No subject

[Steven M. Bellovin]

Cryptography <cryptography at metzdowd.com>
Subject: Re: Tromboning: Internet Traffic Begins to Bypass the U.S.

On Sat, 30 Aug 2008 10:32:15 -0400
"R.A. Hettinga" <rah at shipwright.com> wrote:


> Evidently not just anyone can stick two links together using one box
> and three ethernet cards, or whatever, or the Internet Gets Broken.

Not quite, but see below.
>
> Geeze, to paraphrase Grace Slick, I wish I knew BGP.
>
> (Though, like Grace was at the time, I'm too burned-out a dog these
> days to learn those new tricks. Easier to doze off on the veranda
> watching the weather go by.)
>
BGP is indeed complex -- not the theory, but the practice: how it's
actually used.

Fundamentally, BGP is a way to implement routing *policy*: ISPs
(actually, ASs -- Autonomous Systems) use BGP so that traffic they're
carrying goes the way it's supposed to, more or less.  The metric, of
course is money -- what do they get paid for certain traffic over
certain paths, compared to others?  Among the many criteria that are
considered are traffic engineering, load-balancing among different
links, reducing latency for certain kinds of traffic, balancing bytes
and packets sent and received to certain BGP neighbors, minimizing the
number of prefixes you have to carry around in your routers (currently
about 240K for the so-called "default-free zone"), AUP restrictions,
customer satisfaction, redundancy, regulation, and more.

You can't just connect a couple of random Ethernets and have things JFW
(Just Work), the way you can with LANs in a building.  For one thing,
the Internet is too big; OSPF won't handle nearly that many prefixes.
For another, no one will (or rather, no one should) let you blindly
claim to carry traffic for random prefixes.  (The reality of that is
quite different and much more crypto-relevant...)

RAH: I'm quite certain this won't get to the other lists you've posted
to, but feel free to forward this.

		--Steve Bellovin, http://www.cs.columbia.edu/~smb