Automating BGP - for real this time

Ever since I started an Autonomous System on the internet a few years ago, I've dealt with the monotonous task of configuring new neighbor sessions. Don't get me wrong, peering is a great thing and I always enjoy turning up new peers - but manually writing the config each time…

Developing stateful anycast architecture: SSL+HTTP/3

A few months ago I wrote about the CDN that I've been building to learn about anycast routing (link). Almost everything about the CDN has changed as I've completely rewritten the system. One of the challenges faced by the new platform is I wanted to give HTTP a try over…

BGP Path Selection

The fundamental part of BGP is it's best path selection algorithm. BGP follows a strict order of route selection. WeightLocal preferenceOriginAS path lengthOrigin codeMEDeBGP/iBGPIGP metric to BGP next hopOldest pathRouter IDNeighbor addressWeightWeight is an attribute specific to Cisco, and takes highest priority on their routers. Higher weight means higher…

Introduction to BGP communities

Aside from flowspec (Which incidentally was the cause of last week's internet outage), BGP communities are the primary means of adding information to routes for the purpose of traffic engineering, DDoS mitigation, or anything else that you might want to signal in a network. They're really very simple in theory;…

Building an Anycast CDN for fun and profit

In simple terms, anycast is just a route with multiple next-hops. More generally it's the routing method that allows a single IP address to be routed to multiple endpoints. While seemingly basic enough, it allows for some really interesting network use cases. It's also hard to experiment with in a…

The state of RPKI at Internet Exchange Points

RPKI (Resource Public Key Infrastructure) is the primary response to the issue of BGP hijacks on the internet. It works by cryptographically verifying that a network is authorized to announce a given route. Internet Exchange Points (IXPs) are typically assigned globally unique prefixes in order to keep members in the…