-
34c3 intro
-
Herald: And now please join me in welcoming
Caleb, for his talk BGP and the Rule of Custom
-
Applause
-
Caleb James DeLisle: Thank you.
-
Thank you and thanks for
-
coming. Tonight I'm going to speak to you
about the BGP protocol but it's not going
-
to be that technical. Specifically I'm
going to concentrate on the way that BGP
-
molds human interactions. So there I'm
aiming at making this a reasonably
-
accessible talk so if you catch me using
slightly incorrect terms for something
-
consider that I'm optimizing not only for
the clarity of the correctness but also
-
for the widest possible audience. So
protocols that are at their root systems
-
of governance. So I'm gonna propose a
framework to think about governance and
-
then as I describe BGP we can we will be
able to analyze it through the lens of
-
that framework and so as my slide shows
here I find it useful to dichotomize
-
governance systems into either
institutional like democracy or network
-
like the family or like the CCC, and when
you think about institutional governance
-
think about democracy, think about law,
think about rights, equality, these are
-
all concepts which are protected for us by
an institution in this case it's the state
-
and when you think about networks think
more about the family, think about
-
reputation, honor, mutual respect. These
are representations of the network
-
governance model, and the network
governance model turns out to be very
-
important to BGP. Now I'm gonna argue that
we need both institutional and networks
-
governance and each one should be used for
what it's best for. So but first I'm going
-
to talk about where BGP came from. The
year was 1989 and there were two people
-
named Kirk Lougheed and Yaakov Rekhter and
they were having lunch and at the time the
-
Internet of the day, then known as NSFNET
was facing impending collapse let's say.
-
The NSFNET was at the time, experiencing
explosive growth and the EGP
-
routing protocol was reaching the point
where it just could no longer work. So
-
during that lunch they defined a new
protocol, which they jokingly referred to
-
as a two napkin protocol, because they had
drawn their
-
diagrams out on those napkins. And we have
here some photographs of those napkins.
-
Something to understand about BGP at the
time, and it was that at this time the so-
-
called Internet was considered kind of
this weird anarchist experiment. You see
-
real networks used grown-up protocols such
as X.25 which among other things made sure
-
at the protocol level that when you sent a
piece of data it would actually reach its
-
destination. By contrast, Internet Protocol
was what we call a best-effort protocol
-
meaning that sometimes a packet might
arrive mangled or maybe it wouldn't arrive
-
at all. Computers on the Internet usually
just use the TCP protocol to put the
-
pieces back together and to resend the
broken ones but TCP is not really part of
-
the Internet itself. It's more an
application that runs over it and it's
-
telling that in this era the Internet was
referred to as TCP / IP because at the
-
time it was expected that any network must
be providing reliable transport. Now the
-
effect of IP's simplicity as compared to
other networking protocols cannot be
-
overstated and to consider a different
protocol even the one used in telephone
-
networks even to this day it's so mind-
numbingly complex that it actually
-
encourages the telephone companies to
monopolize in order to manage the protocol
-
that they use. In fact the SONET protocol
that's used in the American telephone
-
companies - there's an equivalent one here
in Europe - it actually requires
-
synchronized atomic clocks in the routers
in order to schedule the messages so that
-
there's an empty moment in each line
that's just for the message to pass
-
through. And in contrast the simplicity of
IP and the political design of BGP have
-
allowed for just about anybody to become a
network operator. So what is BGP? BGP is
-
a protocol which every Internet router
uses to talk to other routers when they're
-
talking across an organizational boundary.
See inside an organization you control all
-
the computers so you can have them talk
any way they want
-
but when you talk across boundaries
the lingua franca of
-
routing protocols is BGP. And BGP involves
two types of identifiers which
-
organizations need to apply for. These are
IP addresses which most people know about
-
and there are the lesser-known autonomous
system numbers and each network provider
-
has an AS number. Both IP addresses and
AS numbers are issued by ICANN through its
-
regional registries which manage this an
issuance kind of in accordance to need.
-
And an autonomous system is a network
operator such as an ISP or hosting
-
provider and having the AS number
means that they're able to speak as equals
-
with all the other network operators. It
also means that when they interconnect
-
with another network operator the fact
that they're interconnected is public and
-
that's a very important little piece of
BGP. Now BGP is unlike the EGP routing
-
protocol before it, a mesh protocol and
this fact has proven highly significant
-
because it's created what I call the
imperative to peer. And to understand the
-
imperative to peer, I'll give you a scenario.
Let's say that you and I are each
-
a medium-sized network operator. So your
customers want to talk to my customers, my
-
customers want to talk to your customers
but as medium-sized network operators we
-
both need to buy Internet from somebody
else that's bigger than us. In the
-
industry we call this the upstream
provider and if my customers are asking
-
for web sites hosted by your customers
normally what's going to happen is I'm
-
going to get those requests and I'm gonna
have to send them to my upstream provider,
-
they're going to give them to your
upstream provider who is going to give
-
them to you. But since we're both paying
for those links to our upstream providers
-
there's, we're sort of paying for that
traffic in a way, and now if you and I
-
happen to have routers in the same
datacenter then we could just run a wire
-
across the room and then peer with one
another and BGP will bypass our upstream
-
providers and route the traffic between me
and you and
-
you and me. And it's much more
efficient. Now it's important to
-
understand that peering means you and your
customers will talk directly to me and my
-
customers. What it doesn't mean is that you
can use me to reach my other peers, or
-
my peers peers, or my upstream, or someone
else. To have to do that, you'd have to be
-
my customer because peering has this
limitation it's usually mutually
-
beneficial for two ISPs to just peer and
usually it happens with no money changing
-
hands and in fact it almost always happens
there's not even any paper contract
-
that they just say that makes sense let's
run a wire. Now in this scenario you and I
-
needed to have the upstream provider and
you might wonder well who doesn't need an
-
upstream provider there must be someone at
the top where is the core. Well the core
-
is a series of what we call Tier 1
providers. And in this picture we have
-
white lines which represent the peering
agreements and the red lines represent the
-
customer agreements. The Tier 1's are the
people up at the top and they can reach
-
anywhere on the Internet using a peering
agreement or a customer. They don't need
-
to buy Internet from anyone. However they
do need to pay the upkeep on their massive
-
fiber-optic networks which give them the
global reach to get these peering
-
agreements and to get these customers
which makes them a Tier 1 in the first
-
place. And you can also see some
interesting things in the case you can
-
have you can be a customer and also a peer
and you can also have multiple upstream
-
providers. But with Tier 1 there's a bit
of politics, see Tier 1's are hesitant to
-
peer with smaller operators if there is a
chance that if they refuse to peer the
-
smaller one might alternatively become a
customer and so it's a bit like marriages
-
between wealthy families because peering
between Tier 1's it's a complex process and
-
they're each striving to ensure reciprocity
of value. Now small networks
-
on the other hand they're not so concerned
about this and so they're ready
-
to peer with each other quite liberally
and this has created a situation known in
-
the industry as doughnut peering where in
the Tier 1's are actually increasingly
-
being routed around and it's worthy of
reflection the fact that while SONET with
-
a synchronized atomic clocks has made an
incentive to monopoly. BGP with it's
-
imperative to peer has created a situation
where monopoly is discouraged. However
-
this system also has means of preventing
bad behavior on the Internet which it
-
works astonishingly well while at the same
time preserving almost absolute free
-
expression. So this is a chart of the
percentage of all email that is spam and
-
to understand why this chart is remarkable
consider what a bad protocol email
-
is. Email is basically a push protocol
with an unlimited free speech. So all you
-
got to do is get on the Internet, fire up a
mail server and you can just send spam to
-
anyone. It's magic. So really this
percentage should be like over 99% but
-
it's not. Well email is an old and heavily
used protocol and the network operators
-
have made it kind of a special case. Email
is actually one of the few protocols where
-
messing with it can get you kicked off the
whole Internet even if you have your own
-
network AS number even if you are a
network operator with peers and everything
-
you can still get chucked off the Internet
if you mess around with mail. So I'm gonna
-
try to explain how this works and I'm
going to do it by trying to think of
-
different types of actors that are, that
exist in the Internet service sphere. So
-
there is a lot of actors of course but
I've made these four main categories which
-
I think helps to explain the situation.
And they're the customer, the provider,
-
the network operator and the civil society
organization. So the customer is someone
-
like me. I take an IP address on loan from
my cable provider at home and I take one
-
from my web hosting provider. It's not my
IP address and it's not assigned to me. It
-
doesn't have my name on it and they can
take
-
it back when I stop working with them.
But that means I have relative anonymity
-
because I'm not out there looking for
peers I have my provider they know who I
-
am, they know me, I know them, nobody else
needs to know who that IP address is
-
associated with. However my provider can
trivially turn off my access to the
-
Internet but by the same token I can
usually choose which provider to patronize
-
as well modulo the monopolies in the cable
companies. Providers on the other hand
-
they are not anonymous they have to
maintain relationships with network
-
operators, they have to seek customers.
They're out in the public. Providers also
-
have an incentive to keep customers so
they can't be obviously scammy and they
-
shouldn't, they can't provide bad service.
They probably shouldn't be scummy
-
and they can't provide bad service. They
also have an imperative to stay friendly
-
with at least one network operator. If all
the network operators just hate them then
-
they can't find Internet. Providers have
their own IP addresses they're assigned to
-
them from the Internet registries and so
they can connect with multiple network
-
operators including even having peers
although in practice they often keep their
-
networks fairly simple. But because of the
way BGP exchanges information, their peers
-
and their providers are publicly known,
whereas me the little customer borrowing
-
an IP address I'm fairly opaque. Now
network operators they're somewhat like
-
providers, they provide a service but in
general they make their business around
-
providing raw Internet access to smaller
providers and that's why I've
-
differentiated them. Network operators are
very much not anonymous they have to have
-
large numbers of peering agreements and
customers which again all of these
-
connections are transparent, because of the
way BGP works and they're strongly
-
pressured by the imperative to peer. If
they're not able to find peers then all
-
the network traffic will have to be paid
for. It can even squeeze them out of the
-
market. They do have som
powers though they can
-
refuse to peer with a network operator and
they can even disconnect a customer which
-
they might do to maintain their
reputation. Last group here is civil
-
society these are organizations like Team
Cymru and Spamhaus. They dedicate their
-
time to shedding light on the bad guys of
the Internet. They're not anonymous as
-
organisations although their members can
be hidden and they also maintain lists of
-
IP addresses and AS numbers which are
either known to be operated by spam
-
organizations or which are just unused and
shouldn't be existing. Internet civil
-
society doesn't have any direct power but
their power comes from their reputation
-
for providing valid and useful data.
They're also able to do their job because
-
of the transparency of providers and
network operators which is built into BGP.
-
I'm going to tell you a story about two
providers. One is called McColo and the
-
other is called PRQ, both of these
organizations were founded in 2004 and
-
both of them have been subject to certain
controversy but tellingly one of them
-
still remains with us and the other one is
long gone. So this is a splash page of
-
McColo back in 2008 before it went dark.
McColo was founded by a 19 year old
-
student named Nicola McColo and it thrived
for four years before being taken down.
-
McColo provided what's known as
bulletproof hosting. That means hosting
-
where the provider will keep your server
online no matter what you do with it.
-
Bulletproof hosting providers choose not
to cooperate with civil society or even
-
law enforcement unless they're forced to.
And in November of 2008 the Washington
-
Post gathered some damning evidence that
McColo was a hosting provider mostly
-
interested in providing service for
spammers. What's interesting is that
-
rather than send this evidence to the
police they sent it to McColo's network
-
operators. Like many providers McColo
bought Internet access from two major
-
network operators. In this case it was a
Hurricane Electric and Global
-
Crossing. When Hurricane and Global
Crossing were given this information from
-
The Washington Post they voluntarily chose
to abruptly ceased doing business with
-
McColo and the provider was caught off
guard and it and all of its customers went
-
offline. Here is the global volume of spam
which dropped to that day by as much as
-
75%. Needless to say no other network
provider was beginning or ready to begin
-
selling service to McColo and their
business crumbled. Now PRQ is in some ways
-
similar to McColo heeey and in some ways
they're quite different. PRQ was founded
-
by two Swedish guys known in BitTorrent
circles as anakata and Tiamo and they
-
provide what I call last resort hosting.
They've hosted highly controversial
-
websites such as WikiLeaks but they're
probably best known for hosting The Pirate
-
Bay. The Pirate Bay stands out is probably
one of the most famous websites to
-
publicly flaunt copyright. Going to the
extent of actually publishing abuse
-
complaints along with their sarcastic and
humiliating responses. This is something
-
that the copyright industry had never seen
before. High-power lawyers are just not
-
accustomed to getting replies signed go
fuck yourself. So all four of the founders
-
have spent some time in prison and the
site's data centers have been raided
-
multiple times and supposedly Hollywood
even use threats of trade sanctions
-
against Sweden to force them to shut this
thing down. But we find that as McColo has
-
drifted into historical obscurity, The
Pirate Bay is still alive and has even
-
become something of a cultural
institution. And we also find that unlike
-
McColo, PRQ and The Pirate Bay have never
had any problem with their network
-
operators. So one of the fundamental
tenets of the Internet is that network
-
operators are morally but not legally
responsible for the activities of their
-
customers and peers. So they may choose
who they do business with and they will
-
not be held to legal account for these
decisions. What are the lessons that we
-
can take away from this?
Recently there's been a lot of
-
work done on federated social networking
protocols. I'm sure some of you will take
-
part in this development but the vast
majority of you will be evaluating them to
-
make decisions about which technology to
adopt and I urge you to give some thought
-
toward the political identities of the
protocols which you make or which you
-
choose to make your own. Like many things
systems of communication are defined
-
largely by what they reject, whether that
be packets larger than 1500 bytes or Nazi
-
propaganda. And in a protocol I identify
three main ways that these rules can be
-
defined. The first is what we hard code
into the software source code. Some
-
examples are message formats and
permission systems but hardcoded rules
-
can be extended further with cryptography
and especially with block chains. Hard
-
coded rules are a perfect example of
institutional governance they can be very
-
fair. They are very fair because code
applies the rules equally to everyone and
-
for things which we consider a basic human
right such as private communications and
-
things which are easily quantifiable in
software, hardcoding can be the best
-
solution. However hard rules do have a
downside, Ethereum a cryptocurrency based
-
heavily on the libertarian philosophy of
freedom of contract found itself in a bit
-
of a quandary when a bug was discovered in
one of the very significant contract
-
allowing for all the money to be stolen
out of that contract. For those who don't
-
follow the topic Ethereum was hard forked
in order to stop the errant contract and
-
everybody had to update and while the fork
itself protected the participants in the
-
contract it struck a serious blow to the
fundamental philosophy of Ethereum and it
-
serves as a warning that we have a
downside to hardcoding. The second source
-
is of course the central authority. The
Internet uses ICANN as a central authority
-
to manage allocation of domain names, IP
addresses and autonomous system numbers.
-
The central authority
is kind of a poster child of institutional
-
governance. Like hardcoded rules, rule by
central authority also tends to be
-
egalitarian. Moreover a central authority
is actually capable of equity because it
-
can comprehend people's different
situations and adapt to them. Something
-
that a hardcoded rule cannot do but a
central authority like a hardcoded rule
-
is prone to coldness and bureaucracy and
moreover it's quite difficult to create
-
central authorities which do not give
certain individuals unaccountable power
-
over others. The third source of rules or
in this case customs where this talk gets
-
its name is from the network and this is
how the network operators and how BGP
-
mostly managed to keep email spam and
other bad things off the Internet. The
-
network is by far the most humane form of
governance. Social norms are passed along
-
from friend to friend rather than rules
being forced down upon people by central
-
authority or source code. And we see
network-like systems in families ancient
-
tribal societies as well as royalty and
elite in kingdoms and of course online.
-
However in electronic networks we tend to
associate it with, we get to choose who
-
we associate with from any connected
person in the world and but networks also
-
have a downside they're not egalitarian in
any way. Those central in the network are
-
simply more powerful than those on the
edges. In the feudal system law was often
-
applied differently to a person based on
how they were dressed or what family they
-
were from. And the origin of the term rule
of law it was initially described as a
-
better alternative to rule of the king or
rule of man. We have the law we
-
have the state because people demanded
them as in this case the inequity of the
-
network rule proved unacceptable. But
there's an important difference between
-
BGP's rule of custom and the patently
unjust feudal system. BGP is transparent.
-
We know which network operators are
interconnected with whom and we know who
-
is protecting the bad actors
and in every case we find dystopia
-
whenever there's power without
transparency either in opaque proprietary
-
code, unaccountable central authorities or
in networks which form mafias, secret
-
societies in the feudal system. And I
think the key message from BGP has to be
-
that whether in central authorities or in
networks. Power and privacy do not mix.
-
With any measure of power there must be
equal transparency and accountability.
-
Applause
-
So in closing. I hope you go out there and
make protocols and make systems which far
-
surpass what we have today and to do that
I suggest looking at the past and what
-
protocols have been highly successful and
try to identify why they worked. Also look
-
at the ones that didn't work. Look at the
things that died in a hell storm of spam
-
and try to keep it simple. I developed
some software before and something I
-
learned the hard way is that complexity
becomes the enemy of adoption so maybe
-
it's a good idea we all write our
protocols on napkins. Thank you.
-
Applause
-
Herald: Thank you Caleb.
We now have five minutes
-
for questions you know the drill. Please
line up at the microphones there's four
-
microphones two in the middle, one there,
one there. please don't leave the room
-
until the talk is over. If you stood up
you can leave but the rest please
-
stay seated you can spare five minutes
it's a lot of noise that people keep
-
leaving during the Q&A.
Microphone number one please.
-
Question: Hello I'm from Sweden. I
really like to talk to have a overview of
-
this I think it was mostly correct. I
would say that I'm working with both the
-
BGP and DNS and those association with
ICANN but I think you put them all on the
-
you give them a bit too much power they
are not that powerful unless you describe
-
them. They don't decide everything about
DNS and everything. They're running the
-
IANA contract for these domain names and
numbers and stuff like that. On behalf of
-
the community like the IETF and other
multi-stakeholder organizations. So they
-
only have the power over the new top-level
domains they don't have the power over the
-
common domain or .se domain in Sweden or
.ch in Switzerland so if .se or .ch would
-
like to have The Pirate Bay, ICANN has
nothing to do with that.
-
Herald: Could you get to the question please?
-
Question: No it's not a question.
More to show that ICANN is
-
not the king.
Herald: There are other people queueing please.
-
Herald: Microphone number two please.
Question 2: Thank you. Great great
-
lecture. So what actually is the reason
why some illegal activities are tolerated
-
by ISPs and some like child abuse is not?
Speaker: That's a great question. I
-
think that what it comes down to is what
is socially acceptable. So when you have
-
why does some activity, why does some
illegal activity like smoking a joint
-
outside, not cause you to have the police and
other activity like murdering somebody
-
would. It's all about what is socially
acceptable to the people around you and
-
what is socially acceptable to the people
around them and in the case of ISPs
-
somebody is peering with the the people
that serve The Pirate Bay somebody else
-
looks at that and says it's not, I don't
feel that that's a problem somebody else
-
looks at them and says I don't feel but
people who think that is a problem and so
-
it's okay. I hope this answers your
question.
-
Herald: Do we have an Internet question?
No. Okay microphone number one please.
-
Question 3: Why do you think network
operators being morally but not literally
-
responsible for what content they accept
on the network worked so well for McColo
-
and PRQ and doesn't work at all for social
media?
-
Speaker: Oh great great question. Why it
doesn't work. If I understand you
-
properly? Why Twitter is still a crap
hole. It is. Well here's the thing Twitter
-
has it's - I am probably getting sued
- it's a, it's basically an
-
institutional governance system. They said
like we're in charge everybody is flat on
-
here so on top of a network governance
system they built in a institutional
-
governance system and the institutional
governance system it's like a high school
-
it's just it's terrible. So I should use
this opportunity to plug Mastodon because
-
Mastodon is an example of a system which
is federated and looks well it doesn't
-
look exactly like BGP but I think it will
in five years.
-
Applause
-
Herald: One hopefully brief question from
two please.
-
Question 4: Yes. Hi. Thank you very much
for talking about BGP. As someone who
-
knows a lot about BGP and I was kind of
wondering if you could help answer a
-
question and that's that I kind of view
BGP is kind of like a static protocol and
-
it was stuck it was written on two napkins
and it's been a little bit expanded beyond
-
that. My concern is like with, with rogue
countries or someone else harnessing IP
-
blocks and like sync holding traffic for
google.com or facebook.com which has
-
happened several times in the last couple
years can you think of a way where you can
-
either get BGP to conquer that problem or
with the new decentralized protocol to
-
conquer that problem?
Speaker: Filters, filters, filters.
-
Basically. I don't know that much about
BGP but I know that some people are in the
-
business of making their filters from the
data that's in the WHOIS database that
-
just say this is what you're allowed to
announce cool this is we'll build a filter
-
that's what your your box can send to us.
The problem is that ISPs are lazy and we
-
don't have we don't have standardized
stuff for making these filters so we end
-
up with a lot of people just sit putting
no filter and saying yeah announce
-
whatever you want and then you know China
announces Google and all the traffic goes
-
like this.
Herald: And that's all for today.
-
Thank you Caleb.
-
Applause
-
34c3 outro
-
subtitles created by c3subtitles.de
in the year 2018. Join, and help us!
