Bruce Schneier wrote a thoughtful article on the various perceptions of AI Risks including this gem:

As the science-fiction author Ted Chiang has said, fears about the existential risks of AI are really fears about the threat of uncontrolled capitalism, and dystopias like the paper clip maximizer are just caricatures of every start-up’s business plan.

A few days after I published the EBGP session protection lab, Jeroen van Bemmel submitted a pull request that added TCP-AO support to netlab. Now that the release 1.6.3 is out, I could use it to build the Protect BGP Sessions with TCP Authentication Option (TCP-AO) lab exercise.

netlab release 1.6.3 added numerous BGP nerd knobs:

• You can create EBGP multihop sessions in the global routing table when using Arista EOS, Cisco IOSv, Cisco IOS-XE, FRR and Cumulus Linux 4.x.
• ebgp.utils plugin supports TCP-AO, configurable BGP timers, and Generic TTL Security Mechanism (TTL session protection)
• BGP neighbor reports hide irrelevant columns.

We also:

I encountered several articles explaining the challenges of simulating your network in a virtual lab in the last few months, including:

• Some thoughts on digital twins by Jeff McLaughlin
• Network Simulation is hard – Part 1, Part 2 – by Pete Crocker
• Twenty-five open-source network emulators and simulators you can use in 2023 by Brian Linkletter

Enjoy!

Numerous Internet Exchange Points (IXP) started using VXLAN years ago to replace tradition layer-2 fabrics with routed networks. Many of them tried to avoid the complexities of EVPN and used VXLAN with statically-configured (and hopefully automated) ingress replication.

A few went a step further and decided to deploy EVPN, primarily to deploy Proxy ARP functionality on EVPN switches and reduce the ARP/ND traffic. Thomas King from DE-CIX described their experience on APNIC blog – well worth reading if you’re interested in layer-2 fabrics.

A few years ago, I was asked to deliver a What Is SDDC presentation that later became a webinar. I forgot about that webinar until I received feedback from one of the viewers a week ago:

If you like to learn from the teachers with the “straight to the point” approach and complement the theory with many “real-life” scenarios, then ipSpace.net is the right place for you.

netlab release 1.6.2 improved reporting capabilities:

• BGP reports and IP addressing reports are fully IPv6-aware
• Some columns in BGP reports are optional to reduce the width of text reports
• You can filter the reports you’re interested in when using netlab show reports command
• Reports relying on ipaddr Ansible filter display warnings (instead of crashing) if you don’t have Ansible installed.

In other news:

• Stefano Sasso added support for ArubaOS-CX running within containerlab
• You can use inter-VRF route leaking with Cumulus Linux or FRR

In the BGP Route Aggregation lab you can practice:

• OSPF-to-BGP route redistribution
• BGP route aggregation
• Suppression of more-specific prefixes in the BGP table
• Prefix-based filtering of outbound BGP updates

If you’re monitoring the industry press (or other usual hype factories), you might have heard about Ultra Ethernet, a dazzling new technology that will be developed by the Ultra Ethernet Consortium¹. What is it, and does it matter to you (TL&DR: probably not²)?

As always, let’s start with What Problem Are We Solving?

A while ago I explained how Generalized TTL Security Mechanism could be used to prevent denial-of-service attacks on routers running EBGP. Considering the results published in Analyzing the Security of BGP Message Parsing presentation from DEFCON 31 I started wondering how well GTSM implementations work.

TL&DR summary: