Your browser failed to load CSS style sheets. Your browser or web proxy might not support elliptic-curve TLS

Building network automation solutions

9 module online course

Start now!
back to overview

It’s All About Business…

A few years ago I got cornered by an enthusiastic academic praising the beauties of his cryptography-based system that would (after replacing the whole Internet) solve all the supposed woes we’re facing with BGP today.

His ideas were technically sound, but probably won’t ever see widespread adoption – it doesn’t matter if you have great ideas if there’s not enough motivation to implementing them (The Myths of Innovation is a mandatory reading if you’re interested in these topics).

Here’s a pretty useful filter you can use when someone tries to tell you he solved a really hard problem:

  • Find out all the prior proposed solutions (if the problem is worth solving, someone else probably tried to solve it before);
  • Figure out whether the other solutions failed due to technical reasons (in which case there might be hope);
  • If the prior solutions were technically feasible but weren’t accepted, there might be a business reason for that;
  • If the proposed solution sufficiently changes the business model, there might be hope. Otherwise, move on.

Coming back to BGP example:

  • We had RPKI for years. Uptake is minimal;
  • BGPsec was also developed years ago. Nobody even thinks about using it due to the additional compute overload it would create;
  • There are tools to generate prefix lists from public routing databases. A very small percentage of ISPs cares enough about the quality of Internet routing to use them… in many cases due to someone passionate about quality like Job Snijders.

In case you’re wondering what’s wrong with the BGP world, Russ White (among numerous other things one of many webinar authors and member of ExpertExpress team) nicely explained it in BGP Security: A Gentle Reminder that Networking Is Business. Have fun!

Please read our Blog Commenting Policy before writing a comment.


  1. There you have it: "The cost of deployment must be lower than the return on that cost". Same with DNSSEC. It will be a dream forever.

    1. The cost of deploying DNSSEC if you're on Cloudflare is zero (modulo educating yourself which is a good idea anyway). What exactly is your point?

  2. IPv6, RPKI, BGPsec, DNSSEC, ..... whatever the real cost, if the perceived cost is high, deployment will lag severely (or fail). Can we call it lack of "killer app" ? I happened to hear delirious reasons for not going forward with IPv6, all of them based on the FEAR of high support cost. Just that. FEAR.
    On the other hand, you see projects going forward very painfully (and way over budget) because lack of understanding of the real costs and a perceived pontential benefit that it very doubtful.
    So yes, it's UNFORTUNATELY all about business...


Constructive courteous comments are most welcome. Anonymous trolling will be removed with prejudice.