Internet Routing, Looming Disaster?

wiredmikey writes "The Internet's leading architects have considered the rapid growth and fragmentation of core routing tables one of the most significant threats to the long-term stability and scalability of the Internet. In April 2010, about 15% of the world's Internet traffic was hijacked by a set of servers owned by China Telecom. In the technical world, this is typically called a prefix hijack, and it happened due to a couple of wrong tweaks made at China Telecom. Whether this was intentional or not is unknown, but such routing accidents are all too common online. While BGP is the de-facto protocol for inter-domain routing on the Internet, actual routing occurs without checking whether the originator of the route is authorized to do so. The global routing system itself is made up of autonomous systems (AS) which are simply loosely interconnected routing domains. Each autonomous system decides, unilaterally, and even arbitrarily, to trust everything it hears from any other AS, to use that information without validation, and to further transmit that information to its other peers..."

...news?

[phyrexianshaw.ca]

And this is news because?

This is how the BGP internet functions. the last proposed solution was to centralize the BGP trust tables, which is likely a WORSE solution.

if you can't trust your peers: go work in another kitchen.

Re:...news?

[wiredmikey]

It's not so much news as it is insight. If you're an experienced network expert it may not be surprising, but too many people in the tech world still don't have a clue on some of the challenges, dangers, problems that are happening currently and that we face moving forward with the overall internet infrastructure.

15%

[vxice]

before we throw this number around anymore, does anyone know approx. how much internet traffic normally goes through China? is the 15% number 15% more than normal, and additional 15%. a baseline is an incredibly important thing.

Imminent death of Internet predicted...

[EriktheGreen]

It's always amusing when a new pundit discovers exactly how the Internet actually works.

Until they gain enough technical knowledge to be dangerous, they assume that the Internet is just as Hollywood portrays... A rock-solid utility run by the Government that only PhDs and arcanely skilled teenage geniuses can control or understand.

Then they discover just how "fragile" it is, and start telling the people who've been making it work all along that they need to straighten up and fly right, or else a major disaster is going to happen. Good thing they told us.

It's sad that they can't just say "Oh, I guess I didn't understand.". Instead they have to "take charge" of things because otherwise they'd have to accept their own irrelevance, or even (gasp) accept that despite their new-found expertise, they *still* don't really understand.

So straighten up, Cisco... it's obvious to this guy you don't know what you're doing. Fix that BGP thing and do it NOW, you hear him?

Re:...news?

[vlm]

challenges, dangers, problems that are happening currently

Its FUD not insight. Those problems were solved years / decades ago.

The fact that the folks at the far left tail of the cluefullness bell curve will always find a way to shoot themselves in their feet, is not exactly an insight into this business or even generally into human nature.

FUDs usually used to gain control or make money not educate.

Re:Authentication

[bhcompy]

Overhead. What might take a few milliseconds now takes a few more milliseconds. Not a problem on your little Belkin router, but when you're routing thousands of packets a second, it adds up. You can be sure there are many interests non-technical in nature that would be against raising their latency, even by milliseconds. Particularly, Wall Street.

Re:15%

[Unequivocal]

From what I've read so far on this, the 15% number is a red herring. The real problem was that China was able to route traffic for domains/networks which it had nothing to do with including dell.com and some US DoD networks. Volume wasn't the main issue (though surely it was causing problems in terms of latency and throughput) -- the main issue was that China was seeing packets that it shouldn't have.

Now we all know that no one routes traffic over the public internet that it doesn't assume bad actors will see. Right?

Re:Oh, bullshit...

[vuke69]

In a nutshell, that's pretty much the problem and the solution.

Tier 1 providers pretty much have no choice but to accept any update from other Tier 1s because they could each legitimately have routes to pretty much any network. It is also each of their responsibilities to make sure they don't get any bunk routes from downstream. One weak link, the chain breaks and, and everyone suffers. Obviously you wouldn't (shouldn't) be accepting a zero bit mask route from anyone; but besides the basic idiot proofing, you have to put a lot of faith in your peers, and their ability/diligence.