►
From YouTube: IETF113-IEPG-20220320-1700
Description
IEPG meeting session at IETF113
2022/03/20 1700
https://datatracker.ietf.org/meeting/113/proceedings/
A
B
C
Let's
mute
that
so
we
don't
get
an
echo,
so
this
is
gonna,
be
the
first
time
that
we're
trying
the
new
me
echo
thing.
The
way
you're
supposed
to
get
in
and
out
of
the
queue
is
using
your
phone.
So
there
is
a
qr
code
that
you're
supposed
to
scan
up
there
yep.
So
if
you
think
you
might
want
to
get
in
the
queue,
you
should
probably
scan
the
qr
code,
so
you
can
do
stuff.
C
C
No
linear,
oh
remote,
okay
villain,
I
saw
a
villain
and
tony
lee
is
remote
or
virtual.
Already,
oh
excellent,
so
I
guess
we
will
just
jump
into
it
in
case
you're
confused.
This
is
iepg
we're
not
actually
an
ietf
working
group,
but
we're
somehow
vaguely
affiliated
with
the
ietf.
C
And
let's
do
this
thing,
so
I
will
start
sharing,
jeff's,
slides
and
then
welcome,
and
then
I
will
hand
the
slide
shareability
to
you
or
you
can
just
ask
me
to
change
them
for
you,
but
I
think
you
should
now
have
the
ability
to
change,
slides
yourself
and
I
will
try
and
let
you
know
if
there
are
people
in
the
queue
as
well
or
anything
like
that.
So.
D
Thanks
warren:
oh
there
we
go.
This
is
one
of
two
talks
this
morning
about
ipv6
fragmentation
and
extension
header
behaviors.
Why?
Because
there
are
a
number
of
drafts
out
there
that
seem
to
think
they're,
useful,
they're,
probably
wrong.
Let's
go
find
out.
You
know
all
this,
no
point
repeating
it.
You
know
all
that
too
no
point
repeating
that
you
know
the
only
thing
v6
really
really
changed.
If
you
get
down
to
it,
was
just
taking
the
fragmentation,
controls
and
basically
setting
the
don't
fragment
bit
to
a
hard
on.
D
Let's
assume
we're
fragmenting,
because
you
know
we
can
so
that's
now
shoved
into
an
extension
header.
Now,
the
last
time
this
was
looked,
that
hard
is
rfc
7872
and
that
work
was
done
in
2014
and
2015.
hi
jen.
I
can
see
you
there
somewhere,
and
these
are
the
results
that
they
publish
now
the
way
they
did.
This
was
actually
sending
the
packet
to
the
server
and
manipulating
the
packet
and
seeing
if
the
server
actually
responded
and
what
they
found
for
fragmentation.
D
Fh
512
was
bad.
I
might
any
time
you
see,
loss
rates
are
between
28
to
50
percent.
You
know,
you
know
it's
bad,
but
it's
a
little
more
than
that,
because
they
also
tried
destination
options.
Extension
header
and
the
hop
by
hop
options.
Extension
header,
using
if
I
read
that
rfc
correctly,
a
pad
8
option
and
oddly
enough
destination
options,
seem
to
fare
better
and
hop
by
hop
was
a
little
bit
worse.
D
So
just
remember
those
numbers,
okay,
you're,
going
to
be
a
test
later
so
got
it
thumbs
up
cool
you've,
remembered
it
well
done.
As
I
said,
we
will
test
later.
That's
really
really
bad.
By
the
way
you
can't
fragment,
with
the
fragmentation
rate
that
high
you
just
can't,
and
so
why
well
firewalls
don't
like
fragments.
This
is
true.
D
The
whole
thing
about
ipv6
path.
Mtu
is
kinda
broken
because
it
relies
on
icmp
v6,
which
you
actually
can't
authenticate
some
random
router
off
the
street.
Sends
you
an
icmp
v6
packet
too.
Big
actually
means
that
all
as
it
did
is
it
saw
the
packet
pass
by.
God
knows
why,
and
so
anyone
can
send
you
these
messages.
Why
should
you
believe
them
and
the
other
part
of
this
issue
is
extension?
D
Header
chains
are
supported,
variably,
okay,
so
there's
a
problem
here,
the
extension
header
handling,
because
it
sits
between
the
v6
header
and
the
sort
of
upper
level
protocol.
The
transport
header
also
means
that
some
transport
protocol,
aware
processors
with
those
switches
or
whatever
find
the
wrong
data
at
the
wrong
offset.
You
know,
but
why
is
network
middleware
looking
at
the
upper
level
protocol
header
good
question,
because
it
does
because
they
all
do
why
well
they're
just
curious
right,
simple,
curiosity,
yes
or
something
else.
D
Nevertheless,
there's
a
whole
bunch
of
these
units
that
if
they
find
something
instead
at
the
upper
level
protocol,
they
just
drop
it.
So
the
issue
about
78.72
is
that
it's
not
where
the
traffic
goes.
It's
the
other
way
when
you
send
packets
to
servers,
you
tend
to
send
short
request.
Packets
and
the
server
sends
you
large
answer
packets,
and
so
it's
not
the
user
to
the
server
that
really
matters.
What
really
matters
is
actually
the
back
path
or
the
other
path
from
the
server
to
the
user.
D
So
what
we
did
was
actually
try
and
take
conventional
servers,
dns
and
web,
and
actually
write
a
packet
wrangler
or
to
be
more
accurate,
a
packet
mangler
that
takes
a
conventional
packet
from
a
dns
server
or
web
server
and
actually
fragment
it
and
then
send
it
onward
to
its
destination
as
a
client,
however
right
and
to
make
this
work
of
course.
Well,
actually
we
did
it.
Sorry.
I've
got
a
lot
of
the
slides
the
wrong
way.
D
In
other
words,
the
text
eyeballs
small
number
of
servers,
massive
number
of
clients,
we
found
the
fragmentation
loss
rate
was
marginally
better
21
drop
rate,
fair
enough,
fair
enough,
come
back
again
last
year,
reworked
the
same
experiment,
but
we
kind
of
redid
that
pack
at
mangala
a
little
bit
the
same
kind
of
technique,
though
we're
sitting
in
the
middle
of
the
tcp
session
close
to
the
server
we
shove
all
the
outgoing
packets
through
this
dedicated
middle
box
and
we're
inside
a
tcp
session.
D
D
We
were
wondering
if,
because
we
were
using
large
initial
fragments,
it
was
actually
a
subtly
different
problem,
because
this
is
the
first
big
packet
sent
from
the
server
to
the
client,
and
so
we
decided
to
test
a
range
of
initial
fragment
sizes
between
12
and
14,
16,
bytes
varying
them.
By
strides
of
eight,
we
perform
this
as
an
ongoing
experiment.
D
There's
a
slide
about
how
this
is
not
as
easy
as
you
think,
we're
using
lib
pcap
to
actually
snap
and
send
packets.
This
is
great.
Lid
pcap
has
no
buffer
space,
and
so
the
problem
is
you've
got
exactly
one
pack
of
time
to
get
something
done.
That
doesn't
work,
so
we
spend
a
lot
of
time.
Writing
shared
memory
systems
that
implement
a
ring
buffer
for
both
incoming
and
outgoing
packets
and
actually
did
a
v6
nap
to
make
all
this
work.
The
server
is
actually
a
normal
old
server.
D
The
client
we
have
no
control
over
and
the
wrangler
has
all
this
muck
inside
to
actually
make
it
happen.
So
what
did
we
see
now?
The
blue
line
is
the
loss
rate
averaged
for
the
world
and
it's
no
longer
28.
It's
no
longer
21
and
up
until
you
know
a
few
days
ago,
it's
coming
down
again
to
around
7.5.
D
So
apart
from
the
fact,
we
stuffed
up
the
experiment
over
the
new
year.
It's
not
bad,
it's
not
brilliant,
but
it's
7.5.
It's
certainly
not
bad.
The
map
is
kind
of
interesting
as
to
where
this
happens.
The
green
is
good.
The
red
is
super
bad.
The
white
is
there's
not
enough,
v6
to
even
measure
at
the
time
odd
graph,
but
if
you
think
about
it,
the
folks
who
are
doing
super
good,
like
india,
are
actually
the
more
recent
v6
deployments.
D
So
it
seems
to
suggest
that
this
fragmentation
drop
rate
is
network,
not
host.
It's
not
the
destination,
that's
doing
them
now,
I'm
just
dropping
it.
It's
actually
the
network
itself
and
the
more
recent
deployments
using
whatever
more
recent
equipment
is
out.
There
tend
to
do
a
whole
lot
better
than
the
initial
deployments,
which
are
sort
of
more
conservative,
like
france,
for
example,
and
I
think
even
the
american
ones
kind
of
mixed,
whereas
you
know
like
I
said
india
and
around
the
middle
east-
a
lot
better
in
terms
of
percentage
of
drop
rate.
D
D
D
Why?
If
you
put
the
initial
fragment
size
high
is
the
drop
rate
dramatically.
Higher
varies
by
provider,
if
you're
in
telus
in
canada,
nothing
nothing
gets
through.
It's
a
95
drop
rate.
Well
done
guys,
there
is
no
such
thing
as
a
fragment
in
telus.
They
just
get
dropped,
whereas
barty
and
don't
forget
that
sort
of
anomaly
is:
is
us
not
them
party
airtel
in
india,
which
is
a
massive
deployment?
Few
hundred
million
users,
the
drop
rate's
around
four
percent,
so
they're
doing
a
whole
lot
better
than
the
world
average.
D
I
mean
they're
doing
a
whole
lot
better
than
most
folks.
So
again,
why
is
this
happening?
Local
security
policies,
slow
path,
processing?
You
know
you
can
read
this
as
well
as
I
can
is
this
fragmentation
drop
because
we're
fragmenting
is
because
the
extension
header
in
the
packet
exists
and
it's
dropping
because
of
that.
So
the
first
way
we
tried
to
answer
this
was
actually
bring
up
the
null
header,
I'm
moving
really
quickly.
D
It's
in
red
and,
as
you
see,
there's
a
component
of
drop,
which
is
this
is
a
fragment.
I
don't
like
it
and
there's
a
component
of
drop
that
says
you
put
in
a
fragment
header,
even
though
it's
not
a
functional
fragment,
I
don't
like
it,
and
the
atomic
fragment
drop
rate
certainly
is
high
six
percent,
but
it's
lower
than
the
actual
substantive
fragment
drop
rate.
D
It
varies
provided
by
provider
in
germany,
the
atomic
fragment
drop
rate's,
constant,
that's
bizarre
and
higher
than
the
normal
fragment
drop
rate
in
italy.
It's
almost
non-existent,
whereas
the
fragment
drop
rate
is
high
and
in
australia
the
fragment
drop
rate
when
we
started
measuring
it
is
higher
than
normal,
fragments
the
atomic
fragment
drop
rate's
higher.
D
D
D
The
part
of
the
other
reason
why
we
chose
the
pad
n
or
pad
a
destination
option.
Is
that
all
the
rest
of
the
destination
options?
Look
crazy,
weird
crap,
and
so
this
is
the
the
few
that's
kind
of
in
doesn't
matter
if
it's
there,
if
the
client
actually
gets
the
packet,
does
nothing
it's
just
padding.
D
So
the
network
shouldn't
give
us
stuff
and
the
client
who
gets
it
shouldn't,
give
us
stuff.
So
if
anything's
going
to
get
through
it's
going
to
be
a
padding
destination
option,
yeah
awesome,
awesome,
94.5
drop
rate.
I'm
like
you
actually
have
to
program
that
that
doesn't
happen
by
accident.
That
happens
because
you've
sat
in
your
code
and
go
I
hate
destination
options,
and
so
it
seems
that
almost
every
host-
and
certainly
because
these
days
most
of
the
eyeballs,
are
sitting
on
mobile
platforms.
D
Mobile
platform
hosts
have
particular
loathing
of
destination
options,
whether
they
contain
padding
or
presumably
any
other
directive,
but
it
seems
that
it's
it's.
It's
just
wow
awesomely
bad,
so
we
thought.
Okay,
if
that's
the
case,
let's
mix
this
up
a
little
bit
and
try
hot
by
hop
because
you
know
maybe
the
network
truly
is
being
malicious.
D
D
D
So
the
issue
is
over
time.
The
handling
of
fragment
packets
has
gone
from
just
unusually
horribly
toxicably,
bad
to
yeah,
pretty
bad
you're,
still
bad
more
recent
deployments
show
so
basically
better
handling
of
fragmentation,
header
but
hot
by
hop
and
extension.
Headers
ain't,
nothing
happening
in
the
public
internet
infrastructure.
So
what
lessons
have
we
learned?
D
D
D
And
if
you
want
to
see
the
current
numbers,
because
this
is
working
around
about,
I
think
we're
doing
about
six
to
seven
million
samples
a
day
across
the
planet.
That
qr
code
will
take
you
to
this
url.
This
url
generates
a
daily
report
and
it
actually
looks
at
the
state
of
fragmentation
headers
all
the
time,
and
I
am
done.
Thank
you
back
to
you.
E
Excellent
is,
is
it?
Can
you
hear
me
jeff?
Yes,
I
can
jared
hi
excellent,
yeah
nice
to
see
you.
So
you
know
you
covered
it
a
little
bit
in
the
end,
but
I'm
wondering
how
much
of
the
v6
is
because
of
the
the
mobile
networks,
specifically
a
lot
of
the
mobile
networks.
Actually,
they
get
tail
circuits
from
different
isps
to
backhaul,
to
the
towers
or
from
different
carriers
to
back
all
to
the
towers,
and
often
they
have
a.
They
have
an
mtu
on
those
links.
E
That's
less
than
1500,
even
internally
for
v4,
let
alone
for
v6,
and
so
you
know,
the
1280
kind
of
you
know
seems
to
seems
to
potentially
explain
that.
But
I'm
curious,
if
you
have
a
further
sub
breakdown
of
you
know
if
it
came
from
the
mobile
carriers,
ip
space,
you
know
from
the
isp
or
if
it's
just
from
their
generic
ip.
You.
D
There
are
folk,
like
in
my
country
that
do
mobile
and
wired
all
off
the
one
address
space,
all
of
one
piece
of
infrastructure,
and,
quite
frankly,
you
can't
tell
if
a
mobile
device
is
doing
wi-fi
tagging
attachments
into
a
home
or
if
it's
actually
out
there
on
the
mobile
network.
Other
countries
are
different.
D
The
the
basic
observation
is
that
these
days,
the
bulk
of
eyeballs
are
behind
mobile
platforms.
However,
they
attach-
and
that's
just
the
reality
of
the
world,
so
in
some
ways
making
that
distinction
between
what's
wide
and
what's
mobile,
it's
getting
less
and
less
important
when
you
realize
that
you
know
90
of
the
users
and
probably
99
of
the
money,
is
actually
behind
mobile
devices.
D
C
C
I
don't
understand
how
they
work
magic,
so
we
have
eric
or
justin,
I'm
not
sure
who's.
Actually
speaking,
and
if
you
happen
to
remember
what
the
name
there,
we
go
that
one.
C
And
this
is
also
going
to
be
related
to.
I
can
do
slides
for
you
or
you
can
do
oh
crap,
there's
a
clicker
thing.
I
don't
know
the
clicker
thing's
gone
I'll.
Do
the
slides
here,
okay
or
I
can
share
it
to
you.
Where
are
you?
Where
are
you.
C
I
don't
actually
know
how
I
change
the
slides
view,
because
I
don't
have
a
clicker
when
I
see
your
slides,
no
you're
not
allowed
such
at
the
computer,
they're
very
clear
on
that
apparently
left
and
right.
Does
it
so
never
mind
great?
Is
that
not
working.
G
Better,
all
right
so
hi,
everyone
justin
from
julia
and
eric
over
there
from
cisco
and
today
let
me
introduce
you
to
james
and
I
have
to
say
that
we
are
particularly
proud
of
that
name,
because
obviously
it
opens
the
doors
to
a
lot
of
fans.
But
anyway,.
G
Actually,
there
is
already
rfc
7872,
which
was
mentioned
in
previous
talk,
and
actually
we
wanted
to
basically
present
new
refreshed
and
more
complete
results,
and
you
probably
heard
in
six
men
that
there
is
a
hot
topic
about
hop
by
hub
options
and
the
question
is:
are:
are
they
usable
or
reliable,
over
the
entire
internet,
and
specifically,
two
drafts
have
recently
been
adopted,
one
to
define
processing
procedures
for
buy-ups
and
the
other
one
is
more
about
sending
and
processing
all
actual
extension
headers
and
define
some
limits
on
it.
G
H
G
We
have
vantage
points
in
some
parts
of
the
world
and,
as
you
can
see,
we
are
still
desperately
searching
for
some
vms
in
africa
and
somewhere
in
china
or
japan
and
somewhere
in
that
zone.
G
So
we
have
a
lot
of
our
vantage
points
in
europe:
three
in
america,
north
and
one
in
south,
one
in
australia,
one
in
india
and
one
in
singapore.
G
And
the
methodology
we
have
used
no
black
magic
here.
This
is
a
trace
root
like
technique,
even
though
this
is
or
how
in
library
but
still
trace,
would
like,
and
we
just
test
each
pair
of
vms,
in
both
directions
and
for
each
experiment.
You
use
udp
and
tcp,
because
you
never
know
what
filter
you
can
have
an
error
for
and
for
the
experiments.
We
have
tested
pop,
buy
up
and
destination
options
and
we
vary
the
size
from
8
to
512.
G
G
We
have
tested
authentication,
headers,
no
next
editor
or
with
ethernet,
which
is
defined
in
rfc
8986,
which
is,
I
guess,
if
I
remember
well
something
about
segment
rotate
for
ipv6
and
network
programmability,
and
so
for
each
experiment.
The
traffic
we
send
the
prop
link
we
send
is
smart,
as
proposed
in
the
draft
here
that
you
see
in
the
slide.
G
So
we
have
published
this
draft
recently
also
and
the
idea
is
just
to
either
insert
an
id
or
an
address
email
or
something
in
a
payload
somewhere
in
whatever
layer
allows
to
or
easy
technique
that
you
know
it's
just
to
run
a
web
server
on
the
the
address
you
are
sending
packets
and
just
explain
why
you
are
sending
such
traffic,
and
so
with
this
you
have
a
view.
G
We
will
see
that
later
of
each
result,
so
you
can
see
that
each
routing
editor,
sorry
extension,
editor
pass
or
don't
pass,
and
we
also
try
to
attribute
the
drop
for
responsibility
for
slipper,
hop
and
then
obviously
areas
and
that's
where
our
programs
come.
G
G
Only
the
first
and
the
second
responded,
so
you
could
say:
okay,
maybe
the
third
hop
is
responsible
for
a
drop
or
maybe
it
did
just
not
respond,
and
maybe
this
is
the
force
or
maybe
it
just
not
respond.
That's
all!
It's
the
fifth
that
situates
right,
it's
responsible
for
the
drop
and
so
illustration
on
the
bottom.
G
You
run
the
same
experiment
a
few
seconds
after
and
then
hope.
Surprise
you
see
that
the
force
up
did
respond.
So
in
that
case
you
just
can
rule
out
the
third
cop
from
being
responsible
for
the
drop
and
so
you're
back
to
the
same
principle.
Maybe
if
the
fifth
up
is
responsible
for
the
drop
or
if
you
just
not
respond
it's
equation.
H
H
G
G
I'm
alive
so
second
case.
I
needed
identified
our
unidentified
s
number
before
and
after
the
hop.
So
as
I
said,
you
might
have
or
might
not
have
identified
some
yes
number
between
before
and
after
the
wrapping
question,
and
so
you
might
or
might
not
identify
your
es
here.
G
G
So
for
the
results
of
biops
options,
they
are
unreliable,
so
we
have
the
same.
We
are
agree
with
previous
presentation:
the
destination
options,
obviously
size,
8
and
16.
They
pass
so
they
go
true,
while
once
you
reach
32,
they
become
unreliable
and
so
for
a
size.
32
93
percent
was
true.
So
it's
not
that
bad,
but
it's
still
unrealable.
G
Once
you
come
to
64,
it's
half
that
part
or
42
percent,
and
it
goes
wrong
with
bigger
sizes
for
the
routine
headers
types
0
and
4.
They
are
unreliable
again,
unreliable,
but
still
good,
so
81
percent
and
69
percent
pass.
But
here
type
0
is
deprecated
and
type.
4
is
segment
rating.
So
no
big,
surprise
here
and
types,
one,
two,
three
four
five
and
six
sorry
they
go
true
for
fragmentators
atomic
fragment
adders
are
unreliable.
We
have
70
percent
that
go
through
and
for
non-atomic
fragmentators.
G
They
all
go
through
authentication,
headers,
no
next
editor
or
ethernet
they
go
through,
and
so
that's
the
results
part,
but
we
also
try,
as
I
said,
to
attribute
drop
for
per
aes,
and
so
this
is
still
a
work
in
progress.
So
I
won't
go
too
much
into
details
here
and
show
results
because
they
are
still
not
that
stable.
G
G
We
also
plan
to
extend
the
topology.
So,
as
I
said
earlier,
we
are
trying
to
find
some
vm
somewhere
in
china
or
africa,
and
we
also
plan
to
use
a
probing
to
destinations.
We
don't
necessarily
own
so,
for
instance,
based
on
bgp,
prefixes
or
our
excerpt
of
domains,
and
we
also
try
to
improve
the
drop
responsibility.
Attribution
algorithm
for
super
hop
so
reduce
that
interval
as
much
as
possible
and
then
per
es,
and
one
possibility
here
is
to
use
vdr
map.
G
I
t
especially
for
the
case
with
the
link
between
two
asses
next
slide.
G
So
thank
you
very
much
feel
free
to
have
a
look
at
this
repo,
where
we
gather
all
scripts
to
generate
props
packets
and
results
from
james.
B
Hi,
oh,
it
works
really
good
information.
The
most
alarming
to
me
was
your
last
slide.
If
you
want
to
bring
it
up,
if
I
saw
it
right
when
it
gets
up
to
one,
I
guess
next
to
the
last
12
at
128,
you're
losing
95
percent
and
at
32
basically
you're
getting
through
about
that
same
amount.
Do
we
know
why
that
size
makes
such
a
big
difference,
and
is
it
a
problem
we
can
address
so.
G
Obviously,
it
becomes
bad
because
probably
routers
have
some
predefined
sizes
and
you
are
pushing
layer
four
too
far
away.
So
maybe
there
are.
B
G
Yeah
yeah,
but
about
details
not
that
much
because
all
we
have
is
the
response
from
the
rulers,
and
so
all
we
can
do
is
assume
something
so.
C
C
I
J
Thank
you
warren.
Can
you
hear
me
yep?
Thank
you.
So
this
is
the
point
where
we
sort
of
wind
back
through
multiple
presentations
on
ipv6,
that's
been
given
over
the
years.
People's
routers
are
built
out
of
systems
that
have
limited
windows
into
the
packet
now
for
fast
forwarding.
J
J
C
Thank
you
very
much.
Thank
you
very
much.
I
think
that
this
one
worked
nicely
as
a
follow-on
from
the
previous
one,
and
now
we
have
something
completely
different,
which
is
ignis
on
what
would
happen
to
a
wrap
server
if
bgp
sek
was
deployed
end
to
end
today,
and
hopefully,
ignis
can
help
me
find
his
slide
set
yeah,
just
which
one
is.
It
called.
C
K
K
Right
one
presentation
on
three
titles:
it's
some
experiments
and
well
experimentation
with
trying
to
implement
bgp
sec
and
see
how
that
might
perform
the
more
or
less
real
world
and
how
the
rosy
and
needle
world
of
protocol
engineering
shatters
around
into
the
harsh
reality
of
software
and
hardware
engineering,
and
also
the
third
one
and
then
specifically
for
yob,
which
mentions
the
route
server,
because
otherwise
he
wouldn't
pay
attention
to
me.
So
now
I
feel
happy
next
slide.
Please.
K
It's
over
here
so
bgp
sec
in
theory.
That's
a
really
simple
idea.
We
do
some.
We
add
some
cryptographical
verification
into
the
asp
so
sign
of
what
we
are
advertising
and
verify
what
we
receive
from
our
neighbors
signature
is
comprised
of
three
elements:
the
actual
fragments
of
the
path,
the
identifier
of
the
neighbor
to
whom
we
are
sending
out
and
the
prefix
itself
well
do
some
calculation
and
then
do
some
other
calculation
to
verify
that
next
slide.
Please.
K
If
we,
if
we'll
try
to
characterize
the
scalability
parameters
for
that,
there
are
multiple
dimensions
which
are
relevant
in
real
deployments,
so
amount
of
prefixes
and
the
distribution
of
prefixes
to
the
as
paths
and
there's
this
space
where
things
can
be
optimized
here,
the
what
is
called
the
fan
out
ratio,
the
amount
of
the
same
as
part
of
information
signed
as
part
of
information
that
you
distribute
to
your
outgoing
neighbors
and
how
many
of
those
receive
exactly
the
same
as
power
and
there's
also
caching.
K
So
if
we
look
at
the
practical
bgp
implementations,
they
they
cache
attributes
in
one
or
the
other
way.
K
As
with
bgp
sec,
the
size
of
the
attribute
is
slightly
larger
than
than
for
say
other
types
of
bgp
attributes.
Therefore,
we'd
really
like
to
try
to
cache
the
things
and
let's
see
how
bgp
sec
as
the
protocol
is
friendly
with
that
next
slide.
Please,
if
we
look
at
the
platform
specifics
so
in
itf,
it's
a
spherical
bgp,
which
runs
in
a
vacuum.
K
But
if
we
look
into
the
field,
it
runs
on
specific
platforms
and
those
platforms
have
specific
and
a
real
world
say:
restrictions
and
limitations
to
the
performance
and
most
the
main
one
is
memory
bandwidth
and
memory
latency.
K
While
in
theory
you
can
have
a
lot
in
reality,
the
latency
limits.
What
practical
amount
of
memory
operations
you
can
achieve,
and
also
looking
into
the
developments
in
the
compute
platform
processors
themselves,
the
scalar
processing
performance
is
increasing
in
a
low
single
digit
percent
across
the
generations,
and
the
main
increase
in
compute
performance
is
in
making
those
operations
wider.
So
single
instruction,
multiple
data
or
in
general
vectorization,
where
you
have
one
instruction
which
operates
on
multiple
parallel
streams
of
data.
K
From
a
cryptographical
point
of
view,
signature
validation
can
be
optimized
in
certain
environments
like
validating
the
signatures,
which
are
generated
from
the
same
private
key
might
be
optimized
to
a
level,
that's
also
more
of
a
domain
of
the
software
implementation
and
less
so
of
the
protocol
engineering.
But
that
also
needs
to
be
taken
into
the
account
and
the
protocol
should
not
actively
preclude
that.
K
The
increase
in
the
possible
compute
performance
comes
from
executing
multiple
parallel
instructions
and
having
wider
data
paths
so
to
say
an
equivalent
or
in
well
in
a
more
more
simpler
form.
It's
a
with
a
wider
vectorization.
Next
slide,
please.
K
So
if
we
look
in
bgp
second
practice,
how
does
that
look
from
a
data
structure
perspective
and
how
does
that?
Look
from
avaya
image
perspective
from
algorithms
for
hash,
so
first
thing
the
long
message
that
they
has
path
with
the
crypto,
all
sorts
of
cryptographical
keys
segments
and
and
other
identifiers.
K
It's
compressed
via
sha,
two
hash
function
into
32,
bytes
and
then
those
32
bytes
are
used
as
an
input
into
the
signature
generation
both
of
these
processors.
They
are
vectorizable
so
themselves.
They
don't
have
any
preclusion
for
making
them
in
parallel,
and
this
is
more
of
a
domain
of
the
software
engineering
characterization.
If
we
are
talking
about
the
contemporary
intel
arm,
platforms
has
been
around
for
a
decade
and,
yes,
we
still
have
problems
in
in
the
industry.
Overall,
there
are
problems
of
compilers.
K
There
are
problems
with
overall
software
engineering
community
awareness
to
that.
This
is
slowly
but
gradually
improving,
and
this
is
a
basically
a
free
tool
that
you
need
to
use.
K
Speaking
of
hashing
that
operates
on
fixed
blocks,
so
blocked
by
itself
is
atomic.
If
you
compute
the
block,
you
can
continue
the
next
block,
starting
from
the
same
intermediate
state
that
you
got
previously.
Therefore,
this
opens
opportunities
for
caching,
hash
calculation
for
certain
data,
signature,
calculation
and
verification.
Those
are
computationally
expensive,
but
it
doesn't
touch
memory.
K
While
you
have
to
do
more
arithmetic
operations
on
on
a
large
integers,
you
can
do
that,
mostly
as
your
underlying
platform
can
allow,
whereas
for
hashing
you
are
limited
by
the
memory
bandwidth
and
there
are
certain
ways
that
you
can
walk
around,
but
the
general
trend
is
that
the
longer
your
as
path
get
your
the
longer
your
bgp
sec
path
gets
the
more
time
you
will
spend
on
calculating
the
hash
value
than
on
calculating
or
validating
the
signature?
K
K
But,
however,
there
are
some
alarming
specifics
here.
The
signature
itself
is
the
signature.
Block
itself
is
built
from
two
parts,
and
those
parts
are
six
and
94
bytes
and
six
is
not
the
power
of
two
and
that
just
falls
into
a
direct
conflict
with
what
the
any
practical
vectorization
platform
can
support.
It's
either
four
or
eight.
K
If
you
want
to
squeeze
in
six
there
it's
possible,
but
you
will
lose
far
more
than
you
would
gain
in
in
trying
to
vectorize
that
next
slide,
please
looking
into
how
that
works
into
into
the
characterization
and
where
the
saving
can
come.
So
on
the
top
horizontally.
You
have
the
incoming
message
for
which
the
hash
needs
to
be
calculated
and
bgp
sec
is
recursive.
You
need
to
do
that,
validation
for
each
and
every
intermediate
intermediate
hop.
K
Therefore,
what
you
do
if
your
platform
allows
for
a
gather,
efficient,
gather
or
or
indexed
load
operation,
you
simply
point
out
the
offsets
from
which
to
take
the
data,
and
then
this
is
a
middle
middle,
green
part
and
the
time
flows
from
top
to
bottom.
K
You
calculate
in
parallel,
for
example,
for
eight
or
sixteen
lanes.
That's
one
instruction
and
eight
or
sixteen
instances
of
separate
data
within
the
latency
of
the
longest
block.
You
have
a
multitude
of
bandwidth,
so
it's
a
little
bit
slower
than
the
scalar
version,
because
well
you
don't
have
branching
some
some
implementations
don't
support
a
rotation
which
is
needed
for
shattu.
Therefore,
you
need
to
implement
that
yourself
by
multiple
shifts
here
and
there
and
then
combining
the
result.
K
K
Therefore,
if
your
implementation
allows,
you
can
easily
talk
about
the
order
of
magnitude,
speed
up
for
signature
generation
and
validation
and
then
the
yellow
part
is,
is
the
actual
key
generation
or
signing
or
or
validation
path?
The
same
same
rules
apply.
You
have
multiple
entities
being
processed
in
parallel,
even
if
the
key
actual
key
length
is
a
little
bit
different
by
a
few
bits.
Oh
this
is
this
is
purely
an
implementation
aspect
of
how
you
can
do
that
efficiently.
K
So
the
outcome
of
this,
you
can
get
substantial
increase
in
performance
if
your
data
structures
allow
for
that
next
slide.
Please,
and
here
we
are
coming
to
the
second
problem
of
or
second
real
life
aspect
of
bgp
sec
on
the
top,
you
see
the
wire
image
and
in
bgp
sec
attribute.
First,
you
have
an
array
of
path
elements.
K
Then
you
have
an
array
of
signatures
where,
for
the
specification
itself
asks
for
the
hash
to
be
calculated
in
sequences,
so
you
have
path,
signature
path,
signature
path,
signature,
and
that
means
that
for
for
that
incoming
attribute,
which
you
received,
you
first
need
to
copy
it
around
then
calculate
the
hash
and
signature
and
then
copy
it
back
again
into
the
format
which
will
eventually
will
go
on
to
the
buyer,
touching
the
memory
and
copying
the
memory.
Yes,
you
you
have
caching
system,
you
have
automatic
automatic
prefetch
there.
K
It
works
if
your
algorithm
is
friendly
to
that.
But
if
you
are
reaching
up
more
than
one
or
two
cache
line
forward,
the
backward
in
general,
this
algorithm
cannot
cope
up
with
that
and
you
you
start
to
lose
latency,
basically
for
nothing,
signature,
generation
and
verification.
Well,
they
are,
they
are
computationally
intensive,
but
overall,
that's
not
the
main
problem.
K
K
The
experiments
so
what
what
has
been
experimented
with?
Let's
take
the
realistic,
real
world
distribution
of
prefixes
prefix
to
us
path
ratios
the
fan
out,
ratios
and,
and
the
overall
setup
was
that
it's
24
hours
of
gdp
updates
taken
from
multiple
public
sources
that
is
past
different
asp.
K
Only
as
path
attributes
taken
out.
It's
on
the
order
of
75
000
different
ass.
The
assumption
is
made
that
one
is
equals
one
route,
therefore,
there's
one
pair
one
pair
of
keys,
generated
per
ais.
K
All
that
is
precomputed
in
advance,
then
all
is
fed
by
rtr
into
the
device
under
the
test,
then,
based
on
that
incoming
data.
Well,
bgp
sessions
are
kind
of
brought
up,
and
all
of
that
is
replayed
into
the
device
under
the
test
and
device
under
the
test
feeds
everything
back
with
the
fan
out
ratio
of
90
to
a
receiver.
K
The
summary
outcome
of
that
it
works.
It
actually
takes
four
specific
particular
implementation
in
a
particular
environment.
On
a
particular
platform,
it
took
34
minutes
for
this
to
converge
from
the
start
to
the
beginning
from
start
to
end,
comparing
that
to
the
plane,
bgp
without
bgp
sec,
that's
one
minute,
20
seconds
and
well.
K
I
think
we
can
live
in
certain,
at
least
in
the
beginning
of
of
of
deployment
or
instead
well,
in
certain
engineered
aspects
of
network
design.
We
can
live
with
half
an
hour
of
the
initial
convergence
if
you
don't
need
to
bootstrap
the
whole
of
a
network
all
the
time
from
the
beginning,
but
if
we
can
do
something
better,
maybe
we
could
next
slide
please.
K
So
if
we
try
to
look
into
into
the
whole
kind
of
the
situation
around
bgb
sec
so
is,
is
it
really
broken
from
a
security
point
of
view?
Now
everything
works
fine,
but
it's
not
very
much
practically
usable
as
it
is
today
and
now
two
two
main
problems
if
we
are
looking
at
the
layout
of
the
data,
vgp6
also
signs
the
destination
asm,
for
which
we
are
advertising
that
prefix.
K
If
we
move
that
field,
for
example
to
the
end,
that
means
that
we
can
calculate
it
once
in
pre-cash
for
majority,
for
for
the
majority
of
the
blocks,
and
only
recalculate
one
or
two
remaining
blocks,
which
also
are
changing
with
each
prefix,
the
longer
the
s
path
gets
the
the
higher
the
savings
from
that
are.
K
The
second
problematic
aspect
is
the
actual
wire
image
we
have
data
layout
on
the
wire
and
data
layout
that
is
being
processed
really
incompatible,
and
that
means
that
you
need
to
receive
something
reshuffle.
Do
the
thing
then
reshuffle
again
and
send
it
out?
This
can
easily
be
avoided
next
slide,
please!
K
So
what
can
we
do
about
that?
Let's
look
at
the
reality.
Bgp
sec
is
well
at
least
at
least
the
current
specification
version
zero.
It
doesn't
have
real
practical
deployments.
Well,
there
are
some
experiments,
there
are
some
experimental
implementations,
but
there
are
no
significant
or
substantial
deployments.
K
K
It
doesn't
say
anything
about
a
format
over
which
it
operates.
One
of
the
possible
ways
for
another
version
of
bgp
circuit
would
be
to
extend
this
algorithm
identifier
to
cover
the
format
over
of
the
data
or
which
is
being
processed
and
whether
that's
the
same
meaning
of
the
identifier
or
separate.
That's,
I
think,
an
open
question
for
a
discussion
and
also
the
wire
image
asks
for
changes
to
make
it
simply
friendly
to
the
implementation
talking
back
about
the
experiments
so
those
34
minutes.
K
If,
if
these
couple
of
changes
are
implemented,
they
converge
into
something
closer
to
four
minutes,
which
is
probably
a
rather
substantial
reduction
in
in
the
overall
load.
Next
slide,
please.
K
So
that's
a
summary
again
that
you
have
the
hashing
and
the
signature
part
spread
around
over
a
set
of
different
elements
which
are
scattered
around
and
that's
not
very
friendly
to
the
implementation
aspects.
L
Okay,
so
kiriti
I,
this
is
my
first
iepg
meeting
and
I
came
to
listen
to
inyas,
so
thank
you.
It
was
worth
it.
I
want
to
pop
up
a
level
if
you
go
to
slide
eight
he
talks
about.
You
know
we
should
take
the
specifics
of
the
compute
platform.
L
Go
now
I
can
see
him
so
take
protocol
engineering
needs
to
take
software
and
hardware
specifics
into
account
seriously.
I
think
there's
something
we
need
to
do
in
the
ietf,
not
just
here
we're
talking
about
changes
to
mpls,
yes,
and
we
need
to
do
this,
but
the
word
specifics
bothers
me.
I
think
there
are
principles,
for
example,
the
last
thing
you
said
about
take
the
as
number
and
put
it
at
the
end
in
front
of
the
beginning.
L
How
can
we
improve
whether
it's
wire
rate
I
mean
wire
formats
or
or
processing
in
in
the
forwarding
path?
We
need
to
look
at
higher
level
things
and
say:
can
we
do
this
in
a
way
that
you
know
we
are
taking
those
into
account?
We
can't
say
this
works
well
on
this
particular
platform
or
works
very
well
on
this
broadcom
chip,
but
I
think
we
still
need
to
do
more
than
we
are
doing
today
in
terms
of
oh
this,
this
looks
like
a
nice
wire
format.
K
Yes,
so
quickly,
this,
this
is
basically
in
a
context
that
vectorization
is
a
commodity.
Functionality
on
the
compute
platforms
today
has
been
for
more
or
less
plus
decades.
Take
exact
86
take
arm,
take
risk
five.
Those
are
the
three
generic
purpose
platforms
which
are
relevant
in
the
industry.
They
all
have
that
in
one
of
the
other
usable
shape
or
we'll
have.
M
Job
sniders.
Lastly,
you
asked
whether
people
care
I
would
like
to
raise
my
hands.
I
think
it
is
interesting
that
you
observe
that,
from
a
security
perspective,
it's
okay
and
I
think
that
stems
from
the
fact
that
there
is
not
much
to
take
away.
It's
the
most
minimal
thing
that
we
could
do
at
global
skill,
signing
prefix
path
and
target
the
suggestions
you
make
to
reshuffle
the
layouts,
it's
probably
not
too
late
and
there's
another
interesting,
mitigating
aspect
of
deployment
in
the
real
world
that
might
be
underappreciated.
M
M
I
I
Probably
people
live
in
the
us.
You
have
seen
two
weeks
ago,
fcc
published
kind
of
requests
for
information
about
bgp
security.
So
when
I
go
to
to
him
and
ask
where's
bgp
security,
he
says
you
need
to
buy
new
hardware,
even
so
whatever
I
buy
today
brings
at
least
broad
volvo
broadwell
class
intel
right.
I
I
K
K
Well,
at
least
it
seems
now
right,
so
it's
not
enough
to
have
a
perfect
protocol
which
is
not
conflicting
with
with
the
platform
specifics.
You
also
need
other
things
around
and
yes,
there's
quite
a
large
amount
of
work.
C
N
C
N
Thank
you,
so
I'm
going
to
talk
today
about
a
recent
draft
that
we
submitted
on
regional
internet
blocking.
We
are
presenting
this
in
the
interior
and
plan
to
see
if
there's
interest
there
to
adopt
before
we
get
started.
Just
a
few
disclaimers.
The
the
content
in
this
draft
represents
ideas
solely
of
the
authors
and
does
not
reflect
any
of
the
positions
or
views
necessarily
of
any
of
our
affiliations.
N
N
Contribution
and
does
not
represent
ieff
consensus
all
right.
We
got
that
out
of
the
way
now
for
some
of
the
fun.
So
the
first
question
is:
you
know
a
little
bit
of
background
and
motivation
on
why
we
wrote
this
this
draft.
N
N
So
what
we
wanted
to
do
is
to
describe
well
what
would
that
look
like
what
would
be
some
of
the
ways
in
which
this
kind
of
blocking
could
be
accomplished
and
what
are
the
implications?
Positive
negative?
What
are
the
advantages
disadvantages?
What
are
the
potential
consequences
intended
and
unintended?
The.
B
N
Audience
the
target
audience
for
this
document
is
policymakers,
as
well
as
the
general
public.
Basically,
everybody
who's,
not
in
the
room
right
now
or
in
this.
N
But
is
interested
in
understanding
what
we
who
are
in
the
room,
kind
of
have
as
common
knowledge
on
the
topic
of
filtering
blocking,
and
you
know
what
it
would
look
like
and
the
kinds
of
considerations
one
should
know
about
if
one
wanted
to
block
connectivity
for
a
region.
N
The
idea
here
is
that
policymakers
do
depend
on
good,
unbiased
information,
sober
clear
technical
information
on
you
know
what
is
possible,
how
it
works,
and
would
it
actually
do
anything?
So
that's
kind
of
the
idea
behind
this
is
to
discuss.
You
know
the
potential
intended
or
unintended
consequences
in
terms
of
what
this
document
is
not
we
are
not
advocating
for
or
against
any
particular
policy
or
position.
We
are
not
trying
to
inject
political
opinion
as
to
whether
or
not
this
is
or
is
not
a
good
idea.
N
We're
just
trying
to
really.
You
know
report
the
news.
This
is
how
it
would
work.
This
is
some
of
the
things
it
might
do
so
that
you
know
people
who
do
want
to
make
it
an
opinion
on
these
things
could
make.
You
know
perhaps
a
better
informed
opinion
on
the
matter.
N
We're
not
analyzing
the
ethics
of
such
an
approach.
We
also.
Obviously
there
is
a
you
know,
an
ongoing
conflict
right
now
that
inspired
the
writing
of
this
draft,
but
we
would
like
this
to
be
generic
enough,
that
it
is
applicable
to
more
than
just
one
episode.
This
is
probably
not
the
last
conflict,
that's
going
to
occur
where
this
topic
might
pop
up.
So
hopefully
this
could
be
useful
both
now
and
in
the
future.
N
Also,
it's
it's.
This
is
not
meant
to
be
a
blind,
a
guide
on
how
blocking
works
or
what
is
blocking
or
protection
against
security
threats.
Let's
say
that
there
was
threats
coming
out
of
a
region,
and
you
need
to
protect
yourself
from
that
region.
This
is.
N
Sanction
purposes
we're
not
trying
to
also
describe
you,
know
kind
of
a
how-to
guide
on
weaponizing
the
internet.
We
have
we're
not
letting
out
any
secrets.
This
is
pretty
well-known
approaches
and
you'll
see.
You
know
nothing
groundbreaking
here.
These
are.
These
are
pretty
well
known,
approaches
that
operators
use
fairly
commonly
for
for
legitimate
blocking
purposes.
N
We
also
didn't
go
into
a
malicious
attack,
approaches
and
kind
of
a
survey
of
those.
That's
an
interesting
topic.
It's
probably
you
know
worth
worth
discussion,
but
you
know
that's
such
a
broad
topic
and
it's
outside
the
the
the
scope
and
the
expertise
of
the
authors.
So
we
we
left
that
outside
just
over
this
document,
all
right,
so
the
meat
of
the
document.
What's
actually
in
this
document
we
start
at
the
physical
layer
and
work
our
way
up,
so
you
know
again
nothing
groundbreaking
here.
N
N
There's
a
data
plane
filtering,
go
ip
access
control
list
and
then
we
looked
at
dns.
You
know
what
it
would
look
like
to
you
know.
Some
some
approaches
might
be
removing
delegations
to
plbs
and.
B
N
Relevant
domains
also
blocking
resolution
requests
that
might
be
coming
from
a
resolving
name
server
or
in
hosts
that
might
be
in
a
region.
The
next
area
we
examined
was
all
right,
that's
inefficiency!
Would
this
actually
work?
What
would
this
do?
Some
of
the
intended
and
unintended
consequences?
N
N
So
you
know
perhaps
a
policymaker
might
want
messages
to
actually
get
in
and
out
of
the
region
and
blocking
that
connectivity
might
might
prevent
that
they
may
want
perhaps
certain
parties
within
a
region
to
be
able
to
communicate
freely,
because
those
say
oppositional
parties
might
be
sympathetic
to
the
views
of
the
policymaker.
N
So
again,
you
know
might
be
some
might
be
a
reason
you
know
to
be
aware
of
that.
You
know
this
might
not
happen.
If,
if
you
do
block
connectivity
also,
it
may
end
up
empowering
you
know
a
party
that
is,
you
know
the
target
of
sanctions
allowing
them
to
that.
You
know
party
to
or
regime
to
perhaps
consolidate
their
power
by
not
being
able
to
allow
some
of
the
information
that
we
just
got
mentioned
to
to
go
in
or
out
or
within
a
region.
N
The
thing
to
keep
in
mind
is
a
network
is
a
moral
it
does
not
discriminate
between
it.
Just
transmit
fits
whether
they're,
good
or
bad,
whether
they
comprise
good
or
bad
messaging,
but
the
network
just
pushes
them.
You
know
from
one
place
to
another.
N
Also
autonomous
systems
and
prefixes
are
not
allocated
based
on
geopolitical
boundaries.
They're
loosely
allocated
on
region-
and
there
are
registries
about
those
registers.
They
are
registered
information
and
you
know,
can
be
fairly
accurate.
Also,
things
can
change
an
entity
that
has
assigned
a
a
resource
like
an
asm
or
a
prefix
that
exists
within
one
region
while
it
might
move
to.
N
Another
region
will
be
acquired
by
a
multinational
corporation
that
you
know
multinational
entity
that
might
start
advertising
that
route
or
that
asm
in
a
different
region.
So
it's
really
kind
of
difficult,
there's
tourist
borders
when
it
comes
to
network
resource
allocation.
N
Also,
you
know
the
internet
is
by
design
decentralized,
and
that
makes
it
you
know
nearly
impossible
to
completely
block
a
region.
That's
that's
a
feature,
not
above
bug
of
the
system,
but
you
can
put
a
good
dent
in
in
connectivity
and
throughput
it's
at
certain
checkpoints.
N
There
has
been
some
you
know:
prior
art
in
the
area,
rfc
7754
talks
about
internet
service
blocking
and
filtering,
but
it's
more
focused
on
application
level
and
transport
than
actual
network
infrastructure.
Also,
the
purposes
are
a
bit
different.
It's
more
like
you
know,
security,
objectionability
and
business
arrangements
and
less
so
about
sanctioning.
N
N
Sure,
just
finishing
up
so
you
know,
like
I
said
we're
gonna
be
presenting
this
in
interior.
Looking
for
adoption,
you
know
first
question
we'll
ask:
is
this
document
useful?
Is
this
interesting?
Is
it
worth
working
on?
Are
there
other
things
we
missed?
You
know
the
question
of
gcp
versus
informational
and
review
and
comments,
and
you
know
if
you
have
produce
to
throw
shop
at
interior.
N
C
O
O
Figuring
out
exactly
good
information
about
the
effects
of
blocking
quite
obviously
makes
a
lot
of
sense.
In
this
context,
talking
about
blocking,
however,
can
be
can
can
trigger
with
certain
parties
the
idea
that
well,
okay,
they
should
actually
think
about
it
and
myself.
I
have
noticed
over
the
past
years
couple
of
events
were
parties
were
starting
to
think
about
sovereign
internets.
O
Whether
a
technical
paper
explains
in
detail,
the
bad
effects
of
of
blockage
and
in
the
end
suggests
that
blockage
should
be
avoided.
O
The
mere
existence
of
such
papers
can
be
used
by
parties
who
are
interested
in
segmenting
and
well.
Okay,
maybe
reinforce
their
empire
of
life.
O
So
one
has
to
be
extremely
cautious
when
doing
such
papers
to
to
figure
out
ways
and
that
these
ways
need
to
be
extremely
clever
to
avoid
feeding
that
evil
that
evil
track
of
arguments.
Thank
you.
N
Of
all
fair
points-
and
you
know
we're
we're
not
trying
again
we're
not
trying
to
say
this
is
good,
or
this
is
bad,
we're
just
trying
to
say
this
is
what
would
happen
to
the
best
of
our
ability.
If
one
did
this
to,
let
others
decide
if
this
is
good
or
bad,
and
we,
like,
I
said
I
don't
think
we
have
any
trade
secrets
or
network
secrets
here,
there's
really
nothing
novel
here.
This
is
pretty
pedestrian
descriptions
of
what
is
going
on.
P
B
P
Audience
and
I'm
also
a
little
bit
nervous
because
you
are
all
rpgi
experts,
but
yeah,
I'm
I'm
hoping
to
make
some
rpi
beacon
friends
here
that
can
help
me.
You
know
with
this
effort
and
tell
me
if
what
I'm
doing
makes
sense
and
how
to
make
it
better
and
how
to
make
it
more
useful
and
yeah.
Well,
I
will
tell
you
later,
but
I
could
also
use
some
additional
ipv4
resources
for
some
specific
aspects
of
this
beacon
next
slide,
so
you
here,
I
do
sometimes
do
dns
measurements.
B
P
We
had
the
rpi
beacon
and
we
spoke
to
him
and
asked
him
if
he
could
use
his
beacon
to
do
this
kind
of
measurements,
and
europe
allowed
that
and
thank
you
yup
for
that.
This
was
really
great
and
we
started
to
do
the
measurements
to
measure
the
uptake
of
router
region,
validation
of
dns
resolvers
since
2020,
but
unfortunately,
the
the
beacon
didn't
stay
for
a
very
long
time
or
it
stayed
for
almost
two
years,
but
we
had
to
look
for
another
beacon,
so
yeah.
P
P
P
So
this
was
gave
some
difficulties
with
doing
the
measurements
in
that
it
was
timer
based
now,
if
you
can
reach
the
valid,
but
you
cannot
reach
the
invalid,
then
you
have
to
wait
for
that
time
out
and
also
about
an
original
validation
is
to
prevent
wild
hijacks,
and
so
since
the
invalid
prefixes
were
not
announced
anywhere
else.
Validly,
you
could
ask
yourself
if
it
was
a
yeah.
It
looked
like
a
realistic
route.
Hijack
next
slide.
P
Yeah,
so
here
you
can
see
the
robot,
the
route,
origin,
authorization
for
the
slash
23
and
just
for
the
record.
I
also
made
one
for
this
list
24,
but
with
for
a's
and
0
to
officially
say
this
is
invalid.
Next
slide.
P
But
you
know
it's
still
really
hard
to
determine
which
hop
does
the
actual
validation,
and
it
also
has
the
peculiar
very
validity
that,
if,
if
you
are
in
a
network
that
is
validating
this
big,
you
can
might
still
reach
the
invalids.
P
Yeah
well
so
all
the
apps
that
used
the
earlier
beacon
they
are
moved
to
the
new
beacon
we.
So
it
was
really
cool
easy
to
do
rpi
test
for
revolvers,
because
you
just
went
to
authoritative
surface
one
has
a
zone
that
says
the
way
you
you're
protected
at
the
affiliate
and
one
says
no
you're
not
protected
at
the
invalid
next
slide.
P
The
beacon
is
also
at
the
end
of
ring.
If
you
are
only
an
unlocked,
ring
and
you're
a
secure
shell
to
the
enameled
lobs
ring
note,
then
you
will
see
this
text
that
you
can
enter
a
network
namespace
with
the
invalid
resources,
but
with
the
command
enter
invalid
net
ns
next
slides-
and
this
is
how
it
works.
You
can
see.
P
P
C
C
You
still
end
up
at
the
bad
place,
but
maybe
that's
actually
the
correct
thing
to
be
showing
because,
like
that's
what
would
happen
in
the
real
world,
so
I
don't
know
if
the
right
thing
to
answer
is
that
you're
protected
or
not,
because
the
network
you're
using
happens
to
validation,
but
you
still
end
up
in
a
sad
place.
So
I
don't
know
the
right
thing
is
anyway.
We
have
three
minutes
left,
so
I
will
help
you.
Q
Is
this
yeah?
It
is
on
ben
work
online.
I
said
that
that's
an
important
observation
and
I
think
the
reason
it's
important
is
because
I
I
I
was
struggling
for
most
of
your
your
talk
to
identify
exactly
what
you're
trying
to
measure,
and
if
I
understood
correctly,
what
you're
trying
to
understand
is
the
extent
to
which
dns
resolvers
are
susceptible
to
following
a
route
to
a
hijacked,
authoritative,
dns
server.
That's
fundamentally
what
you're
trying
to
measure
initially?
Q
Yes,
okay,
so
I
think
that
I
think,
in
order
to
work
out
what
you
need
in
the
way
of
a
beacon,
you
need
to
be
concentrating
on
what
the
most
likely
attack
against
that
traffic
exchanges,
and
I
don't
think
that
it's
a
more
specific
hijack.
I
think
in
most
cases,
most
people
that
are
operating,
dns,
authoritative,
dns
servers
are
already
announcing
20
forces
for
v4.
Q
The
origin
and
the
the
the
difficult
bit
to
affect
to
defend
against
is
the
fact
that
you're
then
relying
on
a
s
path,
length
for
selecting
the
the
the
correct
the
the
correct
destination,
and
that
will
show
a
pattern,
that's
similar
to
the
one
in
your
in
your
map,
but
will
be
more
pronounced,
you'll
get
more
resolvers
going
to
the
wrong
to
the
wrong
destination.
Q
P
Yeah
yeah,
it's
it's
it's
indeed
it's
that,
but
it's
also
trying
to
identify
which
hops
are
doing,
validation.
Q
B
Q
It's
not
as
important
as
the
yes
or
the
note
right.
The
only
other
observation
I
had
is
your
your
air.
Zero
rower
is
redundant.
It's
not
doing
anything.
D
D
We
can
get
95
percent
of
the
result,
if,
let's
say
fixed
transit
networks
do
validation
and
no
one
else
does,
because
if
paths
go
through
a
small
amount
of
the
core
and
the
core
is
doing
a
validation
dropping
it
actually
doesn't
matter
what
the
stubs
do
and
this
interplay
between
deployment
right
and
filtering.
This
actually
hasn't
been
studied
at
all
in
the
areas
of
rpki
we've
adopted.
The
mantra
of
everyone
must
do
it
and
that
mantra
is
meaningless.
D
It
creates
a
whole
bunch
of
wasted
effort
with
only
marginal
return.
If
everybody
else
does
rov
filtering,
I
don't
have
to,
and
you
can
actually
extrapolate
that
statement
outward.
What's
the
minimal
spanning
set
for
rov
filtering
for
the
maximal
benefit
and
that
statement
hasn't
actually
been
studied
hard.
The
problem
is,
in
a
nutshell,
single
beacons.
D
L
C
R
Thank
you,
excellent
hi.
This
talk
is
a
footnote
on
cider.
Those
of
you
who
are
of
an
age
neighbors
call
what
we
decided
a
long
time
ago
started
talking
about
aggregation
and
we
started
talking
about
doing
continental
and
regional
aggregation,
but
nothing
really
happened.
R
So,
what's
changed
since
we
started
doing
cider,
one
thing:
that's
surprising
is
we've
started
leaking
more
specifics,
all
over
the
place
for
traffic
engineering
and
that's
caused
a
great
deal
of
noise
in
the
routing
table.
It
would
be
really
nice
to
clean
these
up
and
it
would
be
very
effective
to
clean
these
up
at
a
distance
because,
frankly,
once
you're
at
a
distance,
the
more
specifics
don't
add
a
whole
lot
of
value.
R
R
R
R
Okay,
if
you
do
this,
this
is
not
necessarily
a
horrible
thing,
not
necessarily
a
good
thing
where
you
do
this
inside
of
ispb.
Actually,
matters
does
ispb
care
about
the
traffic
engineering.
That
ispa
is
advertising
and
it
can,
if
it
does
it
on
ingress,
it
gets
rid
of
some
traffic.
It
gets
rid
of
some
routes
that
it's
going
to
carry.
R
R
If
you
put
it
too
close
to
the
actual
abstraction,
too
close
to
the
region,
you're
going
to
break
traffic
engineering
and
if
you
go
too
far
away,
you're
being
wasteful
because
more
specifics
are
transiting
too
far
away-
and
this
is
a
case
where
it'd
be
very,
very
useful-
to
have
a
little
more
field
input
so
I'll.
Throw
that
question
out
to
you
guys.
R
You
could
also
do
continental
aggregation
and
I'm
going
to
pick
on
jeff
here.
Okay,
intercontinental
links
are
relatively
rare
comparatively,
and
so
we
very
much
want
to
traffic
engineer
those
intercontinental
links,
but
we
do
want
to
do.
R
R
Okay,
yes,
we
know
that
there
are
some
rpi,
our
pki
issues,
and
we
have
to
figure
out
how
to
do
that
with
aggregation
and
that's
something
we
have
to
work
out.
R
S
Yeah
hi
melini
elkins
inside
products,
okay,
so
just
one
anecdotal
data
point
from
somebody
that
I'm
working
with
is
a
large
organization
in
the
united
states.
That
has
a
global
presence
with
probably
people
I
mean
all
over
the
world,
and
we
were
talking
to
a
particular
rir
and
they
said
they
would
be
willing
to
give
them
address
ranges
for
globally.
S
R
It
doesn't
fit
in,
we
know
there
are
lots
of
organizations
with
global
span
that
are
injecting
their
prefixes
from
many
many
points,
and
those
are
not
good
candidates
for
aggregation.
For
obvious
reasons.
E
E
Okay,
yeah,
because
I
I
think
there's
I,
I
think
it's
very
important
to
talk
about
the
two
separately,
so
the
the
first
thing
is
that
you
know
inside
of
my
employer
today
we
actually
have
a
solution
that
we
use
to
go
and
ensure
that
we
don't.
You
know
that
traffic
tends
to
be
heavily
regionalized.
E
When
you
talk
about
a
global
footprint,
and
so
we
don't
have
to,
we
may
receive
all
the
paths
in
you
know
our
ribbon,
but
that
doesn't
mean
that
we
actually
need
to
carry
all
those.
You
know
all
those
paths
in
the
hardware.
It's
also
possible
that
many
of
them
have
the
same
next
hop
and
so
that
we
can
actually
do
localized.
You
know
optimization.
I
know
a
number
of
vendors
have
done.
E
You
know
either
internally
fib
compression
work
or
otherwise
to
ensure
that
you
know,
even
though
the
rib
may
have
more
in
it.
The
fib,
you
know
actually
can
run
a
lot
leaner
from
that
perspective.
So
so
there
have
been
many
different.
You
know
both
software
and
hardware
optimizations
done
there.
I
I
think
the
the
other
thing
just
kind
of
looking
at
this
just
generically
is.
E
I
think
this
makes
a
lot
of
sense
in
a
case
where
there's
a
lot
of
national,
you
know
aggregators
or
international
aggregators,
but
that's
actually
largely
not
the
case
anymore.
If
you're
actually
looking
at
the
internet
today
and
and
jeff
houston's,
you
know
talked
about
this
some
in
the
past.
It's
largely
how
do
I
get
to
the
largest
n
cloud
or
content
providers
within
my
region
and
almost
no
other
traffic.
You
know,
there's
there's
not
a
lot
of
long
distance
traffic.
You
know
in
that
regard
anymore.
E
If
you
look
at
what
enterprises
are
doing,
they're
largely
integrating
into
one
of
the
cloud
operators
but
and
purchasing
direct
interconnects
for
on-ramp
off-ramp
activities,
and
so
the
need
to
do
this.
E
There's
a
very
interesting
question
you
know
around
this
is:
how
much
is
this
actually
really
needed
per
se
and
at
the
same
time
I
also
want
to
comment.
Is
that
I
know
my
employer
is
really
bad
about
polluting
the
route
table
and
we're
trying
to
I'm
working
hard
to
try
and
address
that,
because
we
largely
had
a
lot
of
things
globally
that
were
very
unique,
discrete
sites
and
over
time.
My
long-term
goal
is
to
continue
to
advertise
out
those
local,
more
specific
routes
to
ensure
that
we
attract
the
traffic
in
the
right
locations.
E
But
globally
not
everybody
needs
to
see
those
routes,
and
so
we
don't
need
to
advertise
those
all
globally,
which
may
end
up
with
much
wider
divergence
in
what
a
local
versus
global
table
looks
like,
but
that
is
heavily
optimized
around
the
locations
that
need
to
get
the
routes,
and
so
I
think
that
this
is,
you
know
just
looking
at
this
at
a
high
level.
E
R
R
R
R
R
O
Kind
of
with
my
simple
mind,
I
feel
that
kind
of,
without
cooperation,
the
current
existing
universe
does
not
really
is
not
really
expected
to
get
get
a
solution
in
your
direction.
O
But
well,
okay,
you
smart!
You!
You,
smart
guy,
might
have
ideas
of
what
to
do:
actu,
well,
okay,
what
what
concepts
to
use
in
signaling
and
so
on
for
getting
getting
cooperation
information
into
this.
R
Well
again,
I
don't
think
cooperation
is
required.
I
don't
think
you
actually
break
anything
if
you
don't
have
cooperation
and
you
just
go
off
and
do
remote
aggregation
as
long
as
you're
advertising
the
aggregate
you
are
continuing
to
provide
connectivity,
but
you
are
shifting
traffic
away.
I
realized
that
alone
could
be
contractually
a
problem,
so
people
should
think
about
that,
but
I
don't
see
that
it
actually
breaks
anything.
I
Just
consider
maybe
just
a
data
point,
at
least
my
employer.
We
already
have
a
service,
that's
intermediate
between
internal
bgp,
speaker
or
external
appearing.
We
already
have
the
slurs
that
does
aggregation
both
externally
and
internally.
So
pretty
much
what
you
are
proposing
here.
It's
already
done
donna.
I
would
think
that
you
know
other
clouds
do
as
well.
C
Excellent
well,
thank
you
everyone.
I
think
that
this
brings
us
to
the
end
of
iepg
and
we
actually
still
have
10
minutes
left
if
I'd
planned
time
better.
We
could
have
done
some
more
of
willem's
questions,
but
we
will
almost
definitely
be
meeting
again
in
philadelphia,
assuming
that
we
actually
meet
in
philadelphia.