Randy’s Tech Blog

I was easily able to run two 7200s on my MacBook Pro, though it is fairly beefy for a laptop, having 8G RAM etc. It turns out that the Dynagen needs to be told to use RAM as opposed to disk, e.g.
mmap = false

The two routers could easily run IS-IS and BGP between them.

One can configure just about any kind of interface, so one can emulate a real configuration.

It is easy to connect to the outside world, just do something in the family of
[[ROUTER R1]]
f0/0 = NIO_gen_eth:en0
(any interface will do), and then configure the specified interface on the router for a real IP on your local LAN and it just bridges out. Note that this did not seem to work when my Mac was on WiFi, only on Ethernet. I suspect it has something to do with the MacOS X’s WiFi, the dreaded proxy ARP, and bridging. But I really did not take the time to debug it. I imagine hard-wired Ethernet will still be around for a year or two.

This allowed me to trivially multi-hop BGP peer with one of my real routers, r0.sea, the 7200 in the Westin. But, if I configured R1 as a 7200 with an NPE-400 and 512MB of RAM, it would crash before it loaded a full feed. If I configured it as an NPE-G2, G1 is not available, the configuration would not come up in Dynagen, and crashed out. While I am not sure I need a full feed to my MacBook :), it would be nice for certain things.

All in all, this looks like a cool tool, and I plan to keep it around.

Coming to a JSAC near you in a few months.

Evolution of Internet Address Space Deaggregation: Myths and Reality, Luca Cittadini, Wolfgang Mühlbauer, Steve Uhlig Randy Bush, Pierre François, Olaf Maennel

Thanks to pfs, I am using Dynamips/Dynagen to have multiple virtual Ciscos on my MacBookPro.

Dynagen Web Site

Kit for MacOS X

It is not that I believe strongly in this approach. But it sure is simpler than many others.

Anja Feldmann, Luca Cittadini, Wolfgang Mühlbauer, Randy Bush, Olaf Maennel, HAIR: Hierarchical Architecture for Internet Routing, in Proceedings of Workshop on Rearchitecting the Internet, December 2009.

R Bush, O Maennel, M Roughan, S Uhlig Internet Optometry: Assessing the Broken Glasses in Internet Reachability, ACM SIGCOMM Internet Measurement Conference, November 2009. [in Japanese]

A co-worker pointed out that I have been lax in keeping this site updated. So …

Bellovin, S.M.; Bush, R. Configuration Management and Security, IEEE Journal on Selected Areas in Communications, Volume 27, Issue 3, April 2009 Page(s):268 - 274

At the IETF IPv6/IPv4 coexistence interim meeting in Montréal, I gave a presentation of the A+P proposal.

APNIC 26 attempted to focus on IPv6. It was a major disaster from Layer 2 to Layer 9. The network failed both at Layer 2 in the 802.11 and, for the few who managed to connect for a few minutes, applications at Layer 7 which should have worked did not. And, despite demonstrating on Tuesday that the IPv6 network did not work, APNIC staff persisted in turning the IPv4 network off on Wednesday. And they were proud of it. All in all, it was an impressive demonstration of non-professionalism and operational lack of clue.

And the panel held Tuesday morning was a complete train wreck. People walked away saying they were going home and telling folk that their companies should wait some years for IPv6 and consider just NATting IPv4.

APNIC has set a high bar that future IPv6 train wrecks will find hard to beat.

Network Discovery from Passive Measurements was interesting work on cartography. Use of the Record Route option in traceroute, is something we need to look at more seriously than we have. They went specifically after the failure of RocketFuel, that there are many interfaces on a router. Then it got into a daunting disjunctive logic model, which was not something to try at home (exponential in sample size). But it did a lot better than RocketFuel.

Nathan from UW is using many traceroute hacks to try to improve RocketFuel.

Our paper, iSPY: Detecting IP Prefix Hijacking on My Own, went well, probably because the wireless was not working.

Had a good lunch at Cafe Flora with JR, MM, and two JR students.

None of the p2p presentations grabbed me. And none of the wireless papers either, but it’s far from any of my interests.

WW was also interested in control plane visibility.

In the wireless session, one paper, ZigZag Decoding: Combating Hidden Terminals in Wireless Networks, was pretty sharp. They showed how to recover the packets from 802.11 frames which collided and thus otherwise would have been discarded.

If you were interested in URLs in SPAM, perhaps Spamming Botnets: Signatures and Characteristics might have been interesting to you. Not my cup of tea.

Anja’s group and Vern’s described sampling fiber tap recording. Not sure where the computer science was in this, but it could be operationally useful. See Enriching Network Security Analysis with Time Travel.

There was a quite good paper on radically reducing the state space in regexp evaluation, Deflating the Big Bang: Fast and Scalable Deep Packet Inspection with Extended Finite Automata.

Rationality and Traffic Attraction: Incentives for Honest Path Announcements in BGP used an incentive model to motivate and test if the data plane follows the BGP control plane. This could be used for routing security to test if a neighbor was lying about how it would route traffic given to it. It modeled ASses as rational actors. Bottom line was that Secure BGP could be used to enforce the conditions, but a multi-homed node could announce the path it does not actually use.  It explores additional mechanisms that improve the situation.  Definitely interesting work in the secure BGP area.