The Infrastructure Mess Causing Countless Internet Outages (wired.com) 64
Border Gateway Protocol has served the internet well for decades. But when it goes wrong, you notice it. From a report: In a weeks-long stretch in 2014, hackers stole thousands of dollars a day in cryptocurrency from owners. In 2017, internet outages cropped up around the United States for hours. Last year, Google Cloud suffered hours of disruptions. Earlier this month, a large swath of European mobile data was rerouted through the state-backed China Telecom. And on Monday, websites and services around the world -- including the internet infrastructure firm Cloudflare -- experienced hours of outages. These incidents may sound different, but they actually all resulted from problems -- some accidental, some malicious -- with a fundamental internet routing system called the Border Gateway Protocol. The web is distributed, but it's also interconnected. It needs to be so that data can move around worldwide without all being controlled by a single entity. So every time you load a website or send an email, BGP is the system responsible for optimizing the route that data takes across these sprawling, intertwined networks. And when it goes wrong, the whole internet feels it.
Originally conceived in 1989 (on two napkins), the version of BGP used today remains largely unchanged since 1994. And though BGP has scaled surprisingly well, there's no denying that the internet is very different than it was 25 years ago. In fact, the way BGP was designed introduces risk of outages, manipulations, and data interception -- all of which have come to pass. The internet's backbone routers -- massive industrial nodes usually run by internet service providers, not the Linksys at your house -- each control a set of IP addresses and routes. ISPs and other large organizations use BGP to announce these routes to the world and calculate paths. Think of it like planning a cross-country drive: You need to know the different route options in each area, so you can stop at all the right corn mazes and the world's largest rocking chair without adding too much extra driving each day. But if your GPS is outdated, you could wind up at a dead end or on a new road that totally bypasses the salt flats.
Originally conceived in 1989 (on two napkins), the version of BGP used today remains largely unchanged since 1994. And though BGP has scaled surprisingly well, there's no denying that the internet is very different than it was 25 years ago. In fact, the way BGP was designed introduces risk of outages, manipulations, and data interception -- all of which have come to pass. The internet's backbone routers -- massive industrial nodes usually run by internet service providers, not the Linksys at your house -- each control a set of IP addresses and routes. ISPs and other large organizations use BGP to announce these routes to the world and calculate paths. Think of it like planning a cross-country drive: You need to know the different route options in each area, so you can stop at all the right corn mazes and the world's largest rocking chair without adding too much extra driving each day. But if your GPS is outdated, you could wind up at a dead end or on a new road that totally bypasses the salt flats.
That's an assumption (Score:3)
Re: (Score:2)
+1 Funny/Insightful/Informative.
Thank you sir.
There are alternatives... (Score:3)
The Internet should be distributed, that is the entire point of it. The problem that comes with distributed architectures is that they are prone to stagnation. Getting everyone to upgrade is difficult, unless incentives are right. With the various BGP "fixes" that have been proposed in the past these incentives have mostly not been sufficient to move people to deploy them (e.g., BGPSec).
On the other hand, there are clean slate designs like SCION [scion-architecture.net] that solve the problems that BGP has by radically changing the
Re: (Score:2)
(Disclaimer: I know nothing about SCION.)
One hopes that the SCION approach includes a requirement that makes it possible to more easily introduce a new core routing protocol towards the future time when SCION needs to be replaced.
Re: (Score:2)
The Internet should be distributed, that is the entire point of it. The problem that comes with distributed architectures is that they are prone to stagnation.
Getting everyone to upgrade is difficult, unless incentives are right. With the various BGP "fixes" that have been proposed in the past these incentives have mostly not been sufficient to move people to deploy them (e.g., BGPSec).
Just love the logic. Yes extension to do x, y and z exists but adoption is not "good enough" so lets invent an entirely different system and have everyone adopt that instead.
In the long run we will need a clean slate, not a pile of fixes built on top of a fundamentally unscalable, insecure BGP.
Within routing systems crossing administrative domains the primary source of trust is formed from knowing thy neighbor.
Issues with outages and routing problems making headlines is primarily lack of constraints, competence and planning not bad actors exploiting missing security features.
I know some people want a central authority to man
Re: (Score:2)
Personally I believe if you really want to know what doesn't scale its the very concept of a master ring / planet scale trust anchor.
That actually scales quite well... to wit, DNSSec. Where it breaks down is when the central authority or high level delegates start to become corrupt... in the good old-world sense of the word. This can be outright corruption, or a good-intention-paved-road-to-hell situation where enough of the population is being denied participation that alternative systems are sought out.
Re: (Score:2)
That actually scales quite well... to wit, DNSSec. Where it breaks down is when the central authority or high level delegates start to become corrupt... in the good old-world sense of the word. This can be outright corruption, or a good-intention-paved-road-to-hell situation where enough of the population is being denied participation that alternative systems are sought out.
Yes not about scaling of technology rather political scaling of responsibility.
The real test is what happens when things of high value are being protected and rewards for circumvention and or internal corruption are high.
DNSSec is used by nobody and so monetary reward for compromise is essentially $0.
This is not true of the worlds Internet routing infrastructure or trust anchors for E2E security embedded in browsers. What doesn't scale is the aggregation of power itself that these systems represent.
Dumbing down of slashdot? (Score:4, Interesting)
Basic knowledge of BGP operation was (as far as I recall) pretty common among network/technically-inclined, esp. among the /. audience, back in the day. I don't care if that makes me sound ancient - but wtf happened? Why do /. articles need to come up with silly "linksys" remarks and really poor "GPS and car" analogies to explain these core concepts now?
Re: (Score:2)
Because it's not a /. article.
It's a wired article. Which is geared towards idiots.
Re:Dumbing down of slashdot? (Score:5, Insightful)
But I love the quote at the end of the article:
That is very apt
Re:Dumbing down of slashdot? (Score:5, Funny)
But I love the quote at the end of the article:
That is very apt
Both are operated by men who haven't bathed or touched women in months, led by rich guys who mostly got there due to money but some through ability, and really run by a salty old-timer who knows what the books says and then what actually works?
Re: (Score:2)
That this comment got downvoted instead of upvoted shows why that quote from the wired article was in the original post up the top there, slashdotters used to have a sense of humor about themselves and this sort of thing
The downvote probably came from somebody without a sense of humor who got upset from the first part. I think they need to just up the rum ration in their grog.
Re: (Score:1)
The internet is more like a raft made of thousands of rubber boats posing as an 18th century Royal Navy frigate, but I guess the rest applies.
Anyway, I don't like that this is framed as a weakness. The internet is flexible. It works. Attempts to institute cryptographic signing of routes would make it much more rigid and brittle. Accidents and successful routing attacks are few and far between. They do not justify a fundamental change like route signatures. This scare tactic is meant to create a central auth
Re:Dumbing down of slashdot? (Score:4, Interesting)
The basic problem of creating a robust distributed trust community has received way too little attention from the geek-public. I mean, there's the PKI, and then there's blockchain. The former isn't really that distributed, and we bitch about it but are powerless to change. The latter we turned into just another personal enrichment scheme which then mushroomed into a huge waste of energy and equipment running a giant mess of different algorithms with sparse security proofs to back them up. Oh yeah, and then there's karma on various social websites, which is easily gamed.
The root of the issue: the people trying to subvert the system will always have greater incentive than people running a competent and honest system, because nobody wants to pay for the system so the rewards for doing that legwork are comparatively small. Crypto currency shows this most obviously: here moreso than any other system there are actual rewards for any participant, but note how many, instead of just mining, decided to create yet another ICO instead. (sidenote: it's a completely environmentally/socially irresponsible endeavor IMO.)
By contrast the PKI is run by fiat, with lazy sloths of CAs at the top of it raking in rewards for doing an inadequate job actually validating identities, and up until the point where their root gets p0wned they can get away with whatever they want because they are the only ones to turn to. So its compromise is built into it by design. The best you can say about it is there's some level of competition between CAs that helps keep them on their toes. Sadly it leaves the actual power to decide winners and losers in the hands of a few technocrats, and there's very little to prevent cartel-like behavior. One major OS or browser CA store administrator could independently decide to kick out a sleazy CA, but that's just as likely to backfire on that store administrator than actually damage that CA... and it could just as easily be a sleazy CA store administrator extorting an honest CA. So most such moves have to be done by consensus and therefore necessitate collaboration. Necessitating collaboration is fine when everyone gets to collaborate, but that's not the case here... its an ivory tower.
Re: (Score:1)
Re: (Score:2)
So far, that has worked (to the extent that it has). But this is not a distributed trust model, it's a hierarchal trust model. When the centralized authority or any of the major delegates becomes politically compromised... not necessarily corrupt, but subject to making reasonably disputable decisions based on external pressures, it falls apart and people seek alternatives (usually, even less secure ones manage to get a foot in the door this way since it is done in a rush.)
Re: (Score:2)
Re: (Score:2)
Amen
Re: (Score:2)
That was back during the small-to-mid-size ISP boom, when knowing BGP might actually get you a job. These days only a very few individuals need to know anything about it... there are a lot less tech positions where it matters at all. If you do need to know it even exists, 9/10 times you're just multi-homing a couple sites and at most you need to figure out how to send a community advertisement and adjust your prefix appending... then you go waste more time than you probably should on your interior protoco
Re: (Score:3)
Basic knowledge of BGP operation was (as far as I recall) pretty common among network/technically-inclined, esp. among the /. audience, back in the day. I don't care if that makes me sound ancient - but wtf happened? Why do /. articles need to come up with silly "linksys" remarks and really poor "GPS and car" analogies to explain these core concepts now?
Because not all nerds are technically inclined? Personally, I know enough about tech to know what (or how much, which is a lot) I don't know about it, but am at least well versed and smart enough to research and look up basic tech problems I may have and get by. I'm more the kind of nerd that considers textbook-style monographs on WWI or WWII as "light pleasure reading"(you know you are a nerd when one of your preferred authors is cited in one of your college textbooks).
So please, continue with the car an
Re: (Score:2)
Slashdot has always been for the broad category of "nerd", not just computing and network types. And given that slashdot has also always presented the news from linked stories, the level of technical detail has always depended on who happens to be writing about what. Feel free to submit a more technical version of the story if one exists, or link it in your comment.
Nothing has really changed that much other than the tech reporting sphere is much larger than it used to be.
Re: (Score:2)
Slashdot is a news aggregator. Rather than complaining about the quality of language your complaint is better targeted at whoever just wholesale copied 2 paragraphs from an article into the submission box without bothering to customise any of it for this target audience.
on TWO napkins no less! (Score:1)
Two napkins provide some redundancy.
Imagine how much more brittle it would have been if it had been conceived on only one napkin.
Outgrown two napkin design (Score:3)
Re: (Score:1)
So are they saying it's time to add a third napkin?
No. They're saying it's much too complicated. It should have been designed on only one napkin.
Re:Outgrown two napkin design (Score:5, Funny)
Re: (Score:2)
Internet has lost The Way (Score:2)
So are they saying it's time to add a third napkin?
I think the problem must be that we have strayed from the intent of the Two Napkins, and all of the outages are divine punishment for not hewing strictly to their teachings.
Re: (Score:2)
F*ck it - we’re going to five napkins.
"Think of it like planning a cross-country drive" (Score:2)
But I thought it was a series of tubes...
Re: (Score:2)
YouTube, FaceTube, PornTube, it really is a series of tubes.
Re: (Score:3)
As an aside "But if your GPS is outdated, you could wind up at a dead end or on a new road that totally bypasses the salt flats." is utter BS. GPS has not changed since it was invented. There is no such thing as "outdated GPS". Your Position within the space bounded by the GPS constellation has nothing whatsoever to do with navigation.
While your statement is factually true, it misses the point that for most people the noun "GPS" refers to the in-car navigation system that uses the GPS for positioning and has access to maps for navigation (either stored locally or on a network). Trying to enforce purity of terminology in this context is as pointless as pointing out that Xerox, Kleenex, and Formica refer only to certain brands of a type of product and not to the entire product class. Even people like myself who know better find themselve
Re: (Score:1)
Re: (Score:3)
Calling it Border Gateway Protocol only serves to propagate misinformation about what it is actually doing.
You don't know what you're talking about. BGP was originally designed to be used between the borders of two administratively independent networks. On the Border Routers.
That means that the Border Gateway Protocol was named appropriately.
Problem identified (Score:1)
One napkin too past the sweet-spot.
Seriously, with this kind of disregard for established principles, I wouldn't be surprised if design_meeting_attendees >= 3 !
Re: (Score:3)
For instance, all routers in the United States would not accept routes for U.S. destinations appearing to come from routers outside of the United States. Route summaries would be a hell of a lot shorter, and packets would be routed faster.
That's supposedly the plan, depending on the mood of IPv6 standards body this year, but frankly, I would bet good money on some sort of "address mobility" endeavor coming in and screwing it all up the minute technical hardware limitations are no longer an obstacle (if not sooner :-)