Infrastructure Architect at Juniper Networks
Joined on July 21, 2016
Total Post Views: 378,682
About |
I build networking technology and networks; take network engineering from the realm of black art into engineering; and help people grow. My current interests are network complexity; disaggregation; programmable networks; cloud; philosophy; and understanding the intersection between people, culture, and technology.
Except where otherwise noted, all postings by Russ White on CircleID are licensed under a Creative Commons License.
Fear sells. Fear of missing out, fear of being an imposter, fear of crime, fear of injury, fear of sickness ... we can all think of times when people we know (or worse, people in the throes of madness of crowds) have made really bad decisions because they were afraid of something. Bruce Schneier has documented this a number of times. For instance: "it's smart politics to exaggerate terrorist threats" and ... more
When I was in the military, we were constantly drilled about the problem of Essential Elements of Friendly Information, or EEFIs. What are EEFis? If an adversary can cast a wide net of surveillance, they can often find multiple clues about what you are planning to do or who is making which decisions. For instance, if several people married to military members all make plans to be without their spouses for a long period of time, the adversary can be certain that a unit is about to be deployed. more
Why are networks so insecure? One reason is we don't take network security seriously. We just don't think of the network as a serious target of attack. Or we think of security as a problem "over there," something that exists in the application realm, that needs to be solved by application developers. Or we think the consequences of a network security breach as "well, they can DDoS us, and then we can figure out how to move load around, so if we build with resilience (enough redundancy)... more
Let's play the analogy game. The Internet of Things (IoT) is probably going end up being like... a box of chocolates, because you never do know what you are going to get? a big bowl of spaghetti with a serious lack of meatballs? Whatever it is, the IoT should have network folks worried about security. Of course, there is the problem of IoT devices being attached to random places on the network, exfiltrating personal data back to a cloud server you don't know anything about. more
When you go to the doctor for a yearly checkup, do you think about health or insurance? You probably think about health, but the practice of going to the doctor for regular checkups began because of large life insurance companies in the United States. These companies began using statistical methods to make risk or to build actuarial tables they could use to set the premiums properly. Originally, life insurance companies relied on the "hunches" of their salesmen, combined with... more
Two things seem to be universally true in the network engineering space right this moment. The first is that network engineers are convinced their jobs will not exist, or there will only be network engineers "in the cloud" within the next five years. The second is a mad scramble to figure out how to add value to the business through the network. These two movements are, of course, mutually exclusive visions of the future. more
Over at the ECI blog, Jonathan Homa has a nice article about the importance of network planning: In the classic movie, The Graduate (1967), the protagonist is advised on career choices, "In one word – plastics." If you were asked by a young person today, graduating with an engineering or similar degree about a career choice in telecommunications, would you think of responding, "network planning"? Well, probably not... more
A long time ago, I worked in a secure facility. I won't disclose the facility; I'm certain it no longer exists, and the people who designed the system I'm about to describe are probably long retired. Soon after being transferred into this organization, someone noted I needed to be trained on how to change the cipher door locks. We gathered up a ladder, placed the ladder just outside the door to the secure facility, popped open one of the tiles on the drop ceiling, and opened a small metal box with a standard, low-security key. more
Privacy problems are an area of wide concern for individual users of the Internet -- but what about network operators? Geoff Huston wrote an article earlier this year concerning privacy in DNS and the various attempts to make DNS private on the part of the IETF -- the result can be summarized with this long, but entertaining, quote. more
In Systemantics: How Systems Really Work and How They Fail, John Gall says: "A complex system that works is invariably found to have evolved from a simple system that worked. A complex system designed from scratch never works and cannot be patched up to make it work. You have to start over with a working simple system." In the software development world, this is called Gall's Law... more
Because the speed of DNS is so important to the performance of any connection on the 'net, a lot of thought goes into making DNS servers fast, including optimized software that can respond to queries in milliseconds, and connecting DNS servers to the 'net through high bandwidth links. To set the stage for massive DDoS attacks based in the DNS system, add a third point: DNS responses tend to be much larger than DNS queries. more
As a long-standing contributor to open standards, and someone trying to become more involved in the open source world (I really need to find an extra ten hours a day!), I am always thinking about these ecosystems, and how they relate to the network engineering world. This article on RedisDB, and in particular this quote, caught my attention. more
The security of the global Default Free Zone (DFZ) has been a topic of much debate and concern for the last twenty years (or more). Two recent papers have brought this issue to the surface once again - it is worth looking at what these two papers add to the mix of what is known, and what solutions might be available. The first of these traces the impact of Chinese "state actor" effects on BGP routing in recent years. more
Mostafa Ammar, out of Georgia Tech recently posted an interesting paper titled The Service-Infrastructure Cycle, Ossification, and the Fragmentation of the Internet. I have argued elsewhere that we are seeing the fragmentation of the global Internet into multiple smaller pieces, primarily based on the centralization of content hosting combined with the rational economic decisions of the large-scale hosting services. The paper in hand takes a slightly different path to reach the same conclusion. more
When rolling out a new protocol such as IPv6, it is useful to consider the changes to security posture, particularly the network's attack surface. While protocol security discussions are widely available, there is often not "one place" where you can go to get information about potential attacks, references to research about those attacks, potential counters, and operational challenges. more
At NANOG on the Road (NotR) in September of 2018, I participated in a panel on BGP security -- specifically the deployment of Route Origin Authentication (ROA), with some hints and overtones of path validation by carrying signatures in BGP updates (BGPsec). This is an area I have been working in for... 20 years? ... at this point, so I have seen the argument develop across these years many times, and in many ways. more
The DNS system is, unfortunately, rife with holes like Swiss Cheese; man-in-the-middle attacks can easily negate the operation of TLS and website security. To resolve these problems, the IETF and the DNS community standardized a set of cryptographic extensions to cryptographically sign all DNS records... Now that these standards are in place, how heavily is DNSSEC being used in the wild? How much safer are we from man-in-the-middle attacks against TLS and other transport encryption mechanisms? more
Tech is commoditizing. I've talked about this before; I think networking is commoditizing at the device level, and the days of appliance-based networking are behind us. But are networks themselves a commodity? Not any more than any other system. We are running out of useful features, so vendors are losing feature differentiation. This one is going to take a little longer... more
I have written about the problems with the "little green lock" shown by browsers to indicate a web page (or site) is secure. In that article, I consider the problem of freely available certificates, and a hole in the way browsers load pages. In March of 2017, another paper was published documenting another problem with the "green lock" paradigm - the impact of HTTPS interception. more
Recently, Bert Hubert wrote of a growing problem in the networking world: the complexity of DNS. We have two systems we all use in the Internet, DNS and BGP. Both of these systems appear to be able to handle anything we can throw at them and "keep on ticking." But how far can we drive the complexity of these systems before they ultimately fail? Bert posted a chart on the APNIC blog to illustrate the problem. more
In simple terms, Meltdown and Spectre are simple vulnerabilities to understand. Imagine a gang of thieves waiting for a stage coach carrying a month's worth of payroll. There are two roads the coach could take, and a fork, or a branch, where the driver decides which one to take. The driver could take either one. What is the solution? Station robbers along both sides of the branch, and wait to see which one the driver chooses. more
From time to time, I run across (yet another) article about why Border Gateway Protocol (BGP) is so bad, and how it needs to be replaced. This one, for instance, is a recent example. It seems the easiest way to solve this problem is finding new people - ones who don't make mistakes - to work on BGP configuration, building IRR databases, and deciding what should be included in BGP? more
In 2003, the world of network engineering was far different than it is today. For instance, EIGRP was still being implemented on the basis of its ability to support multi-protocol routing. SONET, and other optical technologies were just starting to come into their own, and all-optical switching was just beginning to be considered for large-scale deployment. What Hartley says of history holds true when looking back at what seems to be a former age: "The past is a foreign country; they do things differently there." more
The argument for end-to-end encryption is apparently heating up with the work moving forward on TLSv1.3 currently in progress in the IETF. The naysayers, however, are also out in force, arguing that end-to-end encryption is a net negative... The idea of end-to-end encryption is recast as a form of extremism, a radical idea that should not be supported by the network engineering community. Is end-to-end encryption really extremist? Is it really a threat to the social order? more
This week, I ran into an interesting article over at Free Code Camp about design tradeoffs... If you think you've found a design with no tradeoffs, well... Guess what? You've not looked hard enough. This is something I say often enough, of course, so what's the point? The point is this: We still don't really think about this in network design. This shows up in many different places; it's worth taking a look at just a few. more
The network engineering world has long emphasized the longevity of the hardware we buy; I have sat through many vendor presentations where the salesman says "this feature set makes our product future proof! ... Over at the Networking Nerd, Tom has an article posted supporting this view of networking equipment, entitled Network Longevity: Think Car, not iPhone. It seems, to me, that these concepts of longevity have the entire situation precisely backward. more
I ran into an article over at the Register this week which painted the entire networking industry, from vendors to standards bodies, with a rather broad brush. While there are true bits and pieces in the piece, some balance seems to be in order. The article recaps a presentation by Peyton Koran at Electronic Arts (I suspect the Register spiced things up a little for effect); the line of argument seems to run something like this... more
As I spend a lot of time on Oak Island (not the one on television, the other one), I tend to notice some of those trivial things in life. For instance, when the tide is pretty close to all the way in, it probably is not going to come in much longer; rather, it is likely to start going back out soon. If you spend any time around clocks with pendulums, you might have noticed the same thing; the maximum point at which the pendulum swings is the point where it also begins swinging back. more
The IETF published RFC8200 last week, which officially makes IPv6 an Internet Standard. While this move was a long time coming -- IPv6 has now reached about 20% deployment -- a more interesting question is: what has changed since RFC2460, which was a draft standard, was published in 2013? After all, the point of moving from the experimental to the draft standard to the internet standard states is to learn more about the protocol as it operates on the wire... more
It is certainly true that DDoS and hacking are on the rise; there have been a number of critical hacks in the last few years, including apparent attempts to alter the outcome of elections. The reaction has been a rising tide of fear, and an ever increasing desire to "do something." The something that seems to be emerging is, however, not necessarily the best possible "something." Specifically, governments are now talking about attempting to "wipe out" the equipment used in attacks. more
Is it time for the IETF to give up? Martin Geddes makes a case that it is, in fact, time for the IETF to "fade out." The case he lays out is compelling -- first, the IETF is not really an engineering organization. There is a lot of running after "success modes," but very little consideration of failure modes and how they can and should be guarded against. Second, the IETF "the IETF takes on problems for which it lacks an ontological and epistemological framework to resolve." In essence, in Martin's view, the IETF is not about engineering, and hasn't ever really been. more
Most engineers focus on purely technical mechanisms for defending against various kinds of cyber attacks, including "the old magic bullet," the firewall. The game of cannons and walls is over, however, and the cannons have won; those who depend on walls are in for a shocking future. What is the proper response, then? What defenses are there The reality is that just like in physical warfare, the defenses will take some time to develop and articulate. more
The other day several of us were gathered in a conference room on the 17th floor of the LinkedIn building in San Francisco, looking out of the windows as we discussed some various technical matters. All around us, there were new buildings under construction, with that tall towering crane anchored to the building in several places. We wondered how that crane was built, and considered how precise the building process seemed to be to the complete mess building a network seems to be. more
In the first post on DDoS, I considered some mechanisms to disperse an attack across multiple edges (I actually plan to return to this topic with further thoughts in a future post). The second post considered some of the ways you can scrub DDoS traffic. This post is going to complete the basic lineup of reacting to DDoS attacks by considering how to block an attack before it hits your network -- upstream. more
Your first line of defense to any DDoS, at least on the network side, should be to disperse the traffic across as many resources as you can. Basic math implies that if you have fifteen entry points, and each entry point is capable of supporting 10g of traffic, then you should be able to simply absorb a 100g DDoS attack while still leaving 50g of overhead for real traffic... Dispersing a DDoS in this way may impact performance -- but taking bandwidth and resources down is almost always the wrong way to react to a DDoS attack. But what if you cannot, for some reason, disperse the attack? more
Distributed Denial of Service is a big deal -- huge pools of Internet of Things (IoT) devices, such as security cameras, are compromised by botnets and being used for large scale DDoS attacks. What are the tools in hand to fend these attacks off? The first misconception is that you can actually fend off a DDoS attack. There is no magical tool you can deploy that will allow you to go to sleep every night thinking, "tonight my network will not be impacted by a DDoS attack." more
A new age of openness is coming upon us. At least that's what we're being told. For instance -- "The reign of closed solution suites is over, shifting to the rise of open, heterogeneous software ecosystems." Maybe it's my 30 years in the information technology business (how many people remember Thomas-Conrad ARCnet hardware?), but I'm not convinced. It's worth taking a moment to consider the case. more
Way back in the olden days, folks decided that cities should invest lots of money in public transportation systems. The reasons were many fold, including reducing the number of individual vehicles being driven in too, and parked in, congested "downtown" areas, and increasing traffic to businesses in those areas, increasing their commercial viability. Many of these systems are sold to the public with the idea that they will (at least) break even against capital and operational expenses over time, but the reality is far different. more
What should we do with software patents? I've seen both sides of the debate, as I work a great deal in the context of standards bodies (particularly the IETF), where software patents have impeded progress on a community-driven (and/or community-usable) standard. On the other hand, I have been listed as a co-inventor on at least 40 software patents across more than twenty years of work, and have a number of software patents either filed or in the process of being filed. more
It's a familiar story by now: on the 8th of August, 2016, Delta lost power to its Atlanta data center, causing the entire data center to fail. Thousands of flights were cancelled, many more delayed, and tens of thousands of travellers stranded. What's so unusual about this event is in the larger scheme of network engineering, it's not that unusual. If I think back to my time on the Escalation Team at a large vendor, I can think of hundreds of situations like this. And among all those events, there is one point in common: it takes longer to boot the system than it does to fix the initial problem. more
The world of networking tends to be bistable: we either centralize everything, or we decentralize everything. We started with mainframes, passed through Lotus 123 hidden in corners, then to mini's and middleware, then to laptops, and now to the cloud, to be followed by fog. This particular cycle of centralization/decentralization, however, has produced a series of overlapping changes that are difficult to decipher. You can somehow hear someone arguing about disaggregation and hyperconvergence through the fog -- but just barely. more