Terminology: routes and gateways

Posted on 2015-02-24 by Charlie

Originally, back when the ARPAnet merged with SRI, BBN, NSFnet and MERIT to become the Internet, and dinosaurs still roamed the earth, there was no such thing as a “network router”. How can that be? Meh, it’s just semantics. The terminology has evolved.

Internet-connected systems that routed traffic (which was most of them, back in the day) usually ran a program called “gated” (that’s the GATEway Daemon, written at MERIT) that routed IP traffic between networks. A lot of those oldtimey networks were connected by UUCP dial-up links that were only live between 11pm and midnight to save money, so the code was written to support poor quality network links that came and went somewhat randomly.

Any physical network connection that would accept packets bound for some remote network was called a gateway. Gateways were defined by their network addresses. A data structure was created to hold information about which gateways led to which networks – this is called the routing table. The individual entries in that table are created by specifying a set of target IP addresses (using a network address and a mask), a target gateway, and which physical connection to use to reach that target gateway. That terminology is still in use in some commands, such as the “route” command. The individual routing table entries quickly came to be called routes.

At some point somebody at Stanford or MIT came up with the concept of the default gateway. This was a hack, that has become a crucially important networking concept today. No matter what kind of OS they were running, network-connected computers already had routing tables that held networks, masks, and gateways – so a special “fake network” was defined for the purpose of putting a default gateway into the existing tables. It has an address/mask pair that makes no sense at all – 0.0.0.0/0.0.0.0 – this is intentional, so the fake network entry can’t possibly interfere with any real networks.

The network stacks of all modern systems (post 1979) will look for a route to a target address, and if they don’t find one, they will use the route defined by the 0.0.0.0/0.0.0.0 routing table entry. It’s a wild swing, the hail mary pass, you just throw it out there and hope for the best.

Since the default route fits the format that is used for all other routes (it just has an impossible ip/netmask pair) it can be carried on any dynamic routing protocol – BGP, EIGRP, OSPF, RIPv2, you name it. This usually causes more problems than it’s worth, so most places do not distribute default routes dynamically. Instead they are configured by DHCP or defined manually, and cannot fluctuate.

Anyway, today, individual people have their own computers, instead of sharing a computer with 500 other people using dumb terminals, so most of our hosts don’t route, so their routing tables are almost empty. They will typically have two entries:

1) the default route, still called the default gateway in many implementations
2) the route to the local net, which is specified by the host’s IP address and mask, and uses the physical ethernet port as the gateway.

A host that has no default route can only talk to machines on networks for which it holds specific routes.

Multicast-capable hosts (like linux and Windows machines) may also have multicast routes in their routing tables, but that is something you usually only see on servers at this point. It will become more common on end user desktops in the future, though; MacOSX and Ubuntu already have multicast capabilities turned on from the factory.

So today any network-capable widget might have static routes, defined by the system administrators, and those static routes might include a default route. It might also have dynamic routes, learned by communicating over the network with other systems, and those dynamic routes might include a default route. You can still call the target of the default route the default gateway if you wish, or you can call it the default route’s next hop, but most networking pros will just say default route or default gateway interchangeably. We’re a little sloppy with the language.

Oddly, over time computers have become less and less capable of dealing with multiple default routes. The pre-v2 linux kernels handled it effortlessly, but modern linux is just as bad in this respect as Windows.

Language evolves, although not always for the better. I personally have found it advantageous to adopt or at least be fluent in the terms and notations used by the youngest generation of technologists. I try to say folder instead of directory, for instance, because directory now means a backend database accessed by LDAP, instead of an on-disk filesystem data structure. I insist on using only international date notation. And I would like to train myself to pronounce router the same as rooter – which is almost certainly going to be the standard pronunciation before I manage to retire – but I haven’t got that programmed into my wetware yet. And I try to always say route instead of gateway whenever possible. The only time I want to use the word gateway is when I’m specifically talking about the target of a route. It’s not that the term is wrong in all other contexts, it’s just that it’s somewhat sloppy and very old-fashioned; it’s like calling your car a flivver instead of a beater.

Weirdest comment spam so far

Posted on 2015-02-19 by Charlie

Entire text of a comment spam that showed up on Typing Animal last year:

I make them have dirty sex with each other and THEN i bite off their limbs and they have dirty dirty amputee gummy bear sex. And then i bite off their heads and they have fihtly disgusting zombie gummy bear sex. And then I eat them and growl and make yummy noises while I chew. So, I’d say that the above wife-saying is not strange or dirty at all.

The text was originally linked to a facebook page that has since been shut down for hosting malware.

Twitter finally has something I want

Posted on 2014-12-10 by Charlie

Twitter’s architecture has always seemed about as useful as handing out megaphones at a narcissist convention. And lately, of course, everybody’s become aware of what a hate-amplifier it is. But I have to say I really like this.

Concerning Nature’s “open access”

Posted on 2014-12-05 by Charlie

Earlier this week the Intartubes were boiling with the news that Nature Magazine would open its archives back to 1869. Which would, indeed, be marvelous and unexpected.

But it’s a little more complicated than that… it seems Nature’s publisher, Macmillan, is going to let paid Nature subscribers use (yet another) foredoomed-to-failure “read only sharable format”.

The content-sharing policy, which also applies to 48 other journals in Macmillan’s Nature Publishing Group (NPG) division, including Nature Genetics, Nature Medicine and Nature Physics, marks an attempt to let scientists freely read and share articles while preserving NPG’s primary source of income — the subscription fees libraries and individuals pay to gain access to articles.

That sounds pretty great for everybody, right? Win-win!

ReadCube, a software platform similar to Apple’s iTunes, will be used to host and display read-only versions of the articles’ PDFs. If the initiative becomes popular, it may also boost the prospects of the ReadCube platform, in which Macmillan has a majority investment.

Starting to sound a lot dodgier now… we may have a reality disconnect going on…

Although the screen-view PDF cannot be printed, it can be annotated — which the publisher says will provide a way for scientists to collaborate by sharing their comments on manuscripts.

Yep, reality check sorely needed. Hey, look, smartphones have cameras!

ReadCube -> monitor screen -> camera phone -> email -> PC -> printer.

There are no formats that can be viewed but not printed. If you think such a thing exists, everything you’ve built is suspect, because you’re apparently not entirely aware of what’s going on around you. The odds are good that Macmillan’s “read only format” can be trivially defeated, and that script kiddy hacks will be available in short order.

Any questions?

Accurately named network distortion tool

Posted on 2014-12-03 by Charlie

“Comcast is a tool designed to simulate common network problems like latency, bandwidth restrictions, and dropped/reordered/corrupted packets.”

https://github.com/tylertreat/Comcast

Office not so 365

Posted on 2014-11-19 by Charlie

Microsoft’s Azure Cloud service failed at almost exactly midnight last night, taking down hundreds of websites who may have thought that hardware redundancy could magically protect them from sysadmin oopses, as well as users of Xbox live and Microsoft’s flagship service Office 365.

Viva Zorggroep, a Dutch healthcare organisation with 4,000 employees, said it had also been affected as a consequence of adopting Microsoft’s online apps.

“At this time, our supporting departments such as finance, HR, education, IT et cetera are working with Office 365,” said Dave Thijssen, an IT manager at the company.

“This morning these servers were unresponsive, which means users were not able to log in to Office 365.

“As a result they had no access to email, calendars, or – most importantly – their documents and Office Online applications.

“We also had trouble reporting the outage to our users as most of digital communication – email, Lync, intranet/Sharepoint – was out.

The outage persisted for over five hours for some customers and apparently there are still latency issues at this time. This is of course a violation of the Service Level Agreement… so you can keep a nickel or two of your monthly rent, I bet.

Microsoft climbs aboard the WordPress bandwagon

Posted on 2014-11-11 by Charlie

If you were thinking to yourself “what my PHP-based content presentation system really needs is an expensive backend from a company that has historically done incredibly poorly with PHP” then Microsoft has got your number.

Internet soft spots

Posted on 2014-10-31 by Charlie

Want to build a ginormous botnet without doing a lot of work? Compromise one of the Internet’s soft spots.

If you take over bOINGbOING.net, you can use the site to inject malware in 1.3 million visitors. Chump change! How about TheChive.com, or Kottke.org, or whatever? Face it, you’re not going to get more than 15 million suckers. It’s just too much effort for a lazy man; you’d still be doing a lot of hard work to recruit a paltry few million zombies.

So, you take over jquery.com, or typekit.com. Now you’re cooking with gas! It’s become common practice for websites to use remotely sourced scripts – so there are thousands of sites that will blindly push out whatever is in the file jquery.js at jquery.com, and all that site’s visitors will run it just as blindly. So if you take over a popular script or advertisement source, you can leverage that into billions of individual attacks, quite easily.

And that’s my Halloween horror story for this year.

Historical European Martial Arts Wiki

Posted on 2014-10-21 by Charlie

Wiktenauer is an ongoing collaboration among researchers and practitioners from across the Western martial arts community, seeking to collect all of the primary and secondary source literature that makes up the text of historical European martial arts research and to organize and present it in a scholarly but accessible format.

How to hurt yourself with EIGRP

Posted on 2014-10-15 by Charlie

As long as all your routing nodes are Cisco branded, EIGRP (Cisco’s proprietary routing protocol) is very easy to implement. You pretty much just turn it on and it works, like the old Appletalk/phonenet networks in the pre-OSX days.

But if you have a machine that’s all loaded up with static routes, and you accidentally redistribute them back to the machine the routes point to, the network gets pretty loopy. Little network geek joke there. where she stops nobody knows

Neil DeGrasse Tyson as a sacred cow?

Posted on 2014-09-22 by Charlie

Pascal-Emmanuel Gobry wrote an article about the way most modern people have debased science into a caricature of pre-renaissance religious dogmatism, simply substituting white lab coats for black cassocks.

…let me explain what science actually is. Science is the process through which we derive reliable predictive rules through controlled experimentation. That’s the science that gives us airplanes and flu vaccines and the Internet. But what almost everyone means when he or she says “science” is something different.

To most people, capital-S Science is the pursuit of capital-T Truth. It is a thing engaged in by people wearing lab coats and/or doing fancy math that nobody else understands. The reason capital-S Science gives us airplanes and flu vaccines is not because it is an incremental engineering process but because scientists are really smart people.

In other words — and this is the key thing — when people say “science”, what they really mean is magic or truth.

The Intarnets are up in arms. Criticize capital-S science, or the inanity of assuming that science and religion are conflicting methods of solving the same problems? Oh please. Richard Feynman brilliantly plowed that furrow in 1956, and nobody’s really changed their opinion on the subject then or since. What’s important here is that somebody criticised Neil DeGrasse Tyson! Quelle horreur!

Putting it on a computer doesn’t make it new.

Posted on 2014-09-17 by Charlie

This Ars Technica article is notable not only because it explains the Alice decision, but because it leads with a picture of a Wang System 2200 terminal. I taught myself BASIC on one of these around 1977 or so (before the Black Ships came and the secret of hose gartering that doesn’t ravel was lost).

Phone Scammer Slammer

Posted on 2014-09-12 by Charlie

Revenge!

“Man Ass”

Posted on 2014-09-10 by Charlie

Unix-derived operating systems have a tradition of making commands short and easily typed regardless of social conventions.

So, in order to consult the manual page for the Autonomous System Scanner, you would type “man ass” at the command line. People involved with AS work would not find this remarkably odd or offensive – we’ve already got jobs to do, that don’t involve complaining about other people’s sense of propriety.

However, if one creates a site that automatically generates HTML-formatted web pages from the man pages of the Ubuntu V13.04 linux distribution, popularly called Raring Ringtail, one ends up hosting a page describing “raring man ass”.

The Internet being what it is, such a page may have unexpected effects on your google analytics results…

Redstone Rockets

Posted on 2014-08-19 by Charlie

I enjoy reading John Bullard’s History of the Redstone Missile System, although most people are likely to find it pretty dry. I found it linked from Jim Ryan’s marvelously informative site, which is a memoir of his Army experiences manning the Army’s Redstone missiles from 1958 to 1962. It’s a wonderful site to visit if you’re a hardcore rocket buff or cold war historian, although perhaps not much fun for those who couldn’t keep themselves awake in history class.

I think sites like Jim’s are the best thing about the World Wide Web. Computer professionals didn’t need the WWWeb to communicate with each other and organizations didn’t need the Web to move data – those needs were already met by the Internet itself, underlying the Web. But the Web lets people like Jim reach out to the whole world, not just computer gurus, with information that would never otherwise be available to many of the people most interested in it.

STOP USING ACTIVE X.

Posted on 2014-06-12 by Charlie

One of the horrors remaining from the browser wars of the late 90s is Microsoft’s “ActiveX” technology. ActiveX, not DirectX, although maybe the latter needs to die too.

ActiveX in browsers is based on the idea that your computer should be able to download and execute completely random binary images from the Internet without your permission. What a great basic architecture, huh? It was created because Microsoft’s implementations of COM and OLE technologies were so unnecessarily complex and fundamentally user-hostile that nobody sane wanted to use them. Microsoft needed an alternative, one that could be integrated with the web, since they wanted to crush Netscape and take over the Internet. Browser technology was critically important to them and ActiveX was a way to prevent the creation of a level browser playing field based on shared standards.

To give a more generous interpretation of the same events, Microsoft was faced with a desire to provide a richer web experience to their customers and an inability to deliver their vision using existing web standards. ActiveX was an early attempt to work around the inadequacy of HTML, and while it had many issues (security being a big one, and lack of support for non-Intel platforms another) Microsoft has worked continuously and diligently to remediate those issues and support current and former users of their products.

Personally I’m completely happy with either of those interpretations of the events surrounding the birth of ActiveX. Who cares? Those bodies are all buried now… or at least they should be.. NO WAIT. ActiveX is still stinking up the room!

If you use ActiveX in your websites, or allow your browser to execute ActiveX controls, you are part of the problem. Please, I’m begging you, for the love of God, stop it! Just let this hideous thing die, will you?

There’s nothing that ActiveX provides that can’t be provided using current web standards and technologies. You don’t have to keep hurting yourself, and your readership. Just stop already.

Whenever you purchase any software with a web server in it, or sign up for any service that has a web interface, you need to routinely insist that the product you are buying must be useable with any browser, not merely Microsoft Internet Explorer with ActiveX enabled running on 32-bit Microsoft Windows on a x86 chipset. Make the seller put that in writing, so you don’t get stuck supporting ActiveX against your own will. It’s a shame you have to do this – you don’t have to specify in writing that there will be no incontinent rabid monkeys in the back seat when you purchase a car – but it’s necessary. ActiveX must be destroyed.

Setting default gateway on Cisco 2960 switches

Posted on 2014-06-04 by Charlie

Since The Dawn Of Time ™ it’s been possible for a networked device to have a default route. Way back then, before our beards turned thick and grey, all routers were called “gateways” so the default route was called a default gateway in those ancient times.

The purpose of the default route is to provide a last ditch option when the device does not know what to do. Basically, whenever a networked device doesn’t know where to send some data, it can do the equivalent of a hail mary pass, and just chuck it blindly at a mysterious place where hopefully there will be a router or modem of some sort which is part of the global Internet. This is actually how the vast majority of Internet traffic is handled, believe it or not; PCs, Macs and webservers typically don’t know anything about how to reach other things on the Internet. The router that sits at the end of their default route handles it for them.

The Cisco 2960 is a commodity network switch that has recently been given some routing capabilities by a software update. They are quite commonplace; there’s a couple stacks of them around my job site, hanging off the larger Nexus fabrics.

The 2960 has brought some fresh confusion to the terminology, because for reasons unknown Cisco has provided these three commands:

ip default-gateway (when IP routing is disabled)
ip default-network (when IP routing is enabled)
ip route 0.0.0.0 0.0.0.0 (when load balancing across multiple routes is enabled)

To an experienced networking professional, those are all the same thing. If I say “hey, Melvin, set route zero mask zero on your box to point to the core12 router” it means the same as if I say “Melvin, you dolt, your default gateway needs to be core12” or even “the default net should be core12, Melvin!” So this is a remarkably non-intuitive set of configuration options here.

“So what” you say, with a Cisco router you just use the tab-completion and question-mark help features of the command line to learn what to do, right? Who needs documentation, Cisco rocks. Er, except in the current version of the software there’s no help text at all for ip default-gateway, and you can’t use ip default-network until routing is enabled, and it’ll accept ip routes to 0.0.0.0 without using them as a default. So, not so much. Thankfully Keith Barker has a more helpful post than mine, if you haven’t already figured out what you need from this one.

Is this normal Facebook behavior?

Posted on 2014-05-29 by Charlie

Normally, when you join a web forum, the proprietors will validate any email address you provide to them.

This is a pretty simple process; you just send an email to the address, containing a unique link to your web forum, and wait for someone to connect to it. When they do, you know that the person at that address is indeed someone who wants to participate in your forum. Code to do this is easily found on the web, you don’t have to write it yourself.

But apparently Facebook doesn’t bother with that sort of labor and time saving automation, they just let anybody use any old address, or something.

Yesterday, in the wee hours of the morning, someone using the name “Autumn Brooks” signed up for Facebook using my gmail address. In short order this fictitious person got 52 people to “friend” him. Only three people out of 55 smelled the obvious rat.

Now, I don’t know what this person’s game plan is or was. I mean, obviously, the intention was criminal, since my email was abused, but I don’t know how they expected to profit.

What I do know, from the Facebook-generated email that’s been POURING into my mailbox ever since (making it difficult for me to find and respond to real email in a timely fashion) is that “Autumn Brooks” was seeking out people in distress. Men struggling to raise kids alone, lonely for some adult female companionship. Teenage cutters looking for someone to talk to. Vulnerable people, people in emotional distress.

Yesterday afternoon I requested Facebook do something about this. I have yet to receive a response… maybe this is all business as usual in Facebook-land?

retweeted more

Posted on 2014-05-15 by Charlie

Adding “peer reviewed” doesn’t help as much as you’d think. Try it for yourself.

MPLS blowed up sir

Posted on 2014-05-13 by Charlie

The BGP routing information coming in from our Verizon MPLS connections has gone insane. Somebody is screwing up. Haven’t figured out yet if it’s them or us…

I hope you’re not reading this with Internet Explorer

Posted on 2014-04-29 by Charlie

If you ever built a website that is only useable with a specific browser you should be ashamed of yourself. Get a job where quality doesn’t matter, OK? Be a banker or something.

The Internets are awash with reports that the US and UK governments are recommending nobody use Microsoft’s Internet Explorer web browser until CVE-2014-1776 is fixed.

And that’s great advice! Use Firefox or Chrome. They are free and work at least as well as Microsoft’s products do.

But various idiots have built systems that only work with IE… unsurprisingly, many of these idiots work for the government, and many of the systems that require IE were built with your tax dollars. A little more surprisingly, many of the hospitals I work with have purchased systems that require IE, although given the increasing reliance of modern medicine on high technology you’d hope that hospitals would know better than to buy any system that isn’t OS- and browser-agnostic. You’d hope in vain, unfortunately.

Typing Animal

this is the blog part

Category Archives: internet