"Using Cloud Resources to Dramatically Improve Internet Routing"
[Came up in some digest summary I receive] Using Cloud Resources to Dramatically Improve Internet Routing UMass Amherst researchers to use cloud-based ‘logically centralized control’ https://www.umass.edu/newsoffice/article/using-cloud-resources-dramatically-... -Phil
On Fri, Oct 04, 2019 at 03:52:26PM -0400, Phil Pishioneri <pgp+nanog@psu.edu> wrote a message of 9 lines which said:
Using Cloud Resources to Dramatically Improve Internet Routing UMass Amherst researchers to use cloud-based ‘logically centralized control’
Executive summary: it's SDN for BGP. Centralizing Internet routing, what could go wrong? (As the authors say, "One reason is there is no single entity that has a big picture of what is going on, no manager". I wonder who will be Internet's manager.) Otherwise, an impressive amount of WTF. My favorite: "while communication by servers ___on the ground___ might take hundreds of milliseconds, in the cloud the same operation may take only one millisecond from one machine to another" I thought that universities were full of serious people, but university of Massachusets may be an exception?
On Mon, Oct 07, 2019 at 04:42:11PM +0200, Stephane Bortzmeyer wrote:
Otherwise, an impressive amount of WTF. My favorite: "while communication by servers ___on the ground___ might take hundreds of milliseconds, in the cloud the same operation may take only one millisecond from one machine to another"
My favorite: "The researchers expect their cloud-based system will be more secure than the Internet is today [...]" Apparently they're blissfully unaware that there is no such thing as "cloud security". ---rsk
On Monday, 7 October, 2019 08:55, Rich Kulawiec <rsk@gsp.org> wrote:
On Mon, Oct 07, 2019 at 04:42:11PM +0200, Stephane Bortzmeyer wrote:
Otherwise, an impressive amount of WTF. My favorite: "while communication by servers ___on the ground___ might take hundreds of milliseconds, in the cloud the same operation may take only one millisecond from one machine to another"
My favorite: "The researchers expect their cloud-based system will be more secure than the Internet is today [...]" Apparently they're blissfully unaware that there is no such thing as "cloud security".
I would be interested to know how one connects to their "cloud"? Do I need an "Evaporation Adapter" for my computer to send to their cloud? And do I need a "Rain Collector" to receive from it? I suppose I also need the computer to be outside exposed to the elements -- putting it under a brolly would interfere with incoming rain from the cloud ... Plus I suppose it would not work very well at all in the desert, but downloading would be very high bandwidth in the rainforest (or during monsoon season). :) -- The fact that there's a Highway to Hell but only a Stairway to Heaven says a lot about anticipated traffic volume.
See RFC 1149 & 2549 ;-) -- J. Hellenthal The fact that there's a highway to Hell but only a stairway to Heaven says a lot about anticipated traffic volume.
On Oct 7, 2019, at 11:29, Keith Medcalf <kmedcalf@dessus.com> wrote:
On Monday, 7 October, 2019 08:55, Rich Kulawiec <rsk@gsp.org> wrote:
On Mon, Oct 07, 2019 at 04:42:11PM +0200, Stephane Bortzmeyer wrote:
Otherwise, an impressive amount of WTF. My favorite: "while communication by servers ___on the ground___ might take hundreds of milliseconds, in the cloud the same operation may take only one millisecond from one machine to another"
My favorite: "The researchers expect their cloud-based system will be more secure than the Internet is today [...]" Apparently they're blissfully unaware that there is no such thing as "cloud security".
I would be interested to know how one connects to their "cloud"? Do I need an "Evaporation Adapter" for my computer to send to their cloud? And do I need a "Rain Collector" to receive from it? I suppose I also need the computer to be outside exposed to the elements -- putting it under a brolly would interfere with incoming rain from the cloud ... Plus I suppose it would not work very well at all in the desert, but downloading would be very high bandwidth in the rainforest (or during monsoon season).
:)
-- The fact that there's a Highway to Hell but only a Stairway to Heaven says a lot about anticipated traffic volume.
Feel that this is more down the line of RFC 7511, no? ;-) —Dennis On Tue, Oct 8, 2019 at 07:25 J. Hellenthal via NANOG <nanog@nanog.org> wrote:
See RFC 1149 & 2549
;-)
-- J. Hellenthal
The fact that there's a highway to Hell but only a stairway to Heaven says a lot about anticipated traffic volume.
On Oct 7, 2019, at 11:29, Keith Medcalf <kmedcalf@dessus.com> wrote:
On Monday, 7 October, 2019 08:55, Rich Kulawiec <rsk@gsp.org> wrote:
On Mon, Oct 07, 2019 at 04:42:11PM +0200, Stephane Bortzmeyer wrote:
Otherwise, an impressive amount of WTF. My favorite: "while communication by servers ___on the ground___ might take hundreds of milliseconds, in the cloud the same operation may take only one millisecond from one machine to another"
My favorite: "The researchers expect their cloud-based system will be more secure than the Internet is today [...]" Apparently they're blissfully unaware that there is no such thing as "cloud security".
I would be interested to know how one connects to their "cloud"? Do I need an "Evaporation Adapter" for my computer to send to their cloud? And do I need a "Rain Collector" to receive from it? I suppose I also need the computer to be outside exposed to the elements -- putting it under a brolly would interfere with incoming rain from the cloud ... Plus I suppose it would not work very well at all in the desert, but downloading would be very high bandwidth in the rainforest (or during monsoon season).
:)
-- The fact that there's a Highway to Hell but only a Stairway to Heaven says a lot about anticipated traffic volume.
On 07/10/2019 17:42, Stephane Bortzmeyer wrote:
On Fri, Oct 04, 2019 at 03:52:26PM -0400, Phil Pishioneri <pgp+nanog@psu.edu> wrote a message of 9 lines which said:
Using Cloud Resources to Dramatically Improve Internet Routing UMass Amherst researchers to use cloud-based ‘logically centralized control’ Executive summary: it's SDN for BGP. Centralizing Internet routing, what could go wrong? (As the authors say, "One reason is there is no single entity that has a big picture of what is going on, no manager". I wonder who will be Internet's manager.)
Centralized Internet routing - sounds like DoH for BGP. What could possibly go wrong?! -Hank
Hank Nussbacher <hank@efes.iucc.ac.il> writes:
On 07/10/2019 17:42, Stephane Bortzmeyer wrote:
On Fri, Oct 04, 2019 at 03:52:26PM -0400, Phil Pishioneri <pgp+nanog@psu.edu> wrote a message of 9 lines which said:
Using Cloud Resources to Dramatically Improve Internet Routing UMass Amherst researchers to use cloud-based ‘logically centralized control’ Executive summary: it's SDN for BGP. Centralizing Internet routing, what could go wrong? (As the authors say, "One reason is there is no single entity that has a big picture of what is going on, no manager". I wonder who will be Internet's manager.)
Centralized Internet routing - sounds like DoH for BGP.
Great idea! Why don't we just run BGP over HTTPS? Everyone already has a browser, so we can get rid of all these expensive routers. The future is BoH Bjørn
On 20/10/19 11:08 pm, Bjørn Mork wrote:
Hank Nussbacher <hank@efes.iucc.ac.il> writes:
On 07/10/2019 17:42, Stephane Bortzmeyer wrote:
On Fri, Oct 04, 2019 at 03:52:26PM -0400, Phil Pishioneri <pgp+nanog@psu.edu> wrote a message of 9 lines which said:
Using Cloud Resources to Dramatically Improve Internet Routing UMass Amherst researchers to use cloud-based ‘logically centralized control’ Executive summary: it's SDN for BGP. Centralizing Internet routing, what could go wrong? (As the authors say, "One reason is there is no single entity that has a big picture of what is going on, no manager". I wonder who will be Internet's manager.)
Centralized Internet routing - sounds like DoH for BGP.
Great idea! Why don't we just run BGP over HTTPS? Everyone already has a browser, so we can get rid of all these expensive routers.
IMO BGP over TLS actually makes a bunch of sense, and can be done using TLS-PSK to avoid certificates for those who want that. I wrote a rough idea of what it would need: https://laptop006.livejournal.com/60532.html
On Sunday, 20 October, 2019 06:08, Bjørn Mork <bjorn@mork.no> wrote:
Hank Nussbacher <hank@efes.iucc.ac.il> writes:
Centralized Internet routing - sounds like DoH for BGP.
Great idea! Why don't we just run BGP over HTTPS? Everyone already has a browser, so we can get rid of all these expensive routers.
The future is BoH
And that is just one letter short of the BOFH ... -- The fact that there's a Highway to Hell but only a Stairway to Heaven says a lot about anticipated traffic volume.
On Mon, Oct 7, 2019 at 4:45 PM Stephane Bortzmeyer <bortzmeyer@nic.fr> wrote:
On Fri, Oct 04, 2019 at 03:52:26PM -0400, Phil Pishioneri <pgp+nanog@psu.edu> wrote a message of 9 lines which said:
Using Cloud Resources to Dramatically Improve Internet Routing UMass Amherst researchers to use cloud-based ‘logically centralized control’
Executive summary: it's SDN for BGP. Centralizing Internet routing, what could go wrong? (As the authors say, "One reason is there is no single entity that has a big picture of what is going on, no manager". I wonder who will be Internet's manager.)
Otherwise, an impressive amount of WTF. My favorite: "while communication by servers ___on the ground___ might take hundreds of milliseconds, in the cloud the same operation may take only one millisecond from one machine to another" I thought that universities were full of serious people, but university of Massachusets may be an exception?
I haven't found the actual work that is being referenced here, and I *am* quite skeptical based upon the title / premise -- but, I suspect (well, hope) that this is just another instance of complex technical material being munged by marketing / reporters into something unrecognizable -- note that "This article was originally published by the UMass News Office." Here is an abstract of one of Yang Song, Arun Venkataramani, Lixin Gao's earlier papers: "BGP is known to have many security vulnerabilities due to the very nature of its underlying assumptions of trust among independently operated networks. Most prior efforts have focused on attacks that can be addressed using traditional cryptographic techniques to ensure authentication or integrity, e.g., BGPSec and related works. Although augmenting BGP with authentication and integrity mechanisms is critical, they are, by design, far from sufficient to prevent attacks based on manipulating the complex BGP protocol itself. In this paper, we identify two serious attacks on two of the most fundamental goals of BGP-to ensure reachability and to enable ASes to pick routes available to them according to their routing policies-even in the presence of BGPSec-like mechanisms. Our key contributions are to (1) formalize a series of critical security properties, (2) experimentally validate using commodity router implementations that BGP fails to achieve those properties, (3) quantify the extent of these vulnerabilities in the Internet's AS topology, and (4) propose simple modifications to provably ensure that those properties are satisfied" I'm assuming that it this were passed through many company / university news / marketing orgs it would be translated into: "The core protocol that makes all of the Internet, all e-commerce, Internet banking and e-coin torrenting malware protection is vulnerable to hackers stealing your identity. All existing efforts have failed, because quantum computers can break cryptography. Our researchers have identified simple attacks which bypass all Internet security mechanisms and firewalls, and have demonstrated these vulnerabilities in the wild. In order to protect Internet banking and blockchain, and to ensure free elections, they have also developed a simple and effective new system keep everyone secure. Contact us at licensing@university.org to learn how to license this critical technology. Click <here> to enroll in University, where you too can learn to fix the Interwebs and earn lots of money." W -- I don't think the execution is relevant when it was obviously a bad idea in the first place. This is like putting rabid weasels in your pants, and later expressing regret at having chosen those particular rabid weasels and that pair of pants. ---maf
On Fri, 11 Oct 2019 12:02:30 +0200, Warren Kumari said:
I haven't found the actual work that is being referenced here, and I *am* quite skeptical based upon the title / premise -- but, I suspect (well, hope) that this is just another instance of complex technical material being munged by marketing / reporters into something unrecognizable -- note that "This article was originally published by the UMass News Office."
Here is an abstract of one of Yang Song, Arun Venkataramani, Lixin Gao's earlier papers: "BGP is known to have many security vulnerabilities due to the very nature of its underlying assumptions of trust among independently operated networks. (....)
I'm fighting *really* hard to try to avoid collapsing that abstract down to "We realized that malicious actors can force the occurrence of BGP wedgies". (I've seen far too many proposals in the last 48 hours from people who obviously never encountered section (4) of RFC1925...)
On Mon, Oct 7, 2019, at 16:42, Stephane Bortzmeyer wrote:
Executive summary: it's SDN for BGP. Centralizing Internet routing, what could go wrong? (As the authors say, "One reason is there is no single entity that has a big picture of what is going on, no manager". I wonder who will be Internet's manager.)
Otherwise, an impressive amount of WTF. My favorite: "while communication by servers ___on the ground___ might take hundreds of milliseconds, in the cloud the same operation may take only one millisecond from one machine to another" I thought that universities were full of serious people, but university of Massachusets may be an exception?
What I find to be the worst part is in the first phrase : "... have received a three-year, $1.2 million grant to develop and test ..." That makes 200k$/year/person. I find it quite a lot for bu**sh*t-bingo content.
Von: nanog@radu-adrian.feurdean.net Gesendet: 20. Oktober 2019 12:45 An: nanog@nanog.org Betreff: Re: "Using Cloud Resources to Dramatically Improve Internet Routing" On Mon, Oct 7, 2019, at 16:42, Stephane Bortzmeyer wrote:
Executive summary: it's SDN for BGP. Centralizing Internet routing, what could go wrong? (As the authors say, "One reason is there is no single entity that has a big picture of what is going on, no manager". I wonder who will be Internet's manager.)
Otherwise, an impressive amount of WTF. My favorite: "while communication by servers ___on the ground___ might take hundreds of milliseconds, in the cloud the same operation may take only one millisecond from one machine to another" I thought that universities were full of serious people, but university of Massachusets may be an exception?
What I find to be the worst part is in the first phrase : "... have received a three-year, $1.2 million grant to develop and test ..." That makes 200k$/year/person. I find it quite a lot for bu**sh*t-bingo content. [KT] Maybe someone should ask the NSF how they are spending their money... Some things I "like" : "Shifting interdomain traffic control to the cloud to avoid routers on the ground and “heavy duty switching,” Gao says, " "The traffic still has to go through the routers on the ground, " So we don't need routers on the ground, but the routers "on the ground" have still to forward the traffic? "He adds that while communication by servers on the ground might take hundreds of milliseconds, in the cloud the same operation may take only one millisecond from one machine to another." Yeah sure, but how they are providing that information to the routers forwarding the data? They are not in the cloud? Or are they? (First citation) "“It’s orders of magnitude faster, and in the cloud we can easily afford more bandwidth resources, too." Still not sure what the are trying to tell me... Is everything forwarded through the cloud, or not? As in other sentences they are only writing about decision-making... "All these factors make outsourcing the decision-making to the cloud more advantageous.” So why we need that high bandwidth in the cloud, if it is only control-plane traffic?
He adds that while communication by servers on the ground might take hundreds of milliseconds, in the cloud the same operation may take only one millisecond from one machine to another. Its orders of magnitude faster, and in the cloud we can easily afford more bandwidth resources, too. The photons have less distance to travel in the cloud than on the ground. All these factors make outsourcing the decision-making to the cloud more advantageous. The researchers say this new approach of enabling interdomain routing as a service is a radically different approach compared to todays practice.
I think this would work if you re-route the plasma conduits on deck 23 to the output of the main deflector dish. At 03:52 PM 04/10/2019, Phil Pishioneri wrote:
[Came up in some digest summary I receive]
Using Cloud Resources to Dramatically Improve Internet Routing UMass Amherst researchers to use cloud-based âlogically centralized controlâ
https://www.umass.edu/newsoffice/article/using-cloud-resources-dramatically-...
-Phil
-- Clayton Zekelman Managed Network Systems Inc. (MNSi) 3363 Tecumseh Rd. E Windsor, Ontario N8W 1H4 tel. 519-985-8410 fax. 519-985-8409
participants (14)
-
Bjørn Mork
-
Clayton Zekelman
-
Dennis Lundström
-
Hank Nussbacher
-
J. Hellenthal
-
Julien Goodwin
-
Karsten Thomann
-
Keith Medcalf
-
Phil Pishioneri
-
Radu-Adrian Feurdean
-
Rich Kulawiec
-
Stephane Bortzmeyer
-
Valdis Klētnieks
-
Warren Kumari