from Hacker News

Creating an autonomous system for fun and profit (2017)

by bsilvereagle on 6/24/23, 4:09 PM with 29 comments

  • by davisr on 6/24/23, 7:02 PM

    Don't use Cisco equipment; they put (quite sloppy) backdoors in their products. Absolutely zero trust with them.

    Snowden: The NSA planted backdoors in Cisco products --- https://www.infoworld.com/article/2608141/snowden--the-nsa-p...

    Backdoors Keep Appearing In Cisco's Routers --- https://www.tomshardware.com/news/cisco-backdoor-hardcoded-a...

    Sinister secret backdoor found in networking gear perfect for government espionage: The Chinese are – oh no, wait, it's Cisco again --- https://www.theregister.com/2019/05/02/cisco_vulnerabilities...

  • by dang on 6/24/23, 6:13 PM

    Discussed at the time:

    Creating an Autonomous System for Fun and Profit - https://news.ycombinator.com/item?id=15727115 - Nov 2017 (16 comments)

    (p.s. reposts are fine after a year or so; links to past threads are just to satisfy extra-curious readers)

  • by hamandcheese on 6/24/23, 8:07 PM

    > and its biggest downsides are it's size and power, which are both not that big of issues since I've got a whole 44U rack for just a few servers and I don't get billed for my power usage.

    I was surprised to read this. I was looking in to colocation services (for less than a rack) and everywhere I spoke to, including Hurricane Electric, included a set number of amps (which I assume is at 120V?).

    Specially, HE offered me 2 amps with 7U of rack space. That seemed really low to me, just one of my 2U servers with a lot of hard drives idles at around 100W or just under 1A and easily exceeds 2A when it's really working (which admittedly is rare, it mostly idles).

    I didn't follow up to see how that is actually metered. I'd love to hear about other folks experiences with collocating - is this common?

  • by phirephly on 6/24/23, 5:59 PM

    This article is also essentially available as a podcast. https://oxide.computer/podcasts/on-the-metal/kenneth-finnega...

  • by cantaloupe on 6/24/23, 6:17 PM

    The article mentions that the Cisco router used is limited to a million addresses, which would be exceeded in “2-3 years.” Looks like the author got at least double the life out of the router, because the internet is just approaching one million BGP entries now!

    https://bgp.potaroo.net/bgprpts/rva-index.html

  • by derefr on 6/24/23, 8:12 PM

    Can someone explain why loading a 1MM-route BGP table onto a network switch is a "hard problem" that requires fancy hardware to solve, rather than something that even commodity hardware today is capable of?

    Presuming you do your IPv4 and IPv6 routing separately...

    For IPv4, an interval-treemap from uint32-pair intervals to uint8 output ports fits into the default memory config of a PC from 1994; and each lookup into said tree resolves in nanoseconds, even on a machine of the era — esp. for tree-node pages that are hot in CPU cache.

    And for IPv6, the tree could grow a lot larger, since the intervals are, per se, "uint128"-pairs... but there just aren't that many extant IPv6 routes yet, so the table is actually small in practice.

    What are the constraints on the problem that I'm missing?

  • by rigidbus on 6/25/23, 2:59 AM

    I'd like to assign a unique IPv6 address for each user of my service. Since I'm in Australia I looked to APNIC but their pricing is a bit intimidating for a side project. I'm primarily after stable addresses so that my users never have to reconfigure anything if the underlying infrastructure (Vultr to start with) changes. What options should I be looking at?