The internet is a network of networks, networks,it uses unique IP addresses to identify users and enable communication. The internet grow in a decentralized fashion with almost no control and also disorganization.
The system that governed the selection of an optimal route for data to travel through in order to reach its intended destination is the Bridge Gateway Protocol.
The role of BGP
It makes the large scale expansion of the whole internet possible as it ensures that multiple networks can relay packets to each other in the most efficient means. It acts like the traffic warden of the internet and also like a road map. Without it,web traffic may never reach it destination or may take huge amount of time.
Imagine a nation where there are no traffic wardens,no traffic lights and no road maps,such will end in chaos,accidents,time delays and total confusion,that is how the internet would have been without the BGP protocol.
BGP problems
1.Reachability not speed
It was designed for reliability and reachability not speed. You may look back at its creation over two decades ago when there were not more than 20,000 websites but today there are almost 50 billion web pages and counting.
Another issue is the content of those web pages two decades ago,they consisted just text and some file sharing options but fast forward to today,we now have video streaming,high resolution images and others.
It was designed to packets to travel through the shortest path,so it gives preference to reachability other than performance.
The design to select and move packets through the path of least resistance causes congestion and over saturation,scalability and robustness concerns.
2. Hijacking
It was built on the assumption that all network participants are trustworthy,this assumption is deadly in consequences has many malicious attacks have been perpetrated through this.
These hijacks are possible because there is no built in security mechanism to validate that routes are legitimate or not and also there is a lack of readily available and relatable resource data to validate information.
BGP hijacking occurs when attackers steal the identity of a network and announces network prefixes belonging to that network as if those prefixes are truly theirs.
If accepted and broadcasts by other networks,traffic is routed to the attacker instead of the legitimate destination which in turn could be used for varying intents including Denial of Service attacks,traffic interception and monitoring etc.
Some High profile BGP hijacks
BGP hijacking also known as IP hijacking may be a product of mistakes in configuration settings or malicious intents,irrespective of the cause,one cannot overlook the overarching consequences of such actions.
They can block access to whole nations or even derailweb resources for many users and could be used as a potent weapon to sabotage most blockchain networks.
They could also be responsible for delays in page load times and loss of critical data or documents.
- 2004 : TTNet in Turkey hijacks the internet
- 2008: Pakistan attempt to block access to YouTube in the country resulting in taking down the whole YouTube website for some hours.
- April 8 2010 : Chinese ISO hijacks the Internet,till date many researchers are still unclear if the attacks on the USA military by the Chinese were accidental or intentional.
- 2014: A Canadian hacker stole $9000 in crypto per day via BGP attacks by redirecting traffic from 19 internet service providers.
- 2018 : Hijack of BGP routes cause hacker to redirected traffic originally heading to Amazon to steal $152,000 worth of Ethereum from myetherwallet users.
Software Defined Network
Traditional networking uses integrated hardware and software but SDNs separates control plane(manages the network) from the data plane(how data flow).
The virtualization if the network can be used to spurn up and down the network dynamically and also fine tuned for specific use cases,also security polices may be installed on individual networks.
Microsegmentation is the idea of using SDN for security,certain network can be ultra secure and carrying sensitive data,others may just be public facing,so it an hacker gets to the public segment,they are restricted to the public segments.
They are also used in Network Function Virtualization(NFV),an idea of replacing specialized hardware like firewalls and load balancers with software that runs on off the shelf servers.
By combining Segment routing with SDN,value added services like bandwidth management,calendaring and bandwidth on-demand.
Segment Routing can also be hard to protect against DDOS attacks.
Segment routing can be applied to IPv6 architecture with a new type of routing header called the SR headers(SRH),in this case an instruction is associated with a segment and encoded as an IPv6 address.A programmable Internet
According to Noia network educational resource material,Noia Network attempts to do the following and i quote in verbatim.
By taking the key features of an SDN and combining it with the newly emerging concepts of Segment Routing (SR), and IPv6, NOIA has developed a way to program the internet.
IPv6 was developed in response to the IoT world’s need for the creation of a much greater multitude of IP addresses. But IPv6 also enables administrators to encode instructions into individual data packet headers to specify router paths, thereby enabling individual packets to travel independently.
In turn, Segment Routing (SR), allows routers to understand this routing information via the IPv6 packet header. By applying both IPv6 and Segment Routing, private network features can be made readily available on even a public internet — with ‘smart’ data and standardized routers.
This has the potential to minimize public internet latency.
Also, not every router needs to be segmented routing enabled. In fact, only a single router may be necessary to “route” traffic — especially as it nears its last mile.
Yet for this to happen, the knowledge as to which routers are available on a public internet needs to be known — something which at present is not available. But through a distributed ledger (blockchain), this can be achieved while keeping all information decentralized through the use of consensus protocols. This combining of IPv6 architecture with with Segment Routing (SR), has been designated as SRv6.
By developing a distributed ledger listing all IP addresses and participating routers seeking to sell the use of their infrastructure for smart contracts on a centralized internet exchange, anyone will be able to buy and sell internet access points anywhere in the world. In short, everyone will be able to trade their excess capacities.
Together with their partners, NOIA is building the first SRv6 network. The launching of a network function marketplace with a distributed ledger and a decentralized internet exchange means the features of a private SDN and improved performance can now be made widely accessible to all at a reasonable cost. What NOIA is doing is a first — developing a truly Programmable Internet
Our developers created different routes by connecting servers in different data centers and written a script that always sends packets through a different route. This test was mainly done to see if some packet loss emerges during the configuration. The first results are astonishing.
While changing the routes (during the configuration) there was no packet loss detected — the traffic was successfully delivered without any latency that could be experienced by the user.
The packets were sent using Internet Control Message Protocol (ICMP) protocol and the routes were built using Segment Routing (SR) over IPv6 (SRv6).