iljitsch.com

topics: BGP / IPv6 / more · settings · b&w · my business: inet⁶ consult · Twitter · Mastodon · LinkedIn · email · 🇺🇸 🇳🇱

Hi, I'm Iljitsch van Beijnum. Here on iljitsch.com I publish articles and post links about a range of topics.

Also have a look at my business web site inet⁶ consult.

Smart home Matter and Thread misconceptions (or not?)

I just saw a Youtube video kind of reviewing the new Thread smart home communication protocol. I'm not linking to it because it attributed a bunch of things to Thread that are Matter, unless I'm very much mistaken. (And the latter is certainly possible. Do your own research before buying new stuff.)

Matter logo

Matter is the new IP-based system that lets a smart home "ecosystems" such as Amazon Alexa, Google Home, Apple HomeKit and Samsung SmartThings talk to smart home accessories. Matter has two big advantages. The first one is that you're no longer locked into a single ecosystem or a limited number of ecosystems. Every ecosystem that supports Matter can control accessories that use Matter. Even better, multiple ecosystems can control the same accessories.

Thread logo

Thread, on the other hand, is simply a wireless protocol for talking to smart home accessories.

Full article / permalink - posted 2022-12-03

Heeft echt maar 9% van de Nederlandse Google-gebruikers IPv6?

Een klein dorpje landje blijft dapper weerstand bieden tegen de oprukkende nieuwe versie van het Internet Protocol:

Twee weken geleden scoorde Nederland 14% en inmiddels is dit afgenomen tot 9%. Maar kan dat wel kloppen?

Volledig artikel / permalink - geplaatst 2022-12-01

Smart home: past, present, future

Recently, a few podcasts that I listen to talked about smart home technology. We also got the release of new smart home standards Thread and Matter. So I want to look at what smart home options have worked for me, and see if it's possible to draw any conclusions about what could work for most people. (As in: who don't enjoy tinkering with tech for its own sake.)

Read the article - posted 2022-11-27

→ What can be learned from BGP hijacks targeting cryptocurrency services?

Interesting blog post on the APNIC blog by Doug Madory:

On 17 August 2022, an attacker was able to steal approximately USD 235,000 in cryptocurrency by employing a BGP hijack against the Celer Bridge, a service that allows users to convert between cryptocurrencies.

In this blog post, I discuss this and previous infrastructure attacks against cryptocurrency services. While these episodes revolve around the theft of cryptocurrency, the underlying attacks hold lessons for securing the BGP routing of any organization that conducts business on the Internet.

Using BGP to steal cryptocurrency is happening with some regularity now...

The important lesson comes at the end: Amazon shouldn't have RPKI ROAs for a /10 and a /11 with a maximum prefix limit of /24.

This way, the attacker, thanks to an ISP that didn't properly filter its customer's BGP announcements, was able to advertise a /24 out of Amazon's address space and have that announcement be labeled "valid" by RPKI route origin validation.

Amazon advertises a /11, and if the maximum prefix length in the ROA for that /11 had been just /11, the attacker wouldn't have been able to "shoplift" just that /24, but they'd have to go head-to-head against Amazon for that entire /11. That would have had a much lower chance of success and much higher chance of being noticed quickly.

(Shameless plug: if all that RPKI and ROA talk is gibberish to you, my new BGP e-book has a section on what RPKI is and how it works.)

Permalink - posted 2022-11-24

New e-book: Internet Routing with BGP

I did it again... I wrote another book.

20 years ago O'Reilly published my first book, titled simply “BGP”. My goal with that book was to write the book that I would have liked to have read when I started my journey with the Border Gateway Protocol, the internet's routing protocol.

Although amazingly, we still use the same version 4 of the BGP protocol as in 1994, a lot has changed. As updating my previous book was not in the cards, I decided to write a completely new book about BGP. It's called “Internet Routing with BGP” and it's now available as an e-book. See the end of the article for details and links.

Read the article - posted 2022-11-18

My BGP minilab

When I wrote my first BGP book I painstakingly made the config examples on actual Cisco routers. In my opinion, it's crucial to make sure that configuration examples that go in a book actually work.

So when I started writing my new BGP book, I did the same. But this time, I used open source routing software (FRRouting) running in Docker containers. Basically, those containers are very light-weight virtual machines.

This makes it possible to run a dozen virtual routers that start up and shut down in just a few seconds. So it's very easy to run different examples by starting the required virtual routers with the configuration for that example.

This was super useful when I was writing the book.

So I thought it would also be very useful for people reading the book.

So I'm making the "BGP minilab" with all the config examples from the book available to my readers. Download version 2022-11 of the minilab that goes with the first version of the book here.

You can also run the examples in the minilab if you don't have the book. And you can create your own labs based on these scripts.

The minilab consist of four scripts:

There are Mac/Linux shell script and Windows Powershell versions of each script.

Permalink - posted 2022-11-11

older posts - newer posts

Search for:
RSS feed

Archives: 2000, 2001, 2002, 2003, 2004, 2005, 2006, 2007, 2008, 2009, 2010, 2011, 2012, 2013, 2014, 2015, 2016, 2017, 2018, 2019, 2020, 2021, 2022, 2023