Interdomain Routing News Archive
(See the home page for the most recent IDR news.)
During the week from September 17 to 23, the main topic of NANOG was the new
worm called Nimda. There was some discussion whether it is useful to try
to slow worms down using "tar pits" such as
A discussion about physical resiliency and security turned into a debate
about using MD5 authentication in BGP (RFC-2385).
It was assumed that this wouldn't help against TCP RST attacks,
but actually it does. An MD5 message digest is calculated over each
TCP segment and a password and the result is stored in a TCP option.
This makes it possible to detect spoofed session setups, resets or
data segments so attackers are unable to disconnect
BGP sessions or present themselves as a legitimate BGP peer.
The terrorist attack on the World Trade Center in New York City resulted
in outages for a number of ISPs. Of the destroyed buildings, WTC 1 and 7
housed colocation facilities. The Telehouse America facility on 25 Broadway
in Manhattan, not far from the WTC, lost power. The facility was not damaged,
but commercial power was lost and after running on generator power
for two days, the generators overheated and had to be turned off for several
hours. Affected ISPs received many offers for temporary connectivity and
assistence rebuilding their networks.
The phone network experienced congestion in many places on the day of the
attack. Although individual (news) sites were slow or
hard to reach, general Internet connectivity held up very well.
While phone traffic was much higher than usual, traffic over the Internet
rose shortly after the attack, but then it declined and stayed somewhat lower
than normal the rest of the day, with some unusual traffic patterns.
It seems obvious that packet switched network have better graceful degradation
than circuit switched networks. A phone call always uses the same amount of
bandwidth, so either you are lucky and it works, or you are unlucky and you
get nothing. Packet networks on the other hand, slow down but generally don't
cut off users completely until things get really, really bad.
And while the current Internet holds its own in many-to-many
communication, it can't really cope with massive one-to-many traffic.
Photos of an affected
telephone Central Office in New York
Geoff Huston has written an article
Unreliable Internet" (PDF)
about how ISP networks becoming less resilient and customers becoming more
so (by connecting to two or more ISPs, in other words: multihoming)
creates a vicious circle.
At the same time, there is concern about the growth of the number of networks
in the global routing table, which is in part caused by the increase in
Operations and Management Area has the multi6 working group looking into
the the issue from an IPv6 angle.
While there is much improvement possible in current protocols,
there is no be-all, end-all solution in sight that would scale to unlimited
numbers of multihomers.