34c3 intro
Herald: And now please join me in welcoming
Caleb, for his talk BGP and the Rule of Custom
Applause
Caleb James DeLisle: Thank you.
Thank you and thanks for
coming. Tonight I'm going to speak to you
about the BGP protocol but it's not going
to be that technical. Specifically I'm
going to concentrate on the way that BGP
molds human interactions. So there I'm
aiming at making this a reasonably
accessible talk so if you catch me using
slightly incorrect terms for something
consider that I'm optimizing not only for
the clarity of the correctness but also
for the widest possible audience. So
protocols that are at their root systems
of governance. So I'm gonna propose a
framework to think about governance and
then as I describe BGP we can we will be
able to analyze it through the lens of
that framework and so as my slide shows
here I find it useful to dichotomize
governance systems into either
institutional like democracy or network
like the family or like the CCC, and when
you think about institutional governance
think about democracy, think about law,
think about rights, equality, these are
all concepts which are protected for us by
an institution in this case it's the state
and when you think about networks think
more about the family, think about
reputation, honor, mutual respect. These
are representations of the network
governance model, and the network
governance model turns out to be very
important to BGP. Now I'm gonna argue that
we need both institutional and networks
governance and each one should be used for
what it's best for. So but first I'm going
to talk about where BGP came from. The
year was 1989 and there were two people
named Kirk Lougheed and Yaakov Rekhter and
they were having lunch and at the time the
Internet of the day, then known as NSFNET
was facing impending collapse let's say.
The NSFNET was at the time, experiencing
explosive growth and the EGP
routing protocol was reaching the point
where it just could no longer work. So
during that lunch they defined a new
protocol, which they jokingly referred to
as a two napkin protocol, because they had
drawn their
diagrams out on those napkins. And we have
here some photographs of those napkins.
Something to understand about BGP at the
time, and it was that at this time the so-
called Internet was considered kind of
this weird anarchist experiment. You see
real networks used grown-up protocols such
as X.25 which among other things made sure
at the protocol level that when you sent a
piece of data it would actually reach its
destination. By contrast, Internet Protocol
was what we call a best-effort protocol
meaning that sometimes a packet might
arrive mangled or maybe it wouldn't arrive
at all. Computers on the Internet usually
just use the TCP protocol to put the
pieces back together and to resend the
broken ones but TCP is not really part of
the Internet itself. It's more an
application that runs over it and it's
telling that in this era the Internet was
referred to as TCP / IP because at the
time it was expected that any network must
be providing reliable transport. Now the
effect of IP's simplicity as compared to
other networking protocols cannot be
overstated and to consider a different
protocol even the one used in telephone
networks even to this day it's so mind-
numbingly complex that it actually
encourages the telephone companies to
monopolize in order to manage the protocol
that they use. In fact the SONET protocol
that's used in the American telephone
companies - there's an equivalent one here
in Europe - it actually requires
synchronized atomic clocks in the routers
in order to schedule the messages so that
there's an empty moment in each line
that's just for the message to pass
through. And in contrast the simplicity of
IP and the political design of BGP have
allowed for just about anybody to become a
network operator. So what is BGP? BGP is
a protocol which every Internet router
uses to talk to other routers when they're
talking across an organizational boundary.
See inside an organization you control all
the computers so you can have them talk
any way they want
but when you talk across boundaries
the lingua franca of
routing protocols is BGP. And BGP involves
two types of identifiers which
organizations need to apply for. These are
IP addresses which most people know about
and there are the lesser-known autonomous
system numbers and each network provider
has an AS number. Both IP addresses and
AS numbers are issued by ICANN through its
regional registries which manage this an
issuance kind of in accordance to need.
And an autonomous system is a network
operator such as an ISP or hosting
provider and having the AS number
means that they're able to speak as equals
with all the other network operators. It
also means that when they interconnect
with another network operator the fact
that they're interconnected is public and
that's a very important little piece of
BGP. Now BGP is unlike the EGP routing
protocol before it, a mesh protocol and
this fact has proven highly significant
because it's created what I call the
imperative to peer. And to understand the
imperative to peer, I'll give you a scenario.
Let's say that you and I are each
a medium-sized network operator. So your
customers want to talk to my customers, my
customers want to talk to your customers
but as medium-sized network operators we
both need to buy Internet from somebody
else that's bigger than us. In the
industry we call this the upstream
provider and if my customers are asking
for web sites hosted by your customers
normally what's going to happen is I'm
going to get those requests and I'm gonna
have to send them to my upstream provider,
they're going to give them to your
upstream provider who is going to give
them to you. But since we're both paying
for those links to our upstream providers
there's, we're sort of paying for that
traffic in a way, and now if you and I
happen to have routers in the same
datacenter then we could just run a wire
across the room and then peer with one
another and BGP will bypass our upstream
providers and route the traffic between me
and you and
you and me. And it's much more
efficient. Now it's important to
understand that peering means you and your
customers will talk directly to me and my
customers. What it doesn't mean is that you
can use me to reach my other peers, or
my peers peers, or my upstream, or someone
else. To have to do that, you'd have to be
my customer because peering has this
limitation it's usually mutually
beneficial for two ISPs to just peer and
usually it happens with no money changing
hands and in fact it almost always happens
there's not even any paper contract
that they just say that makes sense let's
run a wire. Now in this scenario you and I
needed to have the upstream provider and
you might wonder well who doesn't need an
upstream provider there must be someone at
the top where is the core. Well the core
is a series of what we call Tier 1
providers. And in this picture we have
white lines which represent the peering
agreements and the red lines represent the
customer agreements. The Tier 1's are the
people up at the top and they can reach
anywhere on the Internet using a peering
agreement or a customer. They don't need
to buy Internet from anyone. However they
do need to pay the upkeep on their massive
fiber-optic networks which give them the
global reach to get these peering
agreements and to get these customers
which makes them a Tier 1 in the first
place. And you can also see some
interesting things in the case you can
have you can be a customer and also a peer
and you can also have multiple upstream
providers. But with Tier 1 there's a bit
of politics, see Tier 1's are hesitant to
peer with smaller operators if there is a
chance that if they refuse to peer the
smaller one might alternatively become a
customer and so it's a bit like marriages
between wealthy families because peering
between Tier 1's it's a complex process and
they're each striving to ensure reciprocity
of value. Now small networks
on the other hand they're not so concerned
about this and so they're ready
to peer with each other quite liberally
and this has created a situation known in
the industry as doughnut peering where in
the Tier 1's are actually increasingly
being routed around and it's worthy of
reflection the fact that while SONET with
a synchronized atomic clocks has made an
incentive to monopoly. BGP with it's
imperative to peer has created a situation
where monopoly is discouraged. However
this system also has means of preventing
bad behavior on the Internet which it
works astonishingly well while at the same
time preserving almost absolute free
expression. So this is a chart of the
percentage of all email that is spam and
to understand why this chart is remarkable
consider what a bad protocol email
is. Email is basically a push protocol
with an unlimited free speech. So all you
got to do is get on the Internet, fire up a
mail server and you can just send spam to
anyone. It's magic. So really this
percentage should be like over 99% but
it's not. Well email is an old and heavily
used protocol and the network operators
have made it kind of a special case. Email
is actually one of the few protocols where
messing with it can get you kicked off the
whole Internet even if you have your own
network AS number even if you are a
network operator with peers and everything
you can still get chucked off the Internet
if you mess around with mail. So I'm gonna
try to explain how this works and I'm
going to do it by trying to think of
different types of actors that are, that
exist in the Internet service sphere. So
there is a lot of actors of course but
I've made these four main categories which
I think helps to explain the situation.
And they're the customer, the provider,
the network operator and the civil society
organization. So the customer is someone
like me. I take an IP address on loan from
my cable provider at home and I take one
from my web hosting provider. It's not my
IP address and it's not assigned to me. It
doesn't have my name on it and they can
take
it back when I stop working with them.
But that means I have relative anonymity
because I'm not out there looking for
peers I have my provider they know who I
am, they know me, I know them, nobody else
needs to know who that IP address is
associated with. However my provider can
trivially turn off my access to the
Internet but by the same token I can
usually choose which provider to patronize
as well modulo the monopolies in the cable
companies. Providers on the other hand
they are not anonymous they have to
maintain relationships with network
operators, they have to seek customers.
They're out in the public. Providers also
have an incentive to keep customers so
they can't be obviously scammy and they
shouldn't, they can't provide bad service.
They probably shouldn't be scummy
and they can't provide bad service. They
also have an imperative to stay friendly
with at least one network operator. If all
the network operators just hate them then
they can't find Internet. Providers have
their own IP addresses they're assigned to
them from the Internet registries and so
they can connect with multiple network
operators including even having peers
although in practice they often keep their
networks fairly simple. But because of the
way BGP exchanges information, their peers
and their providers are publicly known,
whereas me the little customer borrowing
an IP address I'm fairly opaque. Now
network operators they're somewhat like
providers, they provide a service but in
general they make their business around
providing raw Internet access to smaller
providers and that's why I've
differentiated them. Network operators are
very much not anonymous they have to have
large numbers of peering agreements and
customers which again all of these
connections are transparent, because of the
way BGP works and they're strongly
pressured by the imperative to peer. If
they're not able to find peers then all
the network traffic will have to be paid
for. It can even squeeze them out of the
market. They do have som
powers though they can
refuse to peer with a network operator and
they can even disconnect a customer which
they might do to maintain their
reputation. Last group here is civil
society these are organizations like Team
Cymru and Spamhaus. They dedicate their
time to shedding light on the bad guys of
the Internet. They're not anonymous as
organisations although their members can
be hidden and they also maintain lists of
IP addresses and AS numbers which are
either known to be operated by spam
organizations or which are just unused and
shouldn't be existing. Internet civil
society doesn't have any direct power but
their power comes from their reputation
for providing valid and useful data.
They're also able to do their job because
of the transparency of providers and
network operators which is built into BGP.
I'm going to tell you a story about two
providers. One is called McColo and the
other is called PRQ, both of these
organizations were founded in 2004 and
both of them have been subject to certain
controversy but tellingly one of them
still remains with us and the other one is
long gone. So this is a splash page of
McColo back in 2008 before it went dark.
McColo was founded by a 19 year old
student named Nicola McColo and it thrived
for four years before being taken down.
McColo provided what's known as
bulletproof hosting. That means hosting
where the provider will keep your server
online no matter what you do with it.
Bulletproof hosting providers choose not
to cooperate with civil society or even
law enforcement unless they're forced to.
And in November of 2008 the Washington
Post gathered some damning evidence that
McColo was a hosting provider mostly
interested in providing service for
spammers. What's interesting is that
rather than send this evidence to the
police they sent it to McColo's network
operators. Like many providers McColo
bought Internet access from two major
network operators. In this case it was a
Hurricane Electric and Global
Crossing. When Hurricane and Global
Crossing were given this information from
The Washington Post they voluntarily chose
to abruptly ceased doing business with
McColo and the provider was caught off
guard and it and all of its customers went
offline. Here is the global volume of spam
which dropped to that day by as much as
75%. Needless to say no other network
provider was beginning or ready to begin
selling service to McColo and their
business crumbled. Now PRQ is in some ways
similar to McColo heeey and in some ways
they're quite different. PRQ was founded
by two Swedish guys known in BitTorrent
circles as anakata and Tiamo and they
provide what I call last resort hosting.
They've hosted highly controversial
websites such as WikiLeaks but they're
probably best known for hosting The Pirate
Bay. The Pirate Bay stands out is probably
one of the most famous websites to
publicly flaunt copyright. Going to the
extent of actually publishing abuse
complaints along with their sarcastic and
humiliating responses. This is something
that the copyright industry had never seen
before. High-power lawyers are just not
accustomed to getting replies signed go
fuck yourself. So all four of the founders
have spent some time in prison and the
site's data centers have been raided
multiple times and supposedly Hollywood
even use threats of trade sanctions
against Sweden to force them to shut this
thing down. But we find that as McColo has
drifted into historical obscurity, The
Pirate Bay is still alive and has even
become something of a cultural
institution. And we also find that unlike
McColo, PRQ and The Pirate Bay have never
had any problem with their network
operators. So one of the fundamental
tenets of the Internet is that network
operators are morally but not legally
responsible for the activities of their
customers and peers. So they may choose
who they do business with and they will
not be held to legal account for these
decisions. What are the lessons that we
can take away from this?
Recently there's been a lot of
work done on federated social networking
protocols. I'm sure some of you will take
part in this development but the vast
majority of you will be evaluating them to
make decisions about which technology to
adopt and I urge you to give some thought
toward the political identities of the
protocols which you make or which you
choose to make your own. Like many things
systems of communication are defined
largely by what they reject, whether that
be packets larger than 1500 bytes or Nazi
propaganda. And in a protocol I identify
three main ways that these rules can be
defined. The first is what we hard code
into the software source code. Some
examples are message formats and
permission systems but hardcoded rules
can be extended further with cryptography
and especially with block chains. Hard
coded rules are a perfect example of
institutional governance they can be very
fair. They are very fair because code
applies the rules equally to everyone and
for things which we consider a basic human
right such as private communications and
things which are easily quantifiable in
software, hardcoding can be the best
solution. However hard rules do have a
downside, Ethereum a cryptocurrency based
heavily on the libertarian philosophy of
freedom of contract found itself in a bit
of a quandary when a bug was discovered in
one of the very significant contract
allowing for all the money to be stolen
out of that contract. For those who don't
follow the topic Ethereum was hard forked
in order to stop the errant contract and
everybody had to update and while the fork
itself protected the participants in the
contract it struck a serious blow to the
fundamental philosophy of Ethereum and it
serves as a warning that we have a
downside to hardcoding. The second source
is of course the central authority. The
Internet uses ICANN as a central authority
to manage allocation of domain names, IP
addresses and autonomous system numbers.
The central authority
is kind of a poster child of institutional
governance. Like hardcoded rules, rule by
central authority also tends to be
egalitarian. Moreover a central authority
is actually capable of equity because it
can comprehend people's different
situations and adapt to them. Something
that a hardcoded rule cannot do but a
central authority like a hardcoded rule
is prone to coldness and bureaucracy and
moreover it's quite difficult to create
central authorities which do not give
certain individuals unaccountable power
over others. The third source of rules or
in this case customs where this talk gets
its name is from the network and this is
how the network operators and how BGP
mostly managed to keep email spam and
other bad things off the Internet. The
network is by far the most humane form of
governance. Social norms are passed along
from friend to friend rather than rules
being forced down upon people by central
authority or source code. And we see
network-like systems in families ancient
tribal societies as well as royalty and
elite in kingdoms and of course online.
However in electronic networks we tend to
associate it with, we get to choose who
we associate with from any connected
person in the world and but networks also
have a downside they're not egalitarian in
any way. Those central in the network are
simply more powerful than those on the
edges. In the feudal system law was often
applied differently to a person based on
how they were dressed or what family they
were from. And the origin of the term rule
of law it was initially described as a
better alternative to rule of the king or
rule of man. We have the law we
have the state because people demanded
them as in this case the inequity of the
network rule proved unacceptable. But
there's an important difference between
BGP's rule of custom and the patently
unjust feudal system. BGP is transparent.
We know which network operators are
interconnected with whom and we know who
is protecting the bad actors
and in every case we find dystopia
whenever there's power without
transparency either in opaque proprietary
code, unaccountable central authorities or
in networks which form mafias, secret
societies in the feudal system. And I
think the key message from BGP has to be
that whether in central authorities or in
networks. Power and privacy do not mix.
With any measure of power there must be
equal transparency and accountability.
Applause
So in closing. I hope you go out there and
make protocols and make systems which far
surpass what we have today and to do that
I suggest looking at the past and what
protocols have been highly successful and
try to identify why they worked. Also look
at the ones that didn't work. Look at the
things that died in a hell storm of spam
and try to keep it simple. I developed
some software before and something I
learned the hard way is that complexity
becomes the enemy of adoption so maybe
it's a good idea we all write our
protocols on napkins. Thank you.
Applause
Herald: Thank you Caleb.
We now have five minutes
for questions you know the drill. Please
line up at the microphones there's four
microphones two in the middle, one there,
one there. please don't leave the room
until the talk is over. If you stood up
you can leave but the rest please
stay seated you can spare five minutes
it's a lot of noise that people keep
leaving during the Q&A.
Microphone number one please.
Question: Hello I'm from Sweden. I
really like to talk to have a overview of
this I think it was mostly correct. I
would say that I'm working with both the
BGP and DNS and those association with
ICANN but I think you put them all on the
you give them a bit too much power they
are not that powerful unless you describe
them. They don't decide everything about
DNS and everything. They're running the
IANA contract for these domain names and
numbers and stuff like that. On behalf of
the community like the IETF and other
multi-stakeholder organizations. So they
only have the power over the new top-level
domains they don't have the power over the
common domain or .se domain in Sweden or
.ch in Switzerland so if .se or .ch would
like to have The Pirate Bay, ICANN has
nothing to do with that.
Herald: Could you get to the question please?
Question: No it's not a question.
More to show that ICANN is
not the king.
Herald: There are other people queueing please.
Herald: Microphone number two please.
Question 2: Thank you. Great great
lecture. So what actually is the reason
why some illegal activities are tolerated
by ISPs and some like child abuse is not?
Speaker: That's a great question. I
think that what it comes down to is what
is socially acceptable. So when you have
why does some activity, why does some
illegal activity like smoking a joint
outside, not cause you to have the police and
other activity like murdering somebody
would. It's all about what is socially
acceptable to the people around you and
what is socially acceptable to the people
around them and in the case of ISPs
somebody is peering with the the people
that serve The Pirate Bay somebody else
looks at that and says it's not, I don't
feel that that's a problem somebody else
looks at them and says I don't feel but
people who think that is a problem and so
it's okay. I hope this answers your
question.
Herald: Do we have an Internet question?
No. Okay microphone number one please.
Question 3: Why do you think network
operators being morally but not literally
responsible for what content they accept
on the network worked so well for McColo
and PRQ and doesn't work at all for social
media?
Speaker: Oh great great question. Why it
doesn't work. If I understand you
properly? Why Twitter is still a crap
hole. It is. Well here's the thing Twitter
has it's - I am probably getting sued
- it's a, it's basically an
institutional governance system. They said
like we're in charge everybody is flat on
here so on top of a network governance
system they built in a institutional
governance system and the institutional
governance system it's like a high school
it's just it's terrible. So I should use
this opportunity to plug Mastodon because
Mastodon is an example of a system which
is federated and looks well it doesn't
look exactly like BGP but I think it will
in five years.
Applause
Herald: One hopefully brief question from
two please.
Question 4: Yes. Hi. Thank you very much
for talking about BGP. As someone who
knows a lot about BGP and I was kind of
wondering if you could help answer a
question and that's that I kind of view
BGP is kind of like a static protocol and
it was stuck it was written on two napkins
and it's been a little bit expanded beyond
that. My concern is like with, with rogue
countries or someone else harnessing IP
blocks and like sync holding traffic for
google.com or facebook.com which has
happened several times in the last couple
years can you think of a way where you can
either get BGP to conquer that problem or
with the new decentralized protocol to
conquer that problem?
Speaker: Filters, filters, filters.
Basically. I don't know that much about
BGP but I know that some people are in the
business of making their filters from the
data that's in the WHOIS database that
just say this is what you're allowed to
announce cool this is we'll build a filter
that's what your your box can send to us.
The problem is that ISPs are lazy and we
don't have we don't have standardized
stuff for making these filters so we end
up with a lot of people just sit putting
no filter and saying yeah announce
whatever you want and then you know China
announces Google and all the traffic goes
like this.
Herald: And that's all for today.
Thank you Caleb.
Applause
34c3 outro
subtitles created by c3subtitles.de
in the year 2018. Join, and help us!