Can Interdomain routing[BGP] self recover from prefix hijack?

Akmal Shahbaz akmal_shahbaz at yahoo.com
Mon May 11 22:40:18 CDT 2009


HiSolutions like BGPmon.net,Cyclops,etc are doing a very good job of alerting  about the prefix hijack/configuration erros/experiments gonig on/etc.But i would like to ask "Alerting the victim is the best we can do after detecting such incidents" or what else we can do?What do you think about "BGP ability to Self recover form prefix hijacks or anomalies?"
Is it possible?How?What do you think about "Self healing as the property of Internet?"Thank you.Akmal KhanMS-PhD StudentMMLab at SNU.Kr
--- On Tue, 5/12/09, nanog-request at nanog.org <nanog-request at nanog.org> wrote:

From: nanog-request at nanog.org <nanog-request at nanog.org>
Subject: NANOG Digest, Vol 16, Issue 43
To: nanog at nanog.org
Date: Tuesday, May 12, 2009, 1:04 AM

Send NANOG mailing list submissions to
    nanog at nanog.org

To subscribe or unsubscribe via the World Wide Web, visit
    http://mailman.nanog.org/mailman/listinfo/nanog
or, via email, send a message with subject or body 'help' to
    nanog-request at nanog.org

You can reach the person managing the list at
    nanog-owner at nanog.org

When replying, please edit your Subject line so it is more specific
than "Re: Contents of NANOG digest..."


Today's Topics:

   1. Re: two interfaces one subnet (David Devereaux-Weber)
   2. Re: two interfaces one subnet (Nathan Ward)
   3. Re: two interfaces one subnet (Arnold Nipper)
   4. Re: two interfaces one subnet (Patrick W. Gilmore)
   5. Re: two interfaces one subnet (Patrick W. Gilmore)
   6. RE: two interfaces one subnet (Holmes,David A)
   7. Re: two interfaces one subnet (Arnold Nipper)
   8. Re: two interfaces one subnet (Patrick W. Gilmore)
   9. Re: two interfaces one subnet (Chris Adams)
  10. Re: two interfaces one subnet  (Kevin Oberman)
  11. Re: two interfaces one subnet (Ben Scott)


----------------------------------------------------------------------

Message: 1
Date: Mon, 11 May 2009 17:08:45 -0500
From: David Devereaux-Weber <ddevereauxweber at gmail.com>
Subject: Re: two interfaces one subnet
To: Hector Herrera <hectorherrera at gmail.com>
Cc: nanog at nanog.org
Message-ID:
    <f2675b350905111508t11d097afrb68ecb09d3798025 at mail.gmail.com>
Content-Type: text/plain; charset=ISO-8859-1

In my case, each Ethernet interface has its own unique MAC address.

Dave

On Mon, May 11, 2009 at 4:28 PM, Hector Herrera <hectorherrera at gmail.com>wrote:

> On Mon, May 11, 2009 at 2:22 PM, David Devereaux-Weber
> <ddevereauxweber at gmail.com> wrote:
> > Chris,
> >
> > I work with iHDTV <http://ihdtv.org>, a project that sends uncompressed
> high
> > definition television (1.5 Gbps) as UDP over two 1 Gbps interfaces.  If
> both
> > interfaces are on the same subnet, the OS sees the same router (gateway)
> > address on both interfaces, and the results are sub-optimal ... around
> 50%
> > packet loss.
>
> packet loss is probably due to the network switch having to re-learn
> the location of the MAC address constantly as it sees packets on two
> or more ports with the same MAC address (think STP loops).
>
> If your network stack and network device (switch) supports LACP, then
> you can have multiple connections between a host and a network device.
>  That is a very easy way to increase capacity and add redundancy.
>
> That is how all of our VMWare ESX 3.5i servers are connected.
>
> Hector
>


------------------------------

Message: 2
Date: Tue, 12 May 2009 10:08:49 +1200
From: Nathan Ward <nanog at daork.net>
Subject: Re: two interfaces one subnet
To: nanog list <nanog at nanog.org>
Message-ID: <24F5463D-C5B0-46BD-AB6A-1C376BE742EF at daork.net>
Content-Type: text/plain; charset=US-ASCII; format=flowed; delsp=yes

On 12/05/2009, at 9:00 AM, Charles Wyble wrote:

> What does two interfaces in one subnet mean?
>
> Two NICs? Or virtual interfaces?


Also, what does one subnet mean?

A. Using the same IP prefix on two different networks (ie. ethernet  
broadcast domains) with an interface in to each, or B. running two  
interfaces in to the same network (ie. ethernet broadcast domain).

In the case of A, are you re-using numbers on each side?
In the case of B, are you wanting both interfaces to have the same  
number(s)?

--
Nathan Ward




------------------------------

Message: 3
Date: Tue, 12 May 2009 00:13:19 +0200
From: Arnold Nipper <arnold at nipper.de>
Subject: Re: two interfaces one subnet
To: "Patrick W. Gilmore" <patrick at ianai.net>
Cc: NANOG list <nanog at nanog.org>
Message-ID: <4A08A2FF.4040306 at nipper.de>
Content-Type: text/plain; charset="iso-8859-1"

On 11.05.2009 23:47 Patrick W. Gilmore wrote

> On May 11, 2009, at 5:19 PM, Alex H. Ryu wrote:
> 
>> It may be allowed from host-level, but from router equipment, I don't
>> think it was allowed at all.
> 
> Ever used HSRP / VRRP?  Two interfaces in the same subnet.  Works  
> fine.  In fact, most people think it works _better_ than one interface  
> in the same subnet.
> 

I guess you are mixing interfaces with IPs now. Don't you?



Arnold
-- 
Arnold Nipper / nIPper consulting, Sandhausen, Germany
email: arnold at nipper.de       phone: +49 6224 9259 299
mobile: +49 172 2650958         fax: +49 6224 9259 333

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 250 bytes
Desc: OpenPGP digital signature
Url : http://mailman.nanog.org/mailman/nanog/attachments/20090512/572650ee/attachment-0001.pgp 

------------------------------

Message: 4
Date: Mon, 11 May 2009 18:16:22 -0400
From: "Patrick W. Gilmore" <patrick at ianai.net>
Subject: Re: two interfaces one subnet
To: North American Network Operators Group <nanog at nanog.org>
Message-ID: <1AE0407D-4A99-41B9-820D-11EF2A27A739 at ianai.net>
Content-Type: text/plain; charset=US-ASCII; format=flowed; delsp=yes

On May 11, 2009, at 5:59 PM, Chris Meidinger wrote:

> Just to restate here, for people who have been responding both  
> publicly and privately:
>
> I know that *I* can make it work, and I know that *you* can make it  
> work. But I also know that it's not likely to stay working.
>
> One day, down the road, something will break. Then, my poor support  
> team will spend days trying to diagnose the problem.

Could you show me a network configuration that does not qualify for  
that last sentence?

Or for that matter, _anything_ related to ... well, anything?

-- 
TTFN,
patrick




------------------------------

Message: 5
Date: Mon, 11 May 2009 18:25:02 -0400
From: "Patrick W. Gilmore" <patrick at ianai.net>
Subject: Re: two interfaces one subnet
To: NANOG list <nanog at nanog.org>
Message-ID: <D4566287-AA45-450E-BA7F-A7626C971A3F at ianai.net>
Content-Type: text/plain; charset=US-ASCII; format=flowed; delsp=yes

On May 11, 2009, at 6:13 PM, Arnold Nipper wrote:
> On 11.05.2009 23:47 Patrick W. Gilmore wrote
>> On May 11, 2009, at 5:19 PM, Alex H. Ryu wrote:
>>
>>> It may be allowed from host-level, but from router equipment, I  
>>> don't
>>> think it was allowed at all.
>>
>> Ever used HSRP / VRRP?  Two interfaces in the same subnet.  Works
>> fine.  In fact, most people think it works _better_ than one  
>> interface
>> in the same subnet.
>
> I guess you are mixing interfaces with IPs now. Don't you?

Each interface has its own IP address.  The two Interfaces _also_  
share a virtual IP address.

IOW: No.  Are you?

-- 
TTFN,
patrick




------------------------------

Message: 6
Date: Mon, 11 May 2009 15:27:13 -0700
From: "Holmes,David A" <dholmes at mwdh2o.com>
Subject: RE: two interfaces one subnet
To: "Chris Meidinger" <cmeidinger at sendmail.com>
Cc: nanog at nanog.org
Message-ID:
    <485ED9BA02629E4BBBA53AC892EDA50E08E2D64D at usmsxt104.mwd.h2o>
Content-Type: text/plain;    charset="us-ascii"

I think the idea of one interface per subnet originates in the early
RFCs, such as RFC 1009 "Requirements for Internet Gateways":

"Section 1.1.2 Networks and Gateways

... A gateway is connected to two or more networks, appearing to
         each of these networks as a connected host.  Thus, it has a
         physical interface and an IP address on each of the connected
         networks ... "

So by using singular terminology ( "a connected host", "a physical
interface", "an IP address") instead of plural, a single interface per
subnet for gateways (read routers) is implied.

This is not to say that it will not work, at least on servers. Standards
aside, a good reason why this is not a best practice is the concept of
asynchronous routing where a packet arrives on one interface, and the
reply leaves on the other interface with a different source IP on the
reply. Most firewalls will reject packets such as this.  

-----Original Message-----
From: Chris Meidinger [mailto:cmeidinger at sendmail.com] 
Sent: Monday, May 11, 2009 1:29 PM
To: nanog at nanog.org
Subject: two interfaces one subnet

Hi,

This is a pretty moronic question, but I've been searching RFC's on- 
and-off for a couple of weeks and can't find an answer. So I'm hoping  
someone here will know it offhand.

I've been looking through RFC's trying to find a clear statement that  
having two interfaces in the same subnet does not work, but can't find  
it that statement anywhere.

The OS in this case is Linux. I know it can be done with clever  
routing and prioritization and such, but this has to do with vanilla  
config, just setting up two interfaces in one network.

I would be grateful for a pointer to such an RFC statement, assuming  
it exists.

Thanks!

Chris




------------------------------

Message: 7
Date: Tue, 12 May 2009 00:35:20 +0200
From: Arnold Nipper <arnold at nipper.de>
Subject: Re: two interfaces one subnet
To: NANOG list <nanog at nanog.org>
Message-ID: <4A08A828.4040104 at nipper.de>
Content-Type: text/plain; charset="iso-8859-1"

On 12.05.2009 00:25 Patrick W. Gilmore wrote

> On May 11, 2009, at 6:13 PM, Arnold Nipper wrote:
>> On 11.05.2009 23:47 Patrick W. Gilmore wrote
>>> On May 11, 2009, at 5:19 PM, Alex H. Ryu wrote:
>>>
>>>> It may be allowed from host-level, but from router equipment, I  
>>>> don't
>>>> think it was allowed at all.
>>>
>>> Ever used HSRP / VRRP?  Two interfaces in the same subnet.  Works
>>> fine.  In fact, most people think it works _better_ than one  
>>> interface
>>> in the same subnet.
>>
>> I guess you are mixing interfaces with IPs now. Don't you?
> 
> Each interface has its own IP address.  The two Interfaces _also_  
> share a virtual IP address.
> 
> IOW: No.  Are you?
> 

But still each device only has _one_ interface in the same subnet.
Though with two IP addresses sometimes.



Arnold
-- 
Arnold Nipper / nIPper consulting, Sandhausen, Germany
email: arnold at nipper.de       phone: +49 6224 9259 299
mobile: +49 172 2650958         fax: +49 6224 9259 333

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 250 bytes
Desc: OpenPGP digital signature
Url : http://mailman.nanog.org/mailman/nanog/attachments/20090512/676b9522/attachment-0001.pgp 

------------------------------

Message: 8
Date: Mon, 11 May 2009 18:37:42 -0400
From: "Patrick W. Gilmore" <patrick at ianai.net>
Subject: Re: two interfaces one subnet
To: Arnold Nipper <arnold at nipper.de>
Cc: NANOG list <nanog at nanog.org>
Message-ID: <F4DB2CCA-8B27-4A68-A7D3-49B7F5DB0008 at ianai.net>
Content-Type: text/plain; charset=US-ASCII; format=flowed; delsp=yes

On May 11, 2009, at 6:35 PM, Arnold Nipper wrote:
> On 12.05.2009 00:25 Patrick W. Gilmore wrote
>> On May 11, 2009, at 6:13 PM, Arnold Nipper wrote:
>>> On 11.05.2009 23:47 Patrick W. Gilmore wrote
>>>> On May 11, 2009, at 5:19 PM, Alex H. Ryu wrote:
>>>>
>>>>> It may be allowed from host-level, but from router equipment, I
>>>>> don't
>>>>> think it was allowed at all.
>>>>
>>>> Ever used HSRP / VRRP?  Two interfaces in the same subnet.  Works
>>>> fine.  In fact, most people think it works _better_ than one
>>>> interface
>>>> in the same subnet.
>>>
>>> I guess you are mixing interfaces with IPs now. Don't you?
>>
>> Each interface has its own IP address.  The two Interfaces _also_
>> share a virtual IP address.
>>
>> IOW: No.  Are you?
>>
>
> But still each device only has _one_ interface in the same subnet.
> Though with two IP addresses sometimes.

Of course, was thinking about using it on the same router.  But I  
guess that doesn't work so well, does it? :)

-- 
TTFN,
patrick




------------------------------

Message: 9
Date: Mon, 11 May 2009 18:29:08 -0500
From: Chris Adams <cmadams at hiwaay.net>
Subject: Re: two interfaces one subnet
To: nanog at nanog.org
Message-ID: <20090511232908.GB622256 at hiwaay.net>
Content-Type: text/plain; charset=us-ascii

Once upon a time, Kevin Oberman <oberman at es.net> said:
> > From: Chris Meidinger <cmeidinger at sendmail.com>
> > For example, eth0 is 10.0.0.1/24 and eth1 is 10.0.0.2/24, nothing like  
> > bonding going on. The customers usually have the idea of running one  
> > interface for administration and another for production (which is a  
> > _good_ idea) but they want to do it in the same subnet (not such a  
> > good idea...)
> 
> This will not work right. One interface can be 10.0.0.1/24, but any
> added interfaces would need to be /32 (10.0.0.2/32).

I don't know which OS(es) you are using, but that's not true in Linux.
I see this all the time at home; if I plug my notebook into the wired
LAN and still have the wireless enabled, both will get an IP (in the
same subnet) from DHCP.  The wired link is the preferred default route
by default, but you can easily set up routes for some networks via the
wireless link.

You can also set up multipath routing to send packets out both links.  I
think you can also use IP policy routing to control the choice of
outbound interface by rule (e.g. based on source address).

-- 
Chris Adams <cmadams at hiwaay.net>
Systems and Network Administrator - HiWAAY Internet Services
I don't speak for anybody but myself - that's enough trouble.



------------------------------

Message: 10
Date: Mon, 11 May 2009 16:47:50 -0700
From: "Kevin Oberman" <oberman at es.net>
Subject: Re: two interfaces one subnet 
To: Chris Adams <cmadams at hiwaay.net>
Cc: nanog at nanog.org
Message-ID: <20090511234750.2804A1CC0B at ptavv.es.net>

> Date: Mon, 11 May 2009 18:29:08 -0500
> From: Chris Adams <cmadams at hiwaay.net>
> 
> Once upon a time, Kevin Oberman <oberman at es.net> said:
> > > From: Chris Meidinger <cmeidinger at sendmail.com>
> > > For example, eth0 is 10.0.0.1/24 and eth1 is 10.0.0.2/24, nothing like  
> > > bonding going on. The customers usually have the idea of running one  
> > > interface for administration and another for production (which is a  
> > > _good_ idea) but they want to do it in the same subnet (not such a  
> > > good idea...)
> > 
> > This will not work right. One interface can be 10.0.0.1/24, but any
> > added interfaces would need to be /32 (10.0.0.2/32).
> 
> I don't know which OS(es) you are using, but that's not true in Linux.
> I see this all the time at home; if I plug my notebook into the wired
> LAN and still have the wireless enabled, both will get an IP (in the
> same subnet) from DHCP.  The wired link is the preferred default route
> by default, but you can easily set up routes for some networks via the
> wireless link.
> 
> You can also set up multipath routing to send packets out both links.  I
> think you can also use IP policy routing to control the choice of
> outbound interface by rule (e.g. based on source address).

This is true if you are using the WPA supplicant. It does a bit of
magic. (You can do the magic by hand without the supplicant, but it is a
pain or was the last time I tried.) 
-- 
R. Kevin Oberman, Network Engineer
Energy Sciences Network (ESnet)
Ernest O. Lawrence Berkeley National Laboratory (Berkeley Lab)
E-mail: oberman at es.net            Phone: +1 510 486-8634
Key fingerprint:059B 2DDF 031C 9BA3 14A4  EADA 927D EBB3 987B 3751



------------------------------

Message: 11
Date: Mon, 11 May 2009 20:04:27 -0400
From: Ben Scott <mailvortex at gmail.com>
Subject: Re: two interfaces one subnet
To: NANOG list <nanog at nanog.org>
Message-ID:
    <59f980d60905111704x8b5610u35d790668cf68022 at mail.gmail.com>
Content-Type: text/plain; charset=ISO-8859-1

On Mon, May 11, 2009 at 6:01 PM, Patrick W. Gilmore <patrick at ianai.net> wrote:
> You are assuming facts not in evidence.

  I *have* actually done this before, so I'd like to think, for my own
purposes at least, my experiences are factual.  :)

> It doesn't matter which physical interface transmits the packet.

  Well, in the general sense, I suppose not.  The computer can put
whatever it wants in an Ethernet frame, and as long as it's valid for
the receiving system, it will work.

  But in the Linux IP stack, at least, and by default, the physical
interface used to send a datagram is determined by the route selected,
and that also determines the source IP address put on the datagram.
At the same time, the only thing which influences route selection is
the destination IP address.

  In particular, there's no concept of "session" or "connection" in
that.  So client X attempts to open a TCP connection to IP address B
on my example server.  When the server sends its SYN-ACK response, it
doesn't pay attention to the fact that the connection "came in on" B.
It just looks at destination X.  If it decides A is the best route,
then the SYN-ACK datagram will have source IP address A.  But X is
looking for a datagram from A.  The datagram from B will get to X, but
X will promptly drop it, as it's not expecting anything from B.

  Again, this is all by default.  If you configure policy routing
properly, many things can be made to work.

> Another example: Imagine a web server with two uplinks in _different_
> subnets running Quagga.

  That's a different scenario entirely.  Diverse routes work fine
because all the intermediate routers work the same way I describe
above: They don't care where the packet came from, they don't know
about "connections", they just forward packets to the destination.

  If the actual interface went down, you can bet that the HTTP request
in progress will be killed, because the TCP session is dependent on an
IP address that just evaporated.  :)

-- Ben



------------------------------

_______________________________________________
NANOG mailing list
NANOG at nanog.org
http://mailman.nanog.org/mailman/listinfo/nanog

End of NANOG Digest, Vol 16, Issue 43
*************************************



      


More information about the NANOG mailing list