Last time with the Youtube problem, they advertised more specific routes. If Pakistan was advertising a /24 network (255 IP addresses) Youtube started advertising two /25 networks (2x 128 addresses). Since they are more specific, they are preferred over the more broad routes. This prevents lack of cooperation, but not malicious behavior. As well, it ends somewhere because many networks will not pass routes smaller than say /24 or /28.
Most service providers also do 'inbound route filtering' to filter out any routes that they do not own. This isn't a simple process, which is why PCCW does not do it. Maybe a few more of these incidents and they will.
There's also AS Path filtering. This allows networks to be more granular in which paths they trust, by inspecting which AS's a route has gone through. If certain AS or AS path combinations become problematic, the internet at large could blackhole them or do manual route filtering. This would be laborious, but possible.
That said if someone can maliciously peer with an active BGP router, the damage to be done is significant. I haven't seen any outage reports from this type of attack, but I'm surprised by that.
I suppose the attack will still work for IPv6 for a long time.
If you don't, then it makes a lot of sense to defend literal from non-literal usage.
What's the alternative that I can use and be understood?
Did I mean literally literally, or figuratively? And how can the previous question have meaning?
While one can speculate on why you might be wrong about this being a problem, an examination of the world around us rather strongly suggests that there's no question that there is something fatally wrong with your argument.
If your point is that "we can make it impossible to communicate the concept 'literally' until there's an epidemic of deaths over it", then your threshold is in a very, very wrong place.
The real problem being caused here is well below the noise threshold and certainly not worth trying to play "Holier than thou" at people on the internet.
That wasn't my threshold; that was an example of a confusion that couldn't be disambiguated without clear terms for literal vs figurative; it's just that it had unusually large implications for a scenario that require fast, unambiguous communication. (I guess we don't have to care about these scenarios?)
Your own implicit threshold of "if someone doesn't die because if it, I can fuck up the communicative ability of a language however I feel like" is so thoroughly stupid, I doubt you even believe it yourself, yet feel the need to argue for it anyway.
In any case, I'm less concerned with who makes the best tactical moves than on discerning the best idea presented. As it stands, I don't yet see any justification for "let's get rid of this useful disambiguating feature for literal vs figurative" -- but feel free to keep offering them; maybe your knowledge of "tactics" could come in handy here, thought I doubt it. Tactical arguments don't make a language useful. Rather, substance does.
And any time you ever get around to telling me how to indicate the old meaning of "literally" you just let me know. I get that it's not a real high priority for you right now (based on how you think), and I'm not holding by breath or anything, but it would be really cool if you could pull it off. Thanks.
It's what really separates bad writing from very bad writing.
Then again, it's also a perspective thing.
Etymonline does not reproduce the OED, but it does source from it and sometimes you get lucky.
So for one, it states clearly 'erroneously used' (and indeed has this specific wording, 'strongest admissible sense').
Further, gives the 1680 number, but doesn't actually source that any further (general writing periods of Dryden and Pope? Perhaps, though not clear).
Anyway, that's fun. I miss the OED, but it's the sort of massive tome that's impractical to always have on hand.
Also worth watching, "The History of English in 10 Minutes": http://www.youtube.com/watch?v=rexKqvgPVuA
Interesting videos though, didn't realize I'd stepped on another unexploded grammar mine from The War. I really should know better at this stage.
you can almost always take it out of the sentence it is being used in and the sentence is easier to read and makes more sense.
a new pet-hate word for me (nothing on you OP!)
I wonder how he contacted his colleague. In this case, I presume that routing to other networks were unaffected. But in the general case, with a future of everything over IP, what will network engineers use to communicate about faults?
At some point we might see most of the VoIP being transported across the internet as well, but that'll be the far future.
But in this case the problem was bad routes. You can certainly force your own routers to use fixed routes instead, but that doesn't help you unless everybody else along the path also does it. So it's not easy. There are tricks one can play -- like advertising your network as a set of smaller, more-specific networks (since routers will usually favor more-specific routes over more general ones).
NB Cannot reply under his post
Maybe I see bad things everywhere and you may call paranoïd, but could it be some sort of ("false") advertising on the side of cloudfare?
I don't think it's necessary to call BS on Cloudflare without any kind of evidence at all.
In this case, the author decided to take a shortcut and call the owner of the "problem peer" directly.
It seems that's more or less the quasi-official support channel even for paid services from Google.
It sounds weird that Google did not triggered a recovery procedure on its own.
We all know how hard it can be to contact a competent person at a big corporation when you have a problem . Would Google find it easier than every other human being?
It might work for somebody like China, where they have two network interfaces, so can make all Chinese networks think they are Google on one interface, then forward things on to the real Google on the other. There might be a good reason for them to do it, too, because they are also likely a trusted CA, so could forge SSL certs, too.
It works :)
http://www.pch.net/resources/data.php?dir=/routing-tables (link appears to be temporarily broken)
Secondly, it is pretty easy to track down who is doing it. Assuming a rouge employee used their employers setup (see first point) to announce once of Google's routes and it managed to propagate, smart people at NOCs around the world start emailing and calling each other pretty quickly. Despite CloudFlare trying to take credit here, I'd put money on the fact the network in question received at least a dozen phone calls and emails. There are services like Renesys and BGPmon that "important" companies sign up for that will scream bloody murder and start paging people if someone unauthorized originates your prefixes.
Third, as this is a known problem, a solution is already in the works and on its way to being implemented. Basically when you are assigned a block of IP addresses, you also get to publish a cryptographically signed statement of how and where that block should show up in the global routing table. See http://www.nanog.org/meetings/nanog49/presentations/Tuesday/...
Yes, there's always the risk of a trusted peer mistakenly leaking routes publicly (and a permissive upstream provider not rejecting it outright), but that's a low risk attack vector.
I do remember this happening a few times, but were quickly spotted and corrected (true, the internet at the time was a lot smaller; you could probably fit all sysadmins of a country in a room..)
I see this article as the CloudFlare guy trying to get credit for an act of civility that many other sysadmins likely have done, silently, in parallel. Of course I'm glad he did, but wouldn't expect anything less. That's just how the internet works.
ps: thanks for the link. NANOG is something that I had long ago erased from my brain. Had a chuckle looking at the archives :)
Does anyone know of a book that goes from the basics of networking up to how it's all assembled on a large scale?
A "big book of internet" if you will.
I'm confused about the times the author gives, though. The article is dated today (11/6) and he says this happened 'today' at 6:24pm PST / 02:24 UTC. But unless I'm mistaken, that is a time currently in the future (http://time.gov/timezone.cgi?Pacific/d/-8/java). I guess he meant yesterday?
BGP is how routers communicate with each other. Every major edge router for a network is typically connected to many other edge routers for other networks. Each router announces what amounts to their complete routing table: i.e., for every IPv4/IPv6 address that they know how to route, they announce what networks it traverse on the way to the destination.
When a router is deciding which router an IP packet should hop to next, it looks at the packet's destination IP address and consults an in-memory data structure that it has constructed based on the BGP announcements of the routers to which it's connected. Modulo refining nuances (MED/PREF), it looks for two things:
1. It routes the packet according to the most specific network it saw announced. If it sees a packet destined for 126.96.36.199, and one connected router A is announcing a route for 188.8.131.52/24, and another connected router B is announcing a route for 184.108.40.206/16, it will pass along the packet to router A, all other things being equal.
2. As a tiebreaker for announcements with the same network specificity, it looks at the "AS path": the set of networks that the packet will traverse. It picks the router with the shortest path: the least number of traversed networks.
So the answer to your direct question is that BGP is "somewhere else": it's what routers use to communicate to each other "How will you route this IP packet?" and then make reasonable decisions about how they should send packets around the network.
IP is a protocol for taking a chunk of data, slapping some addressing information on it, and then having it be sent, like an electronic letter, from one computer to another by whatever route the network thinks is best. More precisely every computer sends it to a computer it is directly connected to that it thinks is closer. Eventually, hopefully, it gets to the right place.
If you just want to send chunks of data over IP and hope that they get there, you have UDP.
TCP is a more advanced protocol where one computer contacts another, and then a stream of data starts to flow between them through a connection. Under the hood the stream is broken into chunks that are put in IP packets. And there are extra packets for things like, "Hello, trying to connect here" "I got these packets" "I'm done" and so on. Obviously TCP sits on top of IP.
DNS is a protocol for turning a human readable name like news.ycombinator.com into an IP address like 220.127.116.11. Under the hood DNS uses both UDP and TCP.
BGP is a protocol that is used between routers to advertise how to route packets. BGP uses TCP to work, so it is above TCP. But that routing information is used at the IP level, so bad routes can stop IP from working. Which is what happened here. Someone advertised that they were how to get to a lot of Google addresses, so routers began sending Google traffic there. When the packets arrived, they had no idea what to do with them and dropped them. The result is that the IP layer to Google stopped working for a lot of people.
You would typically have a /30 or /31 subnet containing a pair of routers and have the routers communicate (BGP etc) using those addresses.
DNS runs on top of UDP (or sometimes TCP), which runs on top of IP.
Edited to elaborate: most computers on the internet don't need to know anything about BGP. It's not directly involved when you establish connections. Think of it as an automatic configuration system running on the various routers.
BGP is the protocol Internet Routers (i.e. not your home router) use to figure out how to route IP addresses to particular routers.
So your home router connects to an internet router at comcast (or your ISP). The Comcast router announces to the rest of the world "Dear world, if you want to connect to any of the IP addresses at X.X.X.X sent those packets to me and I'll deal with them."
On a more historical note, the Internet protocol suite beat the OSI protocol suite. Practically nobody uses the OSI protocols anymore, so why bother trying to fit the Internet protocols into the OSI model?
http://www.nanog.com/ is currently showing a "Welcome to nginx" message
Uhh, no. Without the "ensure", then maybe.
Very professional way to do so!
If you're going to have a bunch of autonomous systems/networks operating together, with no central authority, it necessarily comes down to trust and relationships.
Shit will occasionally happen. It's important to look at outages, figure out the cause, and work to prevent it. Perhaps, though, this is a best practices issue, and not some fundamental flaw in BGP.