The Linux kernel is a key operating system for the Internet since it is used on servers, routers and smartphones. This Linux kernel continues to evolve. During the last years, the Linux kernel gained a lot of flexibility thanks to the addition of the eBPF virtual machine that can execute user-supplied programs directly inside the kernel. This allows to monitor various kernel components, tune various algorithms and provide advanced functions in the networking stack and elsewhere. A recent documentary explains the evolution of eBPF since 2014 and its main usages.
Andree Toonk explores in a blog post the different techniques that allow to send packets quickly in go. One the techniques he discusses uses eBPF programs to send packets.
Last week, three optical fibers were damaged in the Red Sea. This forced Internet providers to reroute traffic between Marseille and Singapore over different paths. An interesting article discusses the time to repair the damages on undersea cables.
TLS certificates were initially only distributed by certification authorities that charged a lot of money for each certificate. Fortunately, the non-profit Let’s Encrypt certification authority democratized the utilization of TLS certificates. Nowadays, any server administrator can easily obtain TLS certificates. However, this still requires installing and configuring software that supports the ACME protocol. The EFF discusses in a blog post possible next steps such as including these modules directly in popular web servers.
The Web Check provides an open-source set of checks that can be launched on a web server to verify several dozen aspects of its configuration, including TLS, DNS records, … A good starting point to explore the configuration of web sites.
netlab is a set of python modules that allow to build virtual network labs. netlab supports images from various commercial router vendors. The latest version has added support for open-source daemons including Bird or DNSMasq. Another blog post reports that netlab can emulate networks with up to 50 devices on a server equipped with 128 GB of RAM and 32 CPU cores…
For satellite-based access networks like Starlink, latency is an important concern. The Starlink engineers have managed to significantly reduce the latency of their commercial services by tuning the configuration of their network. A technical report provides some additional information about this change.
The NTP pool project manages more than 4k NTP servers to provide time synchronization services to anyone. A recent scientific article analyzes a lot of measurements about this important service.
This blog aims at encouraging students who read the open Computer Networking: Principles, Protocols and Practice ebook to explore new networking topics. You can follow this blog by subscribing to its RSS feed or by following @cnp3_ebook on mastodon. Feel free to share the posts that you find interesting on your preferred social network.
]]>Low-orbit satellites are already commercially used to provide Internet access and emergency cell phone services. The next step could be to provide Cellular access using low orbit satellites. Elon Musk shared early results on a tweet. This tweet shows that an Android smartphone can receive UDP packets at a rate of several Mbps, but with a large packet loss ratio.
This could be interesting in regions that are far away from the networking infrastructure. However, if you believe that your cellular towers will be replaced by low-orbit satellites, please bear in mind that several hundreds of the Starlink satellites have already been decommissioned. This means that these satellites have burned in our atmosphere, which creates another form of pollution in our atmosphere.
For many years, the standard TCP/IP stack was the one included in the Unix BSD distribution. During the 1980s, 1990s and early 2000s, this stack was the most stable TCP/IP stack. Since then, other stacks have evolved. The Linux TCP/IP stack is used by a wide range of servers and also by Android smartphones and OpenWRT routers. Apple uses its own stack which was derived from the Unix BSD stack and Microsoft uses its own stack. The BSD stack continues to evolve with the FreeBSD, OpenBSD and NetBSD which are the children of the Unix BSD kernel. The latest issue of the FreeBSD journal contains several articles on the FreeBSD TCP/IP stack. An interesting read for students willing to explore different TCP/IP stacks.
For more than six decades, the Association for Computing Machinery has published its Communications of the ACM every month. This magazine was initially published only on paper and was available to subscribers and in libraries. The ACM has finally decided to distribute CACM as an open access journal. CACM is probably the best way to stay up to date with the evolution of Computer Science. It regularly publishes networking articles and covers the entire Computer Science field.
This blog aims at encouraging students who read the open Computer Networking: Principles, Protocols and Practice ebook to explore new networking topics. You can follow this blog by subscribing to its RSS feed or by following @cnp3_ebook on mastodon. Feel free to share the posts that you find interesting on your preferred social network.
]]>Niki Tonsky looked in an interesting blog post at the size of the JavaScript code that different web pages load by default. Wikipedia only loads 200 KB of JavaScript, but other web pages can force you to load up to several tens of MBs of JavaScript only to access their front page. Even if many of these JavaScript codes are shared by different web sites, it is unclear why a single web page needs more code than entire programs and even operating systems several years ago.
Internet eXchange Points (IXPs) play an important role in today’s Internet by allowing many ISPs to peer efficiently at multiple locations. Thomas King, the CTO of DE-CIX, a German IXP, shares his reflections on the evolution of IXPs in the coming years. He envisions robots to automatically connect router cards, more automation, improved scalability, resilience and security and expects that more enterprises will use IXPs directly.
Many users rely on instant messaging to exchange information with friends, family and colleagues. These applications provide different levels of security.
Apple has recently updated the cryptographic techniques used to ensure the security of the messages exchanged using iMessage. They provide a detailed overview of the new deployed technique in a blog post. The new technique allows to counter attackers that are able to collect encrypted messages, store them, possibly for several years, in the hope that new techniques such as quantum computers, will allow to decrypt these messages. The security of the new technique has been proven using formal methods, which is relatively rare in the Internet industry that usually focuses on shipping possibly unfinished products.
Network engineers often need to troubleshoot bizarre problems in the networks they manage. Like plumbers, they often improve their troubleshooting skills on the field by solving different types of problems. Students rarely manage real networks and it is difficult for them to acquire troubleshooting skills that are required by industry. Brandon Hitzel has collected a nice set of troubleshooting examples in a blog post.
This blog aims at encouraging students who read the open Computer Networking: Principles, Protocols and Practice ebook to explore new networking topics. You can follow this blog by subscribing to its RSS feed or by following @cnp3_ebook on mastodon. Feel free to share the posts that you find interesting on your preferred social network.
]]>Randy Bush replied to this post indicating that the problem was anticipated by the DNS designers. Indeed, RFC1034 contains the following note :
RFC 1034 §5.3.3 Step 2 .1
Bound the amount of work (packets sent, parallel processes started)
so that a request can't get into an infinite loop or start off a
chain reaction of requests or queries with other implementations
EVEN IF SOMEONE HAS INCORRECTLY CONFIGURED SOME DATA.
This important paragraph has been forgotten by DNSSEC implementors. Some implementations have been updated and are listed in the CVE-2023-50387 page.
If you’d like to deploy your own DNS and DHCP servers, arstechnica.com published an interesting step-by-step article on how to deploy these key services in a home network.
The Broadband Internet Technical Advisory Group has published a very interesting report that summarizes the main broadband access technologies that are and have been deployed, using cable, DSL, fiber, satellites, wireless, … The report contains several very useful tables with the key characteristics of the main access technologies.
This blog aims at encouraging students who read the open Computer Networking: Principles, Protocols and Practice ebook to explore new networking topics. You can follow this blog by subscribing to its RSS feed or by following @cnp3_ebook on mastodon. Feel free to share the posts that you find interesting on your preferred social network.
]]>connect
system call. In theory, finding an unused source port is simple. In practice, finding this source port quickly without iterating on all established TCP connections is not so simple. A recent Cloudflare blog post describes in detail how the Linux connect
system call works.
5G networks are being deployed in several countries. An interesting post on X by tefficient estimates the number of 5G sites in different countries and compares it with the surface of the country.
In parallel with these terrestrial deployments of cellular networks, several companies are now exploring the possibility of using satellite to provide cellular services. The latest Starlink satellite is already capable of exchanging text over 4G/LTE connections as explained in a recent IEEE Spectrum article.
IPv4 and IPv6 use different strategies to support packet fragmentation and the networking stack can be configured in different ways using socket options whether or not to generate fragments. Valerie Aurora developed fragquiz, a software tool running on Linux and MacOS that allows you to generate different types of fragmented packets and also test your knowledge of packet fragmentation.
Large platforms are also targets for attackers. Most of these attacks are only discussed within the companies that manage these platforms and sometimes with the government, but there are a few exceptions. Cloudflare published a blog post describing in detail an attempt to attack a part of their platform. The interesting point about such blog posts is that they often reveal interesting information about the operation of the affected services.
Internet Service Providers use a variety of traffic engineering techniques to control the packets that flow through their networks. Many of these techniques work by tuning various IETF protocols and their implementations on routers. RFC9522 provides a detailed survey about modern traffic engineering techniques. A good starting point to explore this domain.
This blog aims at encouraging students who read the open Computer Networking: Principles, Protocols and Practice ebook to explore new networking topics. You can follow this blog by subscribing to its RSS feed or by following @cnp3_ebook on mastodon. Feel free to share the posts that you find interesting on your preferred social network.
]]>The QUIC protocol was designed with web services in mind. It is widely used by large cloud providers and content distribution networks. In parallel, QUIC is also used to support DNS resolution. For example, recent Android smartphones used DNS over HTTP/3 and thus QUIC by default and Apple uses QUIC for iCloud private relay. The IETF also explores how QUIC could be used to support media services within the Media over QUIC working group. A recent IETF blog post describes the main principles of this effort in details.
Students often wonder how much data can be carried on a standard optical fiber. Last week, NICT announced that they established a new record by transporting 301 Tbps on a commercial optical fiber. The post provides additional information on the technology used to break this record.
Cryptographers and teachers often provide examples of security protocols using characters that include Alice and Bob. This habit comes from Diffie and Hellman seminal paper on New directions in cryptography. A nice website discusses the history of Alice and Bob journey through various security protocols.
The first Starlink satellites were simple relays operating at the physical layers. Homes would use their satellite antenna to send a wireless signal that was amplified and directed to a ground station that was connected to the Internet. Recent Starlink satellites go one step further in creating a network around the Earth. They are equipped with laser beams that they use to create inter-satellite links. In some parts of the world, Starlink users are two or maybe three hops from the ground station that is connected to the Internet. Few technical information has leaked about the operation of these inter-satellite links. A recent presentation in Australia provides some information about these inter-satellite links.
AMS-IX, one of the largest Internet eXchange Points celebrates its 30th birthday. They provide on their website a short timeline with some of the key moments of their history.
This blog aims at encouraging students who read the open Computer Networking: Principles, Protocols and Practice ebook to explore new networking topics. You can follow this blog by subscribing to its RSS feed or by following @cnp3_ebook on mastodon. Feel free to share the posts that you find interesting on your preferred social network.
]]>Geoff Huston published his annual report on the evolution of the IP addressing space. The transfers of IPv4 address blocks have declined in 2023 compared to 2022 and the cost of IPv4 addresses also has started to decline.
The dataset also provides interesting information such as the number of IPv4 addresses per human. While the USA uses 43.8% of the IPv4 addressing space, this is only 4.73 addresses per inhabitant. The Vatican has 20.6 addresses per inhabitant and Seychelles 67.46…
Looking at IPv6, it is interesting to observe that The Netherlands seems to lead with 43.9 /48 IPv6 blocks per inhabitant.
A last and positive point from this report is that IPv6 deployment continues to grow with 36% of Internet users who prefer to use IPv6. In China, the city of Xiong’an, which is supposed to be a model for future digital cities, uses IPv6 only.
Unfortunately, this post ends with two sad news items. Dave Mills, who led the design, implementation and deployment of time synchronization protocols passed away last week. Arstechnica published a short article on his achievements. The New Yorker published an interesting article entitled The thorny problem of keeping the Internet’s Time in 2022 about his efforts. André Danthine, one of the pioneers of networking research in Europe also passed away. In 2012, he gave a long interview to Andrew Russell discussing his contributions.
This blog aims at encouraging students who read the open Computer Networking: Principles, Protocols and Practice ebook to explore new networking topics. You can follow this blog by subscribing to its RSS feed or by following @cnp3_ebook on mastodon. Feel free to share the posts that you find interesting on your preferred social network.
]]>Every year, Geoff Huston publishes a detailed post blog that analyzes the growth of the BGP routing tables based on the data that he collects in Australia. For many years, he has been observing a continuous growth of the BGP IPv4 routing table and tried to explain the different factors that influence this growth. In 2023, he observed the beginning of a plateau in the growth the BGP IPv4 routing tables. Year 2024, will tell us whether the BGP routing tables will reach 1 million entries or start to decline.
The web plays a very important role in our digital society and some of the technical decisions that network engineers take could have a potential impact on the entire society. The W3 consortium has started to work on a document on ethical web principles. This document aims at setting the principles that will drive the efforts of the W3 consortium but are useful for many web professionals as well.
Transport Layer Security is used by many applications and servers. It can be difficult to completely configure TLS servers. The testssl project provides a very convenient shell script that performs a large number of tests on TLS servers.
This blog aims at encouraging students who read the open Computer Networking: Principles, Protocols and Practice ebook to explore new networking topics. You can follow this blog by subscribing to its RSS feed or by following @cnp3_ebook on mastodon. Feel free to share the posts that you find interesting on your preferred social network.
]]>This sudden drop of traffic was caused by an unusual problem that affected Orange Spain. During the last years, many operators have deployed the RPKI to secure interdomain routing, which improves the security of interdomain routing. Network operators publish use the RPKI to bind their AS number to the IP prefixes that they advertise. A growing number of network operators use the RPKI to validate the BGP messages that they receive and a fraction of them block the BGP announcements that originate from AS numbers that do not match the RPKI data. This has prevented hijacking attacks.
Network operators can publish the RPKI data for their prefixes directly or using third parties such as Interner Routing Registries like RIPE. Orange Spain did not publish RPKI information for its prefixes but suffered from a new type of attack. Orange Spain used a weak password on the RIPE website and an attacker impersonated Orange Spain on RIPE servers to publish a fake Route Origin Authorization that associates some IP prefixes from Orange Spain to different AS number. As Orange Spain used their regular AS number to advertise this prefix, BGP routers from ASes that ise APKI considered this announcement to be invalid according to the RPKI information andrejected the BGP annoucement. The weak password used by Orange Spain resulted in a new form of denial of service attack…
Several network engineers published an interesting analysis of this new type of attack:
In addition, Job Snider’s summary of the evolution of RPKI in 2023 is also very interesting.
If you own IP prefixes, make sure that you use strong passwords and two factors authentication on the Internet Routing Registries…
The Domain Name System is one of key Internet protocols. This is also an example of protocol that sends binary messages inside UDP segments. The format of the DNS messages has been optimized to reduce the length of the UDP segments. The DNS is also a nice example for students willing to write a first implementation that sends real Internet protocol messages. A recent blog describes how to encode DNS messages in Java.
The web contains many images using the PNG format. Evan Hahn provides a detailed description of this file format by looking at the contents of the smallest PNG file that has a length of 67 bytes.
This blog aims at encouraging students who read the open Computer Networking: Principles, Protocols and Practice ebook to explore new networking topics. You can follow this blog by subscribing to its RSS feed or by following @cnp3_ebook on mastodon. Feel free to share the posts that you find interesting on your preferred social network.
]]>The Internet Protocol Journal is a highly recommended resource for networking students. Every issue of this journal publishes tutorial articles on various networking topics. The last issue provides an Introduction to 5G, a discussion on why Asynchronous Transfer Mode (ATM) did not succeed and the 20 first years of cellular/Wi-Fi integration.
Ethernet is the most successful Local Area Network technology. It has been more widely deployed than the dreams of its designers. When the first Ethernet memo was published at Xerox, several co-workers had doubts about the success of Ethernet. Tom Lyons shared on X a copy of Robert Bachrach’s memo.
In parallel, Ken Shirriff shared on X a thread about the design of AMD LANCE chipset that equipped many Ethernet adapters.
Some network engineers refer to the Border Gateway Protocol as the two napkins protocol because its early design was written on a napkin during lunch. The original napkin has been preserved a the Computer History Museum. Flavio Luciani shared on X a copy of these historical napkins that are reproduced below.
This blog aims at encouraging students who read the open Computer Networking: Principles, Protocols and Practice ebook to explore new networking topics. You can follow this blog by subscribing to its RSS feed or by following @cnp3_ebook on mastodon. Feel free to share the posts that you find interesting on your preferred social network.
]]>