, Wikipedia's front page is protected.

      • by mysidia (191772)

        Yes, but it's only protected against non-sysop Wikipedians. And there is a very massive number of sysops, some who are trustworthy and some who are questionable.

        Much like BGP is only protected against non-ISP router operators/networks.

        In both cases, there is a big giant morass (lots of organizations speak BGP), but for most users, there is no unfettered access.

  • by Daniel Dvorkin (106857) * on Monday May 10, 2010 @12:00AM (#32151654) Homepage Journal

    From TFA:

    "It's kind of everybody's problem, because it impacts the stability of the Internet, but at the same time it's nobody's problem because nobody owns it," says Doug Maughan, who deals with the issue at the Department of Homeland Security.

    So clearly we need one centrally owned routing system under the watchful and benevolent eye of DHS, right? With help from advisors provided by Microsoft and Disney.

    Decentralized routing is a feature, not a bug. And although the problems identified in the article are real enough, the implications of this kind of discussion always scare the hell out of me.

    • by dalagra (1807876) on Monday May 10, 2010 @12:15AM (#32151726)

      Decentralized routing is a feature, not a bug. And although the problems identified in the article are real enough, the implications of this kind of discussion always scare the hell out of me.

      While agreeing with you, I would go a step further and suggest that the bugs of decentralized systems are often more palatable than the the features of centralized systems. (this is of course considering the context of this article -- the internet)

      • by alfredos (1694270)

        bugs of decentralized systems are often more palatable than the the features of centralized systems. (this is of course considering the context of this article -- the internet)

        You can get to the general law easily from there - things that are wrong, ill or plain bad news run faster and are more eagerly consumed than things that go right, well or are good news. This summary (and /. news in general) is no exception.

    • Wasn’t decentralization the whole point of the Internet? You know, because centralization would offer a SINGLE POINT OF FAILURE?

    • by inKubus (199753)

      Right. The issue is that people don't get it. There is no "THE INTERNET". It's just a name to describe the phenomenon of various people who own networks making agreements to

      A. make connections between the networks
      B. share traffic traversing the networks

      It must amaze the Government bureaucrats that something without a command and control structure works so well.

      The bottom line is that it works well because it's a free market of connections; as a network owner, you are free to connect to other networks at

      • by inKubus (199753)

        In fact, and I'm just going to continue this a little, the BGP space should be opened to MORE people, not less. Why shouldn't I help my neighbor with a 56K modem out with his traffic when I have extra bandwidth available? This is the conversation that should be happening, and the reason P2P stuff exists. People want to share, they want to trade on a free market. The hierarchial telcom structure does not enable that.

  • by dalagra (1807876) on Monday May 10, 2010 @12:05AM (#32151676)
    From the article: "My fear is that innovation on the Internet would slow down if there's a need to go through a central authority," Poll says. "I see little appetite for that in the industry." --- Is there an argument against this (quote above)?
  • Feature not a bug (Score:4, Insightful)

    by Anonymous Coward on Monday May 10, 2010 @12:18AM (#32151738)

    This is ridiculous, I suspect this is FUD created to take control of the Internet. Routing tables are a feature of the Internet that are designed to ensure the Internet doesn't have a single point of failure. Hacked router?, connection hit by bomb?, satellite suffering from solar flares?... change a few routes and it's fixed. Security?... TLS. The moron even suggests that creating a central authority would make the Internet more secure!!! Imagine if you wanted to take out the Internet and it relied on a central authority, hmm, what would you attack, billions of Internet clients, millions of routers, or the one authority?

    • by alfredos (1694270)

      This is ridiculous, I suspect this is FUD created to take control of the Internet

      Or, rather less dramatically, just to promote a new beta site (from TFA) that quotes an article written by some clueless guy at AP...

  • by ChipMonk (711367) on Monday May 10, 2010 @12:22AM (#32151756) Journal

    'It amazes me every day when I get into work and find it's working.'

    Or, as Arthur C. Clarke put it, "Any sufficiently advanced technology is indistinguishable from magic."

    • "If it's distinguishable from magic, it's not advanced enough."

      "Any sufficiently analyzed magic is indistinguishable from science"

  • With the FCC stymied in its attempts to regulate the internet, it's going to be basically an ISP fur ball. Layer general greed and self-interest of individual providers on top of load and routing problems, take away the regulators ability to maintain order and you have a recipe for disaster.

    I got a bad feeling about this.

    • by butlerm (3112)

      take away the regulators ability to maintain order and you have a recipe for disaster

      No one has taken away the regulators ability to maintain order. The FCC decided several years ago they didn't want it. Now they want it back. No problem, all they have to do is apply the right law ("Title II" of the 1934 Communications Act as amended). No one is stopping them except themselves.

  • man, i sure am tired all government attempts at fixing things. Iraq, the economy, health care, privacy.

    if the government gets to "fix" the internet, i may just have to give up slashdot.

  • Route filtering. Trust me, if the 12 occasionally scattered folk I work with every day can manage block leaks of inappropriate routes within 15-60 minutes, so can everyone else, and they typically do...generally they're properly filtered to begin with. The open nature of the internet and diversity amongst transit carriers is precisely what contains these leaks to segmented populations rather than causing a massive nationwide failure. The fact that largely Internet standards have been left to technocratic, B
  • by presidenteloco (659168) on Monday May 10, 2010 @01:47AM (#32152026)

    I've seen alternate routing protocols proposed wherein your traffic has to barter/haggle its way through the network at every hop, as some new troll demands a passage fee for a certain QOS.

    These new methods look to me like they would create two issues:
    1. Unpredictable permutations of complex, balkanized, and non-local routing strategies. Performance of the system as a whole would be unpredictable and possibly unstable.

    2. It really is back to the old circuit-switching network of ma bell, on top of IP. A few nice low-latency end-to-end Concorde-like connections for those willing to fork over the dough, clogging up the routers so all the proletariat traffic suffers in a poverty of routes and bandwidth.

    Deep Simplicity at the core of routing protocol is the only thing that will work at the scale of the Internet. Maybe a "voluntary-QOS-downgrade" flag on email packets etc, and a "pretty please low latency" flag on video packets, might work, but these should not have monetary contracts associated with them. They should just indirectly affect the end-consumer's bandwidth bill if anything.

    • They should just indirectly affect the end-consumer's bandwidth bill if anything.

      That would be one large roadblock--possibly the largest--to implementing any wholesale changes to the whole scheme; if transport costs go up, invariably part of that cost is sent down to the consumer, which would at least lead to vicious consumer backlash (at most, a race to see who can dicker down those costs best, which could lead to subscribers hopping like mad from ISP to ISP). In any case, revenue to some degree gets impacted, and over an issue that the VAST majority of end-users know nothing about. Y

      • It has happened in the past, it's just not a big enough deal that people hear about it.
        I think it was iran which tried to block youtube in their country and accidentally routed the whole world to their network which then melted.
        and some guy years ago who told the whole net he had the best route to everywhere.

  • Can we please have a tag "moronswithnobasicunderstandingofthetechnologyproposestupidsolutions" ? The article is mostly fear-mongering and a a waste of time. Should we be looking at what every idiot on the planet thinks about something he doesn't understand?

    If so, can I write something on how bad particle physics is, because there are always problems with the accelerators and they carry a lot of energy and can open black holes?

    As on the BGP hijacks, etc. - there are BGPmon and a ton of other projects that tr

  • by Skapare (16644)

    Where's BGPSEC when you need it?

  • As someone who's accidentally announced the entire Internet routing table to an ISP when setting up a dual-homed configuration, I can confirm that good upstream ISPs do BGP filtering. I was trying to troubleshoot what was going on, and the Tech on the other end was helpful enough to tell me that I was sending him the full route table. Fortunately they had filters in place to stop them from going out any further and impacting anything. But I had it clearly demonstrated to me how important filters are on b

  • 'It amazes me every day when I get into work and find it's working.'"

    Sounds like he is ready to start administrating an exchange server.

  • xkcd explained this a while ago. [xkcd.com] Basically, if the internet ever *stops* working, even for a few seconds, alarms go off and people panic and do anything necessary to get it working again immediately. It turns out this is actually a fairly reliable system.
  • The author does seem to be sensationalizing a bit. Though one can zoom in and criticize the frailty of a given component of the system, the overall system is far less frail. This is analagous to me to hard drives in a sever room. If I have more hard drives (which is the case when distributing your data for resiliency purposes , ie. RAID), there's generally going to be more individual HD failures. However, there's less data loss. Systems that are designed to accommodate & recover from failures (such as t
  • "It's as if a driver had to get from Philadelphia to Pittsburgh without a map, navigating solely by traffic signs he encountered along the way — but the signs weren't put up by a central authority. If a sign pointed in the wrong direction, that driver would get lost."
    Such a bad analogy on so many levels. The driver (the traffic) is never really aware of the route they are taking. Ignoring this for a second, a slightly better analogy would be that the driver gets a updated map of the route at each cit

Never trust a computer you can't repair yourself.

Working...