Share this
dnsUNFILTERED: Brian Wilson
Podcast > Episode 48 | March 03, 2026
Mikey Pruitt (00:00)
I'm here with Brian Wilson, BGP connoisseur. Is that a word? Is that a thing? I don't know. Welcome, everybody, to another episode of DNS Unfiltered. Brian, hello.
Brian Wilson (00:05)
Yeah
Yeah, hi, Mikey. Yep, I go by BGP Brian to try and and build my reputation there. But yeah, about everything BGP.
Mikey Pruitt (00:20)
Well let's start there. What the heck is BGP?
Brian Wilson (00:24)
Yeah, so I don't know if you're... Some people may or may not be more technical, but ⁓ if you're a network engineer, BGP stands for Border Gateway Protocol, and it's the routing protocol of the internet. So anytime you go to a website, your traffic is going to use BGP. And basically what it is, is it's what's used to exchange routes between big companies or organizations. So if you're going from AT &T to another network,
to your provider, to DNS Unfiltered. It says connections between the organizations that BGP handles.
Mikey Pruitt (00:59)
And they call that peering, is that right? Okay, I want to make sure.
Brian Wilson (01:02)
That's correct, yeah. You have BGP
and neighborships and then it would be called peering, right. It could be peering if it's between two equal size organizations or if you have somebody you're paying that's like an uplink, then it would be your service provider, I guess you would say.
Mikey Pruitt (01:08)
So I am.
Understood. So like I feel like we're gonna need like a glossary for this episode So I may I may stop you and say what does that mean? I'm vaguely familiar with any cast and BGP because DNS filter operates a global any cast network that does our DNS resolution I had to maintain that Network back in the day, but you know, I was just pushing the code to the machines not necessarily understanding how BGP works So we'll that up to you. You're the expert
Brian Wilson (01:21)
Ha!
Sure, I'll try to keep it high level, not get too into the weeds. if you follow me on, ⁓ well, if you follow me on LinkedIn, I post about technical topics. I think I did MPLS VPN this week and I got pretty technical. if you want the trickier stuff, that's where to go.
Mikey Pruitt (01:49)
No, go into the weeds.
Yeah, I saw a few of those and that's actually how I found Brian is some of your LinkedIn posts. I was like, Ooh, this is a very interesting. And I feel like the audience here is relatively technical. A lot of MSPs, a lot of IT pros. So they're going to understand networking more than I do even for sure. But I've really wanted to get into like this career that you've had around BGP design, internet routing, you.
What drew you into this? Like this is a very deep rabbit hole of nerddom. The BGP space. How did you get drawn there?
Brian Wilson (02:34)
For sure, yeah, I'll try and go through it real quick. When I was in school, I majored in math, I actually had a graduate degree and I took all the classes for a PhD, but was never into the research side. So had this degree and I was like, okay, well, what am I gonna do with this now? IT was a great field to go into. So I started like everybody does at Help Desk, we're in tech support, think we were supporting retail stores with their internet connections. And yeah, I just kept going from there.
I wanted to become a network engineer, so I got my CCNA and I started getting some other jobs. I worked at ZEO, which is a big global fiber network internet provider, and that's where I first learned BGP. Then I had some other jobs and I also most recently worked at Cisco and supported their firewalls. And a lot of people there would need to set up BGP connections to the cloud or to various other places.
Yeah, that's where I picked it up. And I don't know, it just always clicked with me. A lot of people think it's super complicated, I guess maybe just because I used it so much or whatever, it just made a lot of sense to me. And I always had the idea of, know, nobody's just doing specifically consulting for BGP and internet routing. So I thought, you know, I should start my own thing doing that ⁓ eventually. And so eventually I did.
Mikey Pruitt (03:59)
Yeah, and congratulations on that. You're the BGP Brian out there on the interwebs now. So that's really cool. are some things that most people don't know about BGP? And keep in mind, this is like a week or two ago. Well, a week ago and a week and a half ago, the entire almost internet was down because of BGP and DNS and issues like that. So tell us some things that we don't know.
Brian Wilson (04:04)
Thanks. Very exciting.
Yeah, well, that one was actually DNS. There have been some big profile BGP outages, but not so many recently. There's been some things that have been done to mitigate that. But yeah, what people don't know about BGP, I mean, it kind of depends really where you're at and like what type of job you had, even if you're a network engineer. If you work at a service provider, you're going to use it all the time. But if you're at an enterprise or like I was at Cisco supporting firewalls,
there wasn't a lot of people on the team that understood it. So I was able to help do some talks and explain things about that. I think basically just that BGP is just internet routing. So if you're BGP, you might not understand it, but it's really what everybody uses every day to ⁓ use the internet for anything.
Mikey Pruitt (05:18)
think it's weird that we're, I saw a lot of ⁓ rebuttals to the AWS outages and Azure outages about the internet was meant to be a decentralized place and now we're in the hands of six big companies. And I think that BGP, the way it's architected is decentralized by nature. How does that kind of ⁓ get?
I guess mishandled into larger companies kind of controlling all of it.
Brian Wilson (05:49)
Well, yeah, so the idea of, well, EBGP at least is that you're connecting between autonomous systems, which are essentially just any organization that has a unified administrative control of a network like Amazon, Microsoft, providers, whatever. So yeah, the internet work, the internet comes from the word internet work. It's supposed to be a network between all these autonomous systems.
Yeah, I don't know. guess if you get larger companies start to consolidate things, then there becomes less interconnections between different companies. But I think there's still plenty of mid-size and smaller companies out there. Even one of the groups of companies I've been working with is smaller rural fiber companies, because everybody's trying to build out fiber at the home now in the last mile. ⁓
It's maybe been built out in more urban areas, in smaller rural cities, hasn't been done yet. So a lot of little companies pop up to do that. So there's always smaller and mid-size people connecting to.
Mikey Pruitt (06:56)
What do you think the challenges are, or the differences, I guess, between like an ISP trying to manage BGP versus an enterprise trying to manage it?
Brian Wilson (07:07)
⁓ Yeah, so I mean, it's just a different mindset. With an enterprise, usually you've got your internal network and then you're either looking at one or two uplinks, preferably multiple so you have redundancy and you don't go completely down if your provider goes out. Or you might have appearing to equal size companies. But really the idea is more of an uplink from the enterprise side and then from the carrier side, you're more thinking about transporting traffic.
So you're using a lot of their use, like they say they use MPLS VPN and then you have BGP running on top of that at all the edge routers. So yeah, it's a multi-bring called VBGP with VPN V4 routes. It can be used for VPN for companies. That's what I was talking about in my latest post.
Mikey Pruitt (08:00)
Okay. Describe what was it? MPLS VPNs real quick.
Brian Wilson (08:05)
Yeah,
this is where you can get into a lot of technical details. But basically, MPLS is just a label switching. you could kind of say it's almost similar to ethernet. It's a layer 2 or layer 2.5 technology. But basically, it's just an underlying ⁓ connection between all the routers in your network. And then you could run layer 3 IP connections like BGP over the top of it.
Mikey Pruitt (08:35)
So is it really similar to like a traditional VPN, like just some sort of tunnel?
Brian Wilson (08:40)
⁓ It's a little bit different. It doesn't use tunnels. It uses VRFs, which are virtual routing and forwarding instances. So that means on the provider, every router they have, give you, they give their customer like a virtual router with its own routes and its own protocols, right? And you can run BGP in that virtual router to connect between the customer's router and the provider's router to exchange routes. But then from there, it takes those routes in the VRF and moves them over to
BGP to transport it through its network over in PLS VPN. And it uses a special type of VPN route that BGP has set up. It's actually an address family. And to separate all the customers routes and get them where they need to go.
Mikey Pruitt (09:30)
That made total sense to me. ⁓
Brian Wilson (09:31)
I hope so. Yeah, it's a little
tricky. Even writing this article, I had to like research it a bit.
Mikey Pruitt (09:34)
I can't.
Yeah, I kid a little bit. But you do a really good job, Brian, of kind of breaking this down into very understandable frameworks or similes or things like that. And I see you posting on LinkedIn some very high-level concepts that you really break down well. Is that something that just kind of came naturally to you, or do you go deep when you're having to translate to human?
Brian Wilson (10:06)
It's not writing is not something that comes naturally. The ideas and the technical part of it does. So I do use AI quite a bit to help write it. So what I'll do is I'll just dump out all my thoughts. Like if I want to explain something, I'll just dump it all out in a notepad. And of course it's not readable. I'm not a good writer. It doesn't sound good at all. But then just put it into AI and say, hey, polish this, smooth it out. And it helps me kind of structure and format it. But then I go back and.
re-edit it, because it's going to put in words that are out of place or hallucinations or it's never going to get it right the first time. So I go back and edit it through with my human voice, but I do use it a lot just to help me get the post structure right.
Mikey Pruitt (10:49)
Yeah, that's a good idea. I'm kind of translating it into your, you know, your raw thoughts. I'd do that same thing. Not quite what it's like BGP level concepts, but it's a very good strategy.
Brian Wilson (11:00)
Yeah, that's the great thing.
It's like such a niche thing that nobody else is doing it and yet there's a huge audience of network engineers out there that love it. it's great to, maybe I shouldn't talk about it too much. Somebody's gonna start up a competitor to me. I'm just kidding.
Mikey Pruitt (11:14)
No, no, you don't have to worry
about that. But I bring all that up because Brian runs a very cool Discord group. A lot of people in there chatting about, you know, BGP topics and looking for work in the space, looking for junior level positions to kind of get educated. So you run this community. What does that mean for you?
Brian Wilson (11:37)
Yeah, so ⁓ I think we were talking earlier and I was telling you how I started posting on LinkedIn because I wanted to learn marketing to start up my consulting company. So I was learning how to do these ⁓ posts on BGP, but find the right hook or the image so that people will actually read it and it'll get distributed. And as I did that, I found that I started getting a lot of network engineers following me that wanted to learn BGP. ⁓ So eventually ⁓ I said, hey, let's...
create a community on Discord to where people have questions, they can ask questions and I can answer. We also have a lot of other high level network engineers, companies like Cisco, Juniper and other big companies that can help answer questions. So, yeah, I set up that community and the post that I did that really took off. I think it got like 40,000 views and probably have 400 network engineers over there already. So it's a pretty big community and yeah, anybody that...
that's working in network engineering that wants to learn more about BGP or has questions as they're working with it at work and don't know something, it's a great place to get information.
Mikey Pruitt (12:43)
Yeah, it's the BGP Black Belt. I believe you called it the Dojo on LinkedIn. But find one of Brian's posts or reach out to him DM him on LinkedIn and he'll send you an invite.
Brian Wilson (12:46)
That's right, yep.
Yeah, just
connect with me and DM me directly and I'll send you an invite if you'd like to get into it.
Mikey Pruitt (13:00)
Yeah, and you were gracious enough to let me in there. And I do have a question from the audience of the Black Belt Dojo. But before that, I want to take a little bit of a tangent into something you mentioned about marketing on LinkedIn. So like you are a networking professional. You've gone on your own adventure now and you thought you came to the conclusion that you need to be a voice in the space. So you set out to
make that happen. Do you think that's something that is required?
Brian Wilson (13:35)
for me or in general.
Mikey Pruitt (13:38)
in general.
Brian Wilson (13:40)
Yeah, I think so. think it's great. don't think that, I mean, well, there are obviously people that network engineers that post about different topics, but, ⁓ you know, nobody's really taken it from the marketing angle to try and like really be almost like an influencer, like a ⁓ network engineer influencer. It's kind of a contradiction that a lot of nerdy people do that. But ⁓ I think it's great to have, yeah, like a central source of information about BGP or... ⁓
essential person that people can come to if they have questions. I haven't seen anything else ⁓ like that out there. So it's great for me. That's what I want my personal brand to be all about so that people know me for BGP.
Mikey Pruitt (14:24)
Yeah, that's I think it's really important these days to have a personal personal brand. ⁓ And I'm glad that you kind of set out on that kind of identifying that as a something that needed to be on the checklist of running your own consulting firm. So that's really cool.
Brian Wilson (14:42)
Yeah, it gets you the visibility you need for the marketing part. And then from there, sometimes I just get customers directly asking for consulting. But even if I'm going to go and trying to be doing sales and reaching out to people, if you have that personal brand and people kind of know who you are, have seen your stuff, it really helps a lot with trust or credibility if you're going to be working with somebody in the future.
Mikey Pruitt (15:04)
So the community, again, you're gracious enough to let me in there. I saw a few memes, I had no idea what they meant. I asked you before this what EBGB was and IBGB. Go ahead, yeah.
Brian Wilson (15:17)
⁓ Yeah, I didn't even have time to check that yet, but I'll go ahead look at that. ⁓ yeah, as far as EBGP versus IBGP, like I think I was mentioning before, if you have the connections between the autonomous systems, between DNS unfiltered and AT &T or whoever your provider is, that's going to be an EBGP neighborship that exchanges routes between the two orgs. And then if like AT &T is ⁓ acting as your provider and ⁓
routing traffic for you, then internal to AT &T, they could run IBGP between their own routers to exchange routes for traffic.
Mikey Pruitt (15:56)
I'm going to have to slide this meme in here. Let me see if I can make it big. on. Yeah, let me see if I can share screen real quick, just so the audience can see here.
Brian Wilson (16:00)
⁓ yeah, I don't know what the meme is.
Mikey Pruitt (16:13)
There it is. This is the meme. I was like, what is going on here? So describe describe the mean for the audience and me.
Brian Wilson (16:26)
Yeah, I'm not sure. I'm trying to figure out what it means myself. So it's just saying the algorithm prefers EBGP. I don't know if they're talking about the LinkedIn algorithm or I'll have to, I'm not even sure. I'm going have to look more into that.
Mikey Pruitt (16:36)
⁓
That's
actually, there's a lot of ways that meme could go. Hopefully that wasn't nefarious in some way, but this community is really cool. And so before we got on today, I asked your audience in there, you know, what, did you want, ⁓ Brian to talk about topics, questions, and there was a kind of a consensus around a question that I kind of have, like for every guest that I have on the show is.
You know, will AI take our jobs? But this is more in the way of, there room for junior engineers getting into the space ⁓ with automation and perhaps AI on the horizon that there's still room for those juniors?
Brian Wilson (17:24)
Yeah, that's a very good question. And I actually had been thinking about that a lot and talking with people about that a lot as I started this business, because obviously, if AI is going to take over all network engineering, then there's not going to be anything left for me to do. I think that over time as I've started seeing how AI is actually used, I don't think that it's going to replace people to that degree nearly as much as people might have thought.
It's definitely very helpful for analyzing things and like looking at, like you might have a router spit out, you know, pages of logs that you'd have to dig through. People used to have to dig through in detail to try and troubleshoot to figure out, you know, what was causing an outage or something. Now you might just be able to throw that into AI and it says, ⁓ the outage is because of this, this, this, do this, this, this to fix it. So it really helps with that analysis. But.
No, I think as far as like you still need people running the network. There's so many things that still require humans. I mean, you can't totally trust AI all the time. It's going to hallucinate or not say the right thing or might the config might just be, you know, one word off, but that could take down the the whole network, you know. So you need humans to oversee it. And as far as like in the job market, you know, Oracle is just hiring a bunch of network engineers to build out their cloud stuff to support some of the AI.
And so I still see people being hired all the times in both junior and senior roles. ⁓ I think that it's still a great field to be in. I don't know like the absolute number of jobs, but I don't see AI like totally replacing people. I still see tons of network engineers working in the field.
Mikey Pruitt (19:07)
What are some of the skills that someone looking to get into network engineering and BGP engineering? What should they be looking at as things to learn?
Brian Wilson (19:17)
Yeah, so I mean, obviously you can get your certifications. Usually the first thing is just to get an entry level job, which is going to be like help desk or tech support. That's how I got started in it. So if you're at all, you know, have any inkling towards technical things, if you just work at a help desk where like what we did was like at 7-Eleven, say, or some gas station, their internet connection went down, they would give us a call.
we would either send a field tech out or maybe be able to access something remotely or call the ISP and work with all those people to get the issue resolved. But if you had one company with 3000 gas stations across the US or maybe lot more, they can't handle every individual connection. So there's stuff like that. There's little MSPs or other shops where you can kind of just get your feet wet. And then from there, just learn networking. ⁓
probably if you can study for your CCNA and pass your CCNA, that's real helpful. Just Cisco Certified Network Associate. And that really gives you all the basics you need to do anything in network engineering. And there's always more you can learn. There's always higher certifications. You can go into security, firewalls, you can do wireless, voice. Nowadays there's automation. Learning Python is helpful for that. And just a bunch of other different areas that even some things that are
semi-tangential like cloud or ⁓ data centers. mean, there's lots of things you can get into in tech.
Mikey Pruitt (20:51)
Are there any tools that you would recommend people use at home or maybe in their school computer lab or something that they can have access to?
Brian Wilson (21:00)
Yeah, there's some good ⁓ simulation software that people can use if you want to practice configurations and things. A lot of people use ⁓ Eve NG, I think today. It's EVE, something like virtual environment or something like that. And Cisco has a few others maybe. I can't remember the names exactly. But you can do that. Or what I did is you can just buy a cheap ⁓ Cisco router and switch. ⁓
online. If you find an old one, they're not very expensive at all. Buy a few ethernet cables and then you can fire those up, log into them, play around, connect them however you want and practice different configs.
Mikey Pruitt (21:44)
So when you're learning or when you're in the professional setting, what are some of the resilient measures you can take to structure a BGP network or a network in general that make it more stable?
Brian Wilson (22:01)
Well, for sure you should always have a ⁓ backup BGP connection for your internet if possible. Otherwise, if the internet goes out, then your whole organization is going to lose access and potentially revenue and productivity and everything. ⁓ So if you can have multiple providers and multiple BGP connections, you have a backup one if the primary goes down. That's very helpful. ⁓
I think of other other resiliency things you can do.
Mikey Pruitt (22:31)
Have you ever dealt with routers that do cellular connections and ⁓ multiple ISPs in them?
like multi-wan, I guess it would be called.
Brian Wilson (22:48)
⁓ yeah, know you can like, I think we used to deal with some routers or firewalls or something that companies would have dongles and connect to 3G at the time. Now it's probably 4G or 5G. ⁓ Yeah, I have not personally dealt with SD-WAN, but I know that's kind of popular with ⁓ some various companies these days to where you have software actively managing your traffic if something happens.
Like maybe it's not down, but it's just degraded on your primary internet connection, then it can sort of reroute traffic through a backup connection. ⁓ So you can either do it software divide that way, or you could just configure multiple connections with BGP. And I have done that to where you can set up redundancy.
Mikey Pruitt (23:25)
One. ⁓
I'm curious what your house internet looks like. What do you have over there, Brian?
Brian Wilson (23:39)
⁓
no, I just have Cox, think they just ran fiber through our neighborhood, so I could get that. But it's really the same price and I don't use a ton of bandwidth just myself. So I really don't see any delays.
Mikey Pruitt (23:51)
So you don't have like a crazy
multi-wann network at your house? I'm surprised.
Brian Wilson (23:55)
I
don't have it set up right now. I've kind of moved around a little bit in the last few years, so I don't have like one big, you know, lab or something like that. I do have my Cisco router and switches that I can play around with if I want.
Mikey Pruitt (24:07)
Yeah, of course. I had the the local ISP I have it's like a co-op kind of place and a few Christmases ago about two weeks before Christmas. They put like a little door hanger on my door. I was like fiber internet in your neighborhood and I ran down the street down I ran down the road to track the lady down in her car and I was like sign me up. I'm ready. She's like, well just call the number. I'm like, okay, sorry.
Brian Wilson (24:22)
Yeah, that's what we got.
And there's Starlink these days. I'll probably get it eventually, you know, usually I just go with what's the cheapest because I'm not trying to, I'm not like a gamer or trying to do anything crazy at my home. Just need it for work is all.
Mikey Pruitt (24:45)
You don't need the lowest ping,
lowest pings. there's a lot of, there's a lot. So BGP DNS are like very old technologies, but I'm curious, do you see like BGP evolving in any way that, that will help or hurt the infrastructure of the internet?
Brian Wilson (24:48)
Just, yeah, just, as long as it works.
Yeah, BGP is crazy. People are always wanting to add extra stuff onto it because it works so well for routing that they want to add more things. you have what's called multi-protocol BGP now, and you have address families under it. So it's like every different type of thing you want to exchange besides routes, you can do with its own address family. So you have, like I was mentioning before, VPN routes. You have VXLAN and EVPN for
data centers, can exchange IP and MAC info for ⁓ discontinuous layer two networks for various customers in a data center. ⁓ There's segment routing, people are always coming up with new ideas and RFCs to add on to BGP and it's kind of getting to be a juggernaut.
Mikey Pruitt (25:58)
So are you on any of those boards or do you follow them closely to see like what is getting added and rejected?
Brian Wilson (26:04)
Yeah, I'll keep an eye on that. I'm not on any boards myself, but ⁓ I know a couple people on LinkedIn that are on some of those boards. There's stuff out there, just maybe not as many people pay attention to it, but you can go to the RFCs or IETF or some of the networking conferences and really get into the weeds in a breakout session for PGP with some of those people if you want to.
Mikey Pruitt (26:29)
Yeah, there's a RFC for DNS where they're proposing to use carrier pigeons instead of infrastructure. So yeah, RFCs is like, take those with a grain of salt, guess. I'm curious, ⁓ so during your trials and tribulations in network engineering, BGP, ⁓ maintenance, what is something that happened that shaped your thinking?
Brian Wilson (26:36)
⁓ yeah, I saw that.
Mikey Pruitt (27:00)
on BGP or that made you more excited about being in that space.
Brian Wilson (27:08)
yeah, let's see, so...
I like I said, I first really got involved with BGP and learned a lot at Zayo, which was a service provider, obviously. yeah, I don't really know why it clicked so well with me, but I'm very logical, I guess, and it's very structured. It's not like OSPF where it collects all the different pieces and then runs an algorithm to put the whole network together. It's very literal like.
Okay, we establish a neighborship, now we exchange routes, this one to this one, that one to that one. So it's step by step logical for me. But yeah, so I worked with BGP at Xeo and then at Cisco, I was supporting firewalls and a lot of people would be setting up BGP connections to the cloud in particular, either GCP, AWS or Azure.
or various other places. And I know I always just enjoyed working on those BGP cases that I got. And I kind of did some talks for some other engineers to help ⁓ train them on it for people that weren't familiar with BGP on the firewall team. But I thought, hey, I'm really good at this. I like it. I can resolve these cases. I always had the idea of kind of just starting my own ⁓ consulting company, just focused on BGP. So ⁓ eventually I did that.
Started that up a few months ago and we were talking earlier but started the marketing for that on LinkedIn and started to get some consulting clients.
Mikey Pruitt (28:50)
So it just came naturally to you. think it's like a natural progression into being like the BGP Brian basically on the internet. That's cool.
Brian Wilson (28:58)
Yeah,
yeah, there's not a lot of other, there's a lot of other consulting firms, but not really the many that focus on just PGP, which I think it makes sense as its own category because it's really all of internet routing, which is a huge area, a market that a lot of people have a big need for. So yeah, there's not a lot of people just doing that. So it was a great space that I could contribute to.
Mikey Pruitt (29:22)
So I am very familiar with ⁓ security vulnerabilities of the domain name system. And I'm curious if there are already such vulnerabilities or just misconfigurations that are potentially misused for ill-gotten gains on the BGP networks.
Brian Wilson (29:41)
Yeah. So the main one is if you have route links or hijacks, which when BGP was originally set up, like you said, it's very decentralized. So it's just all these organizations or companies connecting to each other and trusting each other that the routes they get from each other are correct. But anybody could just, if they have their own AS and a connection, they could spin something up and advertise somebody else's route saying like, that's my route. And then all the traffic would go to them instead of the right place. And there wasn't a lot of security.
around that in the beginning. So now they've come up with some cryptographic security measures for that. You've got RPKI, is, well, you've got ROAs, which is Route Origin Authorization, and RPKI, which is Route Public Key Infrastructure. So similar to how you have public key infrastructure for DNS certificates, you can do that for BGP routes as well. And so if...
you can certify like this is my route and if you don't have the right signature, if somebody else doesn't have the right signature, they couldn't hijack your route.
Mikey Pruitt (30:47)
So in DNS, we have DNSSEC. And the adoption, however, is relatively low. So if everyone that maintains some type of website and every provider implemented ⁓ DNSSEC, we'd all be a little bit better off because we're agreeing that you are who you say you are. Do you see that in the BGP community as well? The adoption is low?
Brian Wilson (30:57)
Right.
Yeah,
for sure that's been the major problem with it is just getting people to adopt ⁓ RPTI and ROA. And some service providers enforce it and some don't. I think more are enforcing it lately. I'm not sure the adoption rate, I want to say 50%, but don't quote me on that because I don't know exactly. So it's something that more people have to use for it to work completely, but it's been picking up steam lately.
Mikey Pruitt (31:40)
And I'm not trying to give the bad guys a good idea here, but it sounds like BGP could also be used to reroute traffic in places and be corrupted in some circumstances. the ecosystem is slow to adopt new security add-ons, which is the same in DNS.
Brian Wilson (31:43)
Well.
Mikey Pruitt (32:04)
⁓ I don't want to give any ideas to the bad guys. Hopefully they're not watching this anyway. But I'm just curious, ⁓ do you know of any BGP manipulations that resulted in damages?
Brian Wilson (32:19)
Yeah, for sure. There have been incidents and huge outages caused by either an unintentional route leak or an intentional hijack of somebody with a route, hijacking a route. But it's actually not that common. People probably might hype that up a little bit more if they're marketing or trying to sell solutions to that. I think the last major one was like a year and a half ago. I forget if it was Google or somebody else, but... ⁓
Yeah, it took down some routes for some company somewhere, but I mean, it's kind of hard because, it's hard to get away with that because if somebody did intentionally do that, like people are gonna be able to track down, okay, which connection did it come from? Which autonomous system? And I guess they get prosecuted or whatever people do.
Mikey Pruitt (33:11)
How would an attack like that take place? Like you mentioned taking over a route, but it seems like they're pretty finite. How would that actually work? Like I feel like you could do it.
Brian Wilson (33:25)
Well, yeah, the thing is, it's probably the hardest thing is to actually get an autonomous system to register that with. ⁓ I'm trying to think of the registrar. I'm thinking right, but that's in Europe. Whatever the registrar is, you have to justify it. You have to probably have ⁓ an organization or a company. You have to provide all your details, your contact info. So in order to...
while I'm trying to think, there also are private AS's you could use, but you'd still have to get an ISP to actually set up a connection with you. So you kind of have to be a little bit established to have that connection. once you do have a BGP connection with somebody on the internet, then if you...
Say Google has a route for their DNS server, which is 8.8.8.8, right? You could just advertise yourself, hey, I have 8.8.8.8, send that traffic to me. And then all that DNS traffic would go, depending on where the route got advertised, if people are closer to me than Google, that traffic would go to me instead of Google's DNS. And then I could do whatever I want with that DNS traffic, which I'm sure you understand more about that with DNS unfiltered security there.
Mikey Pruitt (34:41)
Yeah.
you would basically steal someone's AS number and advertise it as yourself. And some routes could come to you just because of the latency, the route is better, the path is better.
Brian Wilson (34:55)
Yeah, it's just like...
Yeah, just like IP ⁓ addresses, ASs can be public or private. So if you have a public one, it has to be registered so people know exactly who that is. ⁓ So to set up a BGP connection, you have to have an AS number you're using. You could use a private one, but again, whoever you're connecting to would have to accept that connection. But once that's set up, and yes, if you advertise around, BGP has a 12-step path selection algorithm.
that it uses to decide between routes. So there's a lot of different criteria. And if at each step, if it's tied, it goes to the, it looks at the next one and it just keeps going down the list. But generally, if you were gonna summarize all that up, you would say, if I'm closer to somebody and I'm advertising a route, then that traffic would go to me instead of whoever else's route.
Mikey Pruitt (35:48)
and then you can do anything you want.
Brian Wilson (35:51)
Yeah, you have their traffic coming to you and then you can respond however you want, guess, as if you're the real owner of the route.
Mikey Pruitt (35:59)
You mentioned there was some criteria to determine the best route and ⁓ I'm curious, I assume some of the audiences is, what is some of that criteria or what are the highlights of it that dictate what a good path looks like?
Brian Wilson (36:14)
Yeah, so I can go through some of that. I have a post. There's a bunch of steps, but the major thing is ASPath. So as your route goes through these organizations, as they advertise it ⁓ between each other, it keeps a record of the autonomous system numbers of each autonomous system it's been through. So you can see a path through the internet based on organizations. And generally, it's going to pick the shortest
as path length. So you want to get to your destination going through the shortest number of organizations possible. You don't want to be hopping around forever. ⁓ But that's actually technically the fourth step because there are some earlier steps that you can do to manually prefer a route. You can use weight or local prev. I'm also like if a router itself is originating the route versus learning it from somebody else that it's going to prefer the locally originated route. ⁓
So those are the early steps, but the AS path is the main one. And then there's some other ones like EBGP over IBGP or the shortest path to the next hop via your IGP, which is basically just like, if you're deciding which of two exits to go out of in your company, you want to get to the internet with the shortest interior path possible.
Mikey Pruitt (37:38)
Do you know how the ⁓ Tor network operates? Does it operate in similar fashion?
Brian Wilson (37:43)
that's a good question. I don't think that's involved with PGP, but I'm not really sure. Well, I guess it's on the internet, so maybe. I don't understand that. I've read it before, but I can't remember.
Mikey Pruitt (37:51)
Yeah.
Well, I'm curious. So you've got like this whole brand identity around BGP. You have an extensive background in the space and you're growing a following. You've got a good community going. What does it look like in the future for Brian Wilson?
Brian Wilson (38:14)
Yeah, so actually I kind of have the two tracks now. Originally, I was just trying to start my BGP consulting company. So I have that, which is called BGP Engineering and Design Group. And I've actually been picking up a few clients. I've probably had about five right now. Expanding pretty rapidly and I'm probably going to need to start bringing other people on to handle that pretty quickly. But that's just consulting with companies, working on things like migrations, different equipment or a backup BGP connection.
I'm working with a fixed wireless network nationwide, things like that. So that's all the corporate consulting side that I want to grow. then I do have, like you mentioned earlier, the BGP Black Belt Community on Discord. And that's for just answering questions for junior network engineers, ⁓ networking community, help people find jobs, providing training resources, and just anything else like that growing a...
community of network engineers that I can teach and mentor VGP to.
Mikey Pruitt (39:17)
feel like you should start, do like a short course or something to tell us all how the internet works.
Brian Wilson (39:21)
Yeah.
I've had a lot of people that have been asking for a digital course for BGP. that's, I've been thinking about putting that together and actually it's, you know, I've spent all this time on the LinkedIn post. ⁓ So I'm going to assemble a spreadsheet that lists all of those by topic. And that's sort of like, I don't know if you consider that a course, cause it's not really like refined into a course yet. It's more just like an index. ⁓ But I think that pretty soon I'm going to.
put that out there as ⁓ another kind of lead magnet or whatever, or just a resource that people can have. Because, you know, if you just follow me on LinkedIn, you might miss posts, you might not see them all, you might get them out of order. And if you have that, then you have an index like, hey, I want to know this topic about BGP, you can just go directly to what I posted about it. But yeah, additionally, ⁓ it just takes a while to develop. But maybe in the next year, I might put together an actual course with like video lessons or something like that.
And there's also some other partners or collaborators I can recommend that have courses on BGP as well.
Mikey Pruitt (40:30)
You could use your LinkedIn posts, like their performance metrics, to see which topics are most appealing to the audience.
Brian Wilson (40:38)
Yeah,
for sure. mean, a lot of that just depends on if you have the right marketing, if you got the right hook or the image, just whether people are going to look at it and engage with it. But you also have to have solid content for the engagement. Yeah, just, my most recent technical post that did well was, because like I said, the one where I was introducing the community got like 40,000 views. But I think I got 20,000 views on the last one.
I'm trying to remember the topic. I had one on IBGP before that and then, that slips my mind right now, but that did pretty well.
Mikey Pruitt (41:16)
You've definitely
tapped a ⁓ wealth of interest. I mean, you got my interest. I was like, I've got to talk to Brian. This is great.
Brian Wilson (41:28)
Yeah, it's great. You know, when started, well, so when I was starting my business, I was like listening to advice and looking at LinkedIn posts and everybody's like, oh, you need to niche down, niche down, you know, get really specific. And you feel like, oh, but I'm not going to, I'm going to lose. Well, well, no, but like just because I could do network engineering in general, but you feel like, oh, if I, if I get specific, I'm just going to like exclude all these people that are interested in OSPF and EIGRP and all these other networking topics. But it really is true. And it's funny, the more specific you get.
Mikey Pruitt (41:41)
It's already BGP. It's not like
Brian Wilson (41:57)
the more people that are interested in that specific thing are like, yes, that's for me for sure. And then you actually get a larger audience because you're more unique and nobody else is doing the same thing. Whereas if you're just more generic, you know, nobody's going to care as much.
Mikey Pruitt (42:12)
So BGP was the niche. Yes. Love it. Good.
Brian Wilson (42:14)
Right. Yeah, I probably could get more
specific for that for like BGP for 33 year old people in New Zealand or something, but I think BGP is pretty specific enough, I guess, at this point, since there's not a lot of other people to adjust BGP.
Mikey Pruitt (42:29)
Well,
if you had, you know, words of wisdom to give your younger self, ⁓ you know, as you were coming up through networking or in school or whatever, what would those words of wisdom be?
Brian Wilson (42:43)
Yeah, that's a good question. think the main thing was, ⁓ well, I don't know. was going to say maybe just, ⁓
Figure out what you're interested in and good at as early as you can and stick to that one thing and just keep expanding it. ⁓ If you hop all over the place, you sort of have to figure out what you want to do, what you want to work on. But if you can, find something that's working for you and just get started as early as possible and try to learn as much as you can about that one thing and become the best you can at it.
mean, the thing that's really valuable to people is a unique expertise or point of view or perspective. So if you can just focus on one thing that really vibes with you or appeals to you that you can be good at and that you can help other people with, just pursue that as much as possible.
Mikey Pruitt (43:44)
Good words of advice. Well, if you want to look for Brian, you can probably search for BGP Brian on LinkedIn and find him. I just did it and you were the first one that popped up. However, my algorithm may be tainted since we've been messaging back and forth, but where?
Brian Wilson (43:54)
You
Yeah, I've been trying to
expand my personal brand with BGP Brian. It kind of sticks in your head, you know. But you can find me on LinkedIn. Brian Wilson is a pretty generic name, that might be a problem. But I think it's, if you just type it out, it's like Brian Wilson dash BGP. It's LinkedIn slash in slash Brian Wilson dash BGP is my actual page.
Mikey Pruitt (44:10)
Ha!
Yes. So go look for Brian and Brian, thank you for joining me today and telling me about BGP and helping me decipher some memes and understand a little bit more about how the internet works.
Brian Wilson (44:33)
Yeah, thanks, Mikey. I'm glad you had me on. Really appreciate being here.
Mikey Pruitt (44:38)
Thank you.
I'm here with Brian Wilson, BGP connoisseur. Is that a word? Is that a thing? I don't know. Welcome, everybody, to another episode of DNS Unfiltered. Brian, hello.
Brian Wilson (00:05)
Yeah
Yeah, hi, Mikey. Yep, I go by BGP Brian to try and and build my reputation there. But yeah, about everything BGP.
Mikey Pruitt (00:20)
Well let's start there. What the heck is BGP?
Brian Wilson (00:24)
Yeah, so I don't know if you're... Some people may or may not be more technical, but ⁓ if you're a network engineer, BGP stands for Border Gateway Protocol, and it's the routing protocol of the internet. So anytime you go to a website, your traffic is going to use BGP. And basically what it is, is it's what's used to exchange routes between big companies or organizations. So if you're going from AT &T to another network,
to your provider, to DNS Unfiltered. It says connections between the organizations that BGP handles.
Mikey Pruitt (00:59)
And they call that peering, is that right? Okay, I want to make sure.
Brian Wilson (01:02)
That's correct, yeah. You have BGP
and neighborships and then it would be called peering, right. It could be peering if it's between two equal size organizations or if you have somebody you're paying that's like an uplink, then it would be your service provider, I guess you would say.
Mikey Pruitt (01:08)
So I am.
Understood. So like I feel like we're gonna need like a glossary for this episode So I may I may stop you and say what does that mean? I'm vaguely familiar with any cast and BGP because DNS filter operates a global any cast network that does our DNS resolution I had to maintain that Network back in the day, but you know, I was just pushing the code to the machines not necessarily understanding how BGP works So we'll that up to you. You're the expert
Brian Wilson (01:21)
Ha!
Sure, I'll try to keep it high level, not get too into the weeds. if you follow me on, ⁓ well, if you follow me on LinkedIn, I post about technical topics. I think I did MPLS VPN this week and I got pretty technical. if you want the trickier stuff, that's where to go.
Mikey Pruitt (01:49)
No, go into the weeds.
Yeah, I saw a few of those and that's actually how I found Brian is some of your LinkedIn posts. I was like, Ooh, this is a very interesting. And I feel like the audience here is relatively technical. A lot of MSPs, a lot of IT pros. So they're going to understand networking more than I do even for sure. But I've really wanted to get into like this career that you've had around BGP design, internet routing, you.
What drew you into this? Like this is a very deep rabbit hole of nerddom. The BGP space. How did you get drawn there?
Brian Wilson (02:34)
For sure, yeah, I'll try and go through it real quick. When I was in school, I majored in math, I actually had a graduate degree and I took all the classes for a PhD, but was never into the research side. So had this degree and I was like, okay, well, what am I gonna do with this now? IT was a great field to go into. So I started like everybody does at Help Desk, we're in tech support, think we were supporting retail stores with their internet connections. And yeah, I just kept going from there.
I wanted to become a network engineer, so I got my CCNA and I started getting some other jobs. I worked at ZEO, which is a big global fiber network internet provider, and that's where I first learned BGP. Then I had some other jobs and I also most recently worked at Cisco and supported their firewalls. And a lot of people there would need to set up BGP connections to the cloud or to various other places.
Yeah, that's where I picked it up. And I don't know, it just always clicked with me. A lot of people think it's super complicated, I guess maybe just because I used it so much or whatever, it just made a lot of sense to me. And I always had the idea of, know, nobody's just doing specifically consulting for BGP and internet routing. So I thought, you know, I should start my own thing doing that ⁓ eventually. And so eventually I did.
Mikey Pruitt (03:59)
Yeah, and congratulations on that. You're the BGP Brian out there on the interwebs now. So that's really cool. are some things that most people don't know about BGP? And keep in mind, this is like a week or two ago. Well, a week ago and a week and a half ago, the entire almost internet was down because of BGP and DNS and issues like that. So tell us some things that we don't know.
Brian Wilson (04:04)
Thanks. Very exciting.
Yeah, well, that one was actually DNS. There have been some big profile BGP outages, but not so many recently. There's been some things that have been done to mitigate that. But yeah, what people don't know about BGP, I mean, it kind of depends really where you're at and like what type of job you had, even if you're a network engineer. If you work at a service provider, you're going to use it all the time. But if you're at an enterprise or like I was at Cisco supporting firewalls,
there wasn't a lot of people on the team that understood it. So I was able to help do some talks and explain things about that. I think basically just that BGP is just internet routing. So if you're BGP, you might not understand it, but it's really what everybody uses every day to ⁓ use the internet for anything.
Mikey Pruitt (05:18)
think it's weird that we're, I saw a lot of ⁓ rebuttals to the AWS outages and Azure outages about the internet was meant to be a decentralized place and now we're in the hands of six big companies. And I think that BGP, the way it's architected is decentralized by nature. How does that kind of ⁓ get?
I guess mishandled into larger companies kind of controlling all of it.
Brian Wilson (05:49)
Well, yeah, so the idea of, well, EBGP at least is that you're connecting between autonomous systems, which are essentially just any organization that has a unified administrative control of a network like Amazon, Microsoft, providers, whatever. So yeah, the internet work, the internet comes from the word internet work. It's supposed to be a network between all these autonomous systems.
Yeah, I don't know. guess if you get larger companies start to consolidate things, then there becomes less interconnections between different companies. But I think there's still plenty of mid-size and smaller companies out there. Even one of the groups of companies I've been working with is smaller rural fiber companies, because everybody's trying to build out fiber at the home now in the last mile. ⁓
It's maybe been built out in more urban areas, in smaller rural cities, hasn't been done yet. So a lot of little companies pop up to do that. So there's always smaller and mid-size people connecting to.
Mikey Pruitt (06:56)
What do you think the challenges are, or the differences, I guess, between like an ISP trying to manage BGP versus an enterprise trying to manage it?
Brian Wilson (07:07)
⁓ Yeah, so I mean, it's just a different mindset. With an enterprise, usually you've got your internal network and then you're either looking at one or two uplinks, preferably multiple so you have redundancy and you don't go completely down if your provider goes out. Or you might have appearing to equal size companies. But really the idea is more of an uplink from the enterprise side and then from the carrier side, you're more thinking about transporting traffic.
So you're using a lot of their use, like they say they use MPLS VPN and then you have BGP running on top of that at all the edge routers. So yeah, it's a multi-bring called VBGP with VPN V4 routes. It can be used for VPN for companies. That's what I was talking about in my latest post.
Mikey Pruitt (08:00)
Okay. Describe what was it? MPLS VPNs real quick.
Brian Wilson (08:05)
Yeah,
this is where you can get into a lot of technical details. But basically, MPLS is just a label switching. you could kind of say it's almost similar to ethernet. It's a layer 2 or layer 2.5 technology. But basically, it's just an underlying ⁓ connection between all the routers in your network. And then you could run layer 3 IP connections like BGP over the top of it.
Mikey Pruitt (08:35)
So is it really similar to like a traditional VPN, like just some sort of tunnel?
Brian Wilson (08:40)
⁓ It's a little bit different. It doesn't use tunnels. It uses VRFs, which are virtual routing and forwarding instances. So that means on the provider, every router they have, give you, they give their customer like a virtual router with its own routes and its own protocols, right? And you can run BGP in that virtual router to connect between the customer's router and the provider's router to exchange routes. But then from there, it takes those routes in the VRF and moves them over to
BGP to transport it through its network over in PLS VPN. And it uses a special type of VPN route that BGP has set up. It's actually an address family. And to separate all the customers routes and get them where they need to go.
Mikey Pruitt (09:30)
That made total sense to me. ⁓
Brian Wilson (09:31)
I hope so. Yeah, it's a little
tricky. Even writing this article, I had to like research it a bit.
Mikey Pruitt (09:34)
I can't.
Yeah, I kid a little bit. But you do a really good job, Brian, of kind of breaking this down into very understandable frameworks or similes or things like that. And I see you posting on LinkedIn some very high-level concepts that you really break down well. Is that something that just kind of came naturally to you, or do you go deep when you're having to translate to human?
Brian Wilson (10:06)
It's not writing is not something that comes naturally. The ideas and the technical part of it does. So I do use AI quite a bit to help write it. So what I'll do is I'll just dump out all my thoughts. Like if I want to explain something, I'll just dump it all out in a notepad. And of course it's not readable. I'm not a good writer. It doesn't sound good at all. But then just put it into AI and say, hey, polish this, smooth it out. And it helps me kind of structure and format it. But then I go back and.
re-edit it, because it's going to put in words that are out of place or hallucinations or it's never going to get it right the first time. So I go back and edit it through with my human voice, but I do use it a lot just to help me get the post structure right.
Mikey Pruitt (10:49)
Yeah, that's a good idea. I'm kind of translating it into your, you know, your raw thoughts. I'd do that same thing. Not quite what it's like BGP level concepts, but it's a very good strategy.
Brian Wilson (11:00)
Yeah, that's the great thing.
It's like such a niche thing that nobody else is doing it and yet there's a huge audience of network engineers out there that love it. it's great to, maybe I shouldn't talk about it too much. Somebody's gonna start up a competitor to me. I'm just kidding.
Mikey Pruitt (11:14)
No, no, you don't have to worry
about that. But I bring all that up because Brian runs a very cool Discord group. A lot of people in there chatting about, you know, BGP topics and looking for work in the space, looking for junior level positions to kind of get educated. So you run this community. What does that mean for you?
Brian Wilson (11:37)
Yeah, so ⁓ I think we were talking earlier and I was telling you how I started posting on LinkedIn because I wanted to learn marketing to start up my consulting company. So I was learning how to do these ⁓ posts on BGP, but find the right hook or the image so that people will actually read it and it'll get distributed. And as I did that, I found that I started getting a lot of network engineers following me that wanted to learn BGP. ⁓ So eventually ⁓ I said, hey, let's...
create a community on Discord to where people have questions, they can ask questions and I can answer. We also have a lot of other high level network engineers, companies like Cisco, Juniper and other big companies that can help answer questions. So, yeah, I set up that community and the post that I did that really took off. I think it got like 40,000 views and probably have 400 network engineers over there already. So it's a pretty big community and yeah, anybody that...
that's working in network engineering that wants to learn more about BGP or has questions as they're working with it at work and don't know something, it's a great place to get information.
Mikey Pruitt (12:43)
Yeah, it's the BGP Black Belt. I believe you called it the Dojo on LinkedIn. But find one of Brian's posts or reach out to him DM him on LinkedIn and he'll send you an invite.
Brian Wilson (12:46)
That's right, yep.
Yeah, just
connect with me and DM me directly and I'll send you an invite if you'd like to get into it.
Mikey Pruitt (13:00)
Yeah, and you were gracious enough to let me in there. And I do have a question from the audience of the Black Belt Dojo. But before that, I want to take a little bit of a tangent into something you mentioned about marketing on LinkedIn. So like you are a networking professional. You've gone on your own adventure now and you thought you came to the conclusion that you need to be a voice in the space. So you set out to
make that happen. Do you think that's something that is required?
Brian Wilson (13:35)
for me or in general.
Mikey Pruitt (13:38)
in general.
Brian Wilson (13:40)
Yeah, I think so. think it's great. don't think that, I mean, well, there are obviously people that network engineers that post about different topics, but, ⁓ you know, nobody's really taken it from the marketing angle to try and like really be almost like an influencer, like a ⁓ network engineer influencer. It's kind of a contradiction that a lot of nerdy people do that. But ⁓ I think it's great to have, yeah, like a central source of information about BGP or... ⁓
essential person that people can come to if they have questions. I haven't seen anything else ⁓ like that out there. So it's great for me. That's what I want my personal brand to be all about so that people know me for BGP.
Mikey Pruitt (14:24)
Yeah, that's I think it's really important these days to have a personal personal brand. ⁓ And I'm glad that you kind of set out on that kind of identifying that as a something that needed to be on the checklist of running your own consulting firm. So that's really cool.
Brian Wilson (14:42)
Yeah, it gets you the visibility you need for the marketing part. And then from there, sometimes I just get customers directly asking for consulting. But even if I'm going to go and trying to be doing sales and reaching out to people, if you have that personal brand and people kind of know who you are, have seen your stuff, it really helps a lot with trust or credibility if you're going to be working with somebody in the future.
Mikey Pruitt (15:04)
So the community, again, you're gracious enough to let me in there. I saw a few memes, I had no idea what they meant. I asked you before this what EBGB was and IBGB. Go ahead, yeah.
Brian Wilson (15:17)
⁓ Yeah, I didn't even have time to check that yet, but I'll go ahead look at that. ⁓ yeah, as far as EBGP versus IBGP, like I think I was mentioning before, if you have the connections between the autonomous systems, between DNS unfiltered and AT &T or whoever your provider is, that's going to be an EBGP neighborship that exchanges routes between the two orgs. And then if like AT &T is ⁓ acting as your provider and ⁓
routing traffic for you, then internal to AT &T, they could run IBGP between their own routers to exchange routes for traffic.
Mikey Pruitt (15:56)
I'm going to have to slide this meme in here. Let me see if I can make it big. on. Yeah, let me see if I can share screen real quick, just so the audience can see here.
Brian Wilson (16:00)
⁓ yeah, I don't know what the meme is.
Mikey Pruitt (16:13)
There it is. This is the meme. I was like, what is going on here? So describe describe the mean for the audience and me.
Brian Wilson (16:26)
Yeah, I'm not sure. I'm trying to figure out what it means myself. So it's just saying the algorithm prefers EBGP. I don't know if they're talking about the LinkedIn algorithm or I'll have to, I'm not even sure. I'm going have to look more into that.
Mikey Pruitt (16:36)
⁓
That's
actually, there's a lot of ways that meme could go. Hopefully that wasn't nefarious in some way, but this community is really cool. And so before we got on today, I asked your audience in there, you know, what, did you want, ⁓ Brian to talk about topics, questions, and there was a kind of a consensus around a question that I kind of have, like for every guest that I have on the show is.
You know, will AI take our jobs? But this is more in the way of, there room for junior engineers getting into the space ⁓ with automation and perhaps AI on the horizon that there's still room for those juniors?
Brian Wilson (17:24)
Yeah, that's a very good question. And I actually had been thinking about that a lot and talking with people about that a lot as I started this business, because obviously, if AI is going to take over all network engineering, then there's not going to be anything left for me to do. I think that over time as I've started seeing how AI is actually used, I don't think that it's going to replace people to that degree nearly as much as people might have thought.
It's definitely very helpful for analyzing things and like looking at, like you might have a router spit out, you know, pages of logs that you'd have to dig through. People used to have to dig through in detail to try and troubleshoot to figure out, you know, what was causing an outage or something. Now you might just be able to throw that into AI and it says, ⁓ the outage is because of this, this, this, do this, this, this to fix it. So it really helps with that analysis. But.
No, I think as far as like you still need people running the network. There's so many things that still require humans. I mean, you can't totally trust AI all the time. It's going to hallucinate or not say the right thing or might the config might just be, you know, one word off, but that could take down the the whole network, you know. So you need humans to oversee it. And as far as like in the job market, you know, Oracle is just hiring a bunch of network engineers to build out their cloud stuff to support some of the AI.
And so I still see people being hired all the times in both junior and senior roles. ⁓ I think that it's still a great field to be in. I don't know like the absolute number of jobs, but I don't see AI like totally replacing people. I still see tons of network engineers working in the field.
Mikey Pruitt (19:07)
What are some of the skills that someone looking to get into network engineering and BGP engineering? What should they be looking at as things to learn?
Brian Wilson (19:17)
Yeah, so I mean, obviously you can get your certifications. Usually the first thing is just to get an entry level job, which is going to be like help desk or tech support. That's how I got started in it. So if you're at all, you know, have any inkling towards technical things, if you just work at a help desk where like what we did was like at 7-Eleven, say, or some gas station, their internet connection went down, they would give us a call.
we would either send a field tech out or maybe be able to access something remotely or call the ISP and work with all those people to get the issue resolved. But if you had one company with 3000 gas stations across the US or maybe lot more, they can't handle every individual connection. So there's stuff like that. There's little MSPs or other shops where you can kind of just get your feet wet. And then from there, just learn networking. ⁓
probably if you can study for your CCNA and pass your CCNA, that's real helpful. Just Cisco Certified Network Associate. And that really gives you all the basics you need to do anything in network engineering. And there's always more you can learn. There's always higher certifications. You can go into security, firewalls, you can do wireless, voice. Nowadays there's automation. Learning Python is helpful for that. And just a bunch of other different areas that even some things that are
semi-tangential like cloud or ⁓ data centers. mean, there's lots of things you can get into in tech.
Mikey Pruitt (20:51)
Are there any tools that you would recommend people use at home or maybe in their school computer lab or something that they can have access to?
Brian Wilson (21:00)
Yeah, there's some good ⁓ simulation software that people can use if you want to practice configurations and things. A lot of people use ⁓ Eve NG, I think today. It's EVE, something like virtual environment or something like that. And Cisco has a few others maybe. I can't remember the names exactly. But you can do that. Or what I did is you can just buy a cheap ⁓ Cisco router and switch. ⁓
online. If you find an old one, they're not very expensive at all. Buy a few ethernet cables and then you can fire those up, log into them, play around, connect them however you want and practice different configs.
Mikey Pruitt (21:44)
So when you're learning or when you're in the professional setting, what are some of the resilient measures you can take to structure a BGP network or a network in general that make it more stable?
Brian Wilson (22:01)
Well, for sure you should always have a ⁓ backup BGP connection for your internet if possible. Otherwise, if the internet goes out, then your whole organization is going to lose access and potentially revenue and productivity and everything. ⁓ So if you can have multiple providers and multiple BGP connections, you have a backup one if the primary goes down. That's very helpful. ⁓
I think of other other resiliency things you can do.
Mikey Pruitt (22:31)
Have you ever dealt with routers that do cellular connections and ⁓ multiple ISPs in them?
like multi-wan, I guess it would be called.
Brian Wilson (22:48)
⁓ yeah, know you can like, I think we used to deal with some routers or firewalls or something that companies would have dongles and connect to 3G at the time. Now it's probably 4G or 5G. ⁓ Yeah, I have not personally dealt with SD-WAN, but I know that's kind of popular with ⁓ some various companies these days to where you have software actively managing your traffic if something happens.
Like maybe it's not down, but it's just degraded on your primary internet connection, then it can sort of reroute traffic through a backup connection. ⁓ So you can either do it software divide that way, or you could just configure multiple connections with BGP. And I have done that to where you can set up redundancy.
Mikey Pruitt (23:25)
One. ⁓
I'm curious what your house internet looks like. What do you have over there, Brian?
Brian Wilson (23:39)
⁓
no, I just have Cox, think they just ran fiber through our neighborhood, so I could get that. But it's really the same price and I don't use a ton of bandwidth just myself. So I really don't see any delays.
Mikey Pruitt (23:51)
So you don't have like a crazy
multi-wann network at your house? I'm surprised.
Brian Wilson (23:55)
I
don't have it set up right now. I've kind of moved around a little bit in the last few years, so I don't have like one big, you know, lab or something like that. I do have my Cisco router and switches that I can play around with if I want.
Mikey Pruitt (24:07)
Yeah, of course. I had the the local ISP I have it's like a co-op kind of place and a few Christmases ago about two weeks before Christmas. They put like a little door hanger on my door. I was like fiber internet in your neighborhood and I ran down the street down I ran down the road to track the lady down in her car and I was like sign me up. I'm ready. She's like, well just call the number. I'm like, okay, sorry.
Brian Wilson (24:22)
Yeah, that's what we got.
And there's Starlink these days. I'll probably get it eventually, you know, usually I just go with what's the cheapest because I'm not trying to, I'm not like a gamer or trying to do anything crazy at my home. Just need it for work is all.
Mikey Pruitt (24:45)
You don't need the lowest ping,
lowest pings. there's a lot of, there's a lot. So BGP DNS are like very old technologies, but I'm curious, do you see like BGP evolving in any way that, that will help or hurt the infrastructure of the internet?
Brian Wilson (24:48)
Just, yeah, just, as long as it works.
Yeah, BGP is crazy. People are always wanting to add extra stuff onto it because it works so well for routing that they want to add more things. you have what's called multi-protocol BGP now, and you have address families under it. So it's like every different type of thing you want to exchange besides routes, you can do with its own address family. So you have, like I was mentioning before, VPN routes. You have VXLAN and EVPN for
data centers, can exchange IP and MAC info for ⁓ discontinuous layer two networks for various customers in a data center. ⁓ There's segment routing, people are always coming up with new ideas and RFCs to add on to BGP and it's kind of getting to be a juggernaut.
Mikey Pruitt (25:58)
So are you on any of those boards or do you follow them closely to see like what is getting added and rejected?
Brian Wilson (26:04)
Yeah, I'll keep an eye on that. I'm not on any boards myself, but ⁓ I know a couple people on LinkedIn that are on some of those boards. There's stuff out there, just maybe not as many people pay attention to it, but you can go to the RFCs or IETF or some of the networking conferences and really get into the weeds in a breakout session for PGP with some of those people if you want to.
Mikey Pruitt (26:29)
Yeah, there's a RFC for DNS where they're proposing to use carrier pigeons instead of infrastructure. So yeah, RFCs is like, take those with a grain of salt, guess. I'm curious, ⁓ so during your trials and tribulations in network engineering, BGP, ⁓ maintenance, what is something that happened that shaped your thinking?
Brian Wilson (26:36)
⁓ yeah, I saw that.
Mikey Pruitt (27:00)
on BGP or that made you more excited about being in that space.
Brian Wilson (27:08)
yeah, let's see, so...
I like I said, I first really got involved with BGP and learned a lot at Zayo, which was a service provider, obviously. yeah, I don't really know why it clicked so well with me, but I'm very logical, I guess, and it's very structured. It's not like OSPF where it collects all the different pieces and then runs an algorithm to put the whole network together. It's very literal like.
Okay, we establish a neighborship, now we exchange routes, this one to this one, that one to that one. So it's step by step logical for me. But yeah, so I worked with BGP at Xeo and then at Cisco, I was supporting firewalls and a lot of people would be setting up BGP connections to the cloud in particular, either GCP, AWS or Azure.
or various other places. And I know I always just enjoyed working on those BGP cases that I got. And I kind of did some talks for some other engineers to help ⁓ train them on it for people that weren't familiar with BGP on the firewall team. But I thought, hey, I'm really good at this. I like it. I can resolve these cases. I always had the idea of kind of just starting my own ⁓ consulting company, just focused on BGP. So ⁓ eventually I did that.
Started that up a few months ago and we were talking earlier but started the marketing for that on LinkedIn and started to get some consulting clients.
Mikey Pruitt (28:50)
So it just came naturally to you. think it's like a natural progression into being like the BGP Brian basically on the internet. That's cool.
Brian Wilson (28:58)
Yeah,
yeah, there's not a lot of other, there's a lot of other consulting firms, but not really the many that focus on just PGP, which I think it makes sense as its own category because it's really all of internet routing, which is a huge area, a market that a lot of people have a big need for. So yeah, there's not a lot of people just doing that. So it was a great space that I could contribute to.
Mikey Pruitt (29:22)
So I am very familiar with ⁓ security vulnerabilities of the domain name system. And I'm curious if there are already such vulnerabilities or just misconfigurations that are potentially misused for ill-gotten gains on the BGP networks.
Brian Wilson (29:41)
Yeah. So the main one is if you have route links or hijacks, which when BGP was originally set up, like you said, it's very decentralized. So it's just all these organizations or companies connecting to each other and trusting each other that the routes they get from each other are correct. But anybody could just, if they have their own AS and a connection, they could spin something up and advertise somebody else's route saying like, that's my route. And then all the traffic would go to them instead of the right place. And there wasn't a lot of security.
around that in the beginning. So now they've come up with some cryptographic security measures for that. You've got RPKI, is, well, you've got ROAs, which is Route Origin Authorization, and RPKI, which is Route Public Key Infrastructure. So similar to how you have public key infrastructure for DNS certificates, you can do that for BGP routes as well. And so if...
you can certify like this is my route and if you don't have the right signature, if somebody else doesn't have the right signature, they couldn't hijack your route.
Mikey Pruitt (30:47)
So in DNS, we have DNSSEC. And the adoption, however, is relatively low. So if everyone that maintains some type of website and every provider implemented ⁓ DNSSEC, we'd all be a little bit better off because we're agreeing that you are who you say you are. Do you see that in the BGP community as well? The adoption is low?
Brian Wilson (30:57)
Right.
Yeah,
for sure that's been the major problem with it is just getting people to adopt ⁓ RPTI and ROA. And some service providers enforce it and some don't. I think more are enforcing it lately. I'm not sure the adoption rate, I want to say 50%, but don't quote me on that because I don't know exactly. So it's something that more people have to use for it to work completely, but it's been picking up steam lately.
Mikey Pruitt (31:40)
And I'm not trying to give the bad guys a good idea here, but it sounds like BGP could also be used to reroute traffic in places and be corrupted in some circumstances. the ecosystem is slow to adopt new security add-ons, which is the same in DNS.
Brian Wilson (31:43)
Well.
Mikey Pruitt (32:04)
⁓ I don't want to give any ideas to the bad guys. Hopefully they're not watching this anyway. But I'm just curious, ⁓ do you know of any BGP manipulations that resulted in damages?
Brian Wilson (32:19)
Yeah, for sure. There have been incidents and huge outages caused by either an unintentional route leak or an intentional hijack of somebody with a route, hijacking a route. But it's actually not that common. People probably might hype that up a little bit more if they're marketing or trying to sell solutions to that. I think the last major one was like a year and a half ago. I forget if it was Google or somebody else, but... ⁓
Yeah, it took down some routes for some company somewhere, but I mean, it's kind of hard because, it's hard to get away with that because if somebody did intentionally do that, like people are gonna be able to track down, okay, which connection did it come from? Which autonomous system? And I guess they get prosecuted or whatever people do.
Mikey Pruitt (33:11)
How would an attack like that take place? Like you mentioned taking over a route, but it seems like they're pretty finite. How would that actually work? Like I feel like you could do it.
Brian Wilson (33:25)
Well, yeah, the thing is, it's probably the hardest thing is to actually get an autonomous system to register that with. ⁓ I'm trying to think of the registrar. I'm thinking right, but that's in Europe. Whatever the registrar is, you have to justify it. You have to probably have ⁓ an organization or a company. You have to provide all your details, your contact info. So in order to...
while I'm trying to think, there also are private AS's you could use, but you'd still have to get an ISP to actually set up a connection with you. So you kind of have to be a little bit established to have that connection. once you do have a BGP connection with somebody on the internet, then if you...
Say Google has a route for their DNS server, which is 8.8.8.8, right? You could just advertise yourself, hey, I have 8.8.8.8, send that traffic to me. And then all that DNS traffic would go, depending on where the route got advertised, if people are closer to me than Google, that traffic would go to me instead of Google's DNS. And then I could do whatever I want with that DNS traffic, which I'm sure you understand more about that with DNS unfiltered security there.
Mikey Pruitt (34:41)
Yeah.
you would basically steal someone's AS number and advertise it as yourself. And some routes could come to you just because of the latency, the route is better, the path is better.
Brian Wilson (34:55)
Yeah, it's just like...
Yeah, just like IP ⁓ addresses, ASs can be public or private. So if you have a public one, it has to be registered so people know exactly who that is. ⁓ So to set up a BGP connection, you have to have an AS number you're using. You could use a private one, but again, whoever you're connecting to would have to accept that connection. But once that's set up, and yes, if you advertise around, BGP has a 12-step path selection algorithm.
that it uses to decide between routes. So there's a lot of different criteria. And if at each step, if it's tied, it goes to the, it looks at the next one and it just keeps going down the list. But generally, if you were gonna summarize all that up, you would say, if I'm closer to somebody and I'm advertising a route, then that traffic would go to me instead of whoever else's route.
Mikey Pruitt (35:48)
and then you can do anything you want.
Brian Wilson (35:51)
Yeah, you have their traffic coming to you and then you can respond however you want, guess, as if you're the real owner of the route.
Mikey Pruitt (35:59)
You mentioned there was some criteria to determine the best route and ⁓ I'm curious, I assume some of the audiences is, what is some of that criteria or what are the highlights of it that dictate what a good path looks like?
Brian Wilson (36:14)
Yeah, so I can go through some of that. I have a post. There's a bunch of steps, but the major thing is ASPath. So as your route goes through these organizations, as they advertise it ⁓ between each other, it keeps a record of the autonomous system numbers of each autonomous system it's been through. So you can see a path through the internet based on organizations. And generally, it's going to pick the shortest
as path length. So you want to get to your destination going through the shortest number of organizations possible. You don't want to be hopping around forever. ⁓ But that's actually technically the fourth step because there are some earlier steps that you can do to manually prefer a route. You can use weight or local prev. I'm also like if a router itself is originating the route versus learning it from somebody else that it's going to prefer the locally originated route. ⁓
So those are the early steps, but the AS path is the main one. And then there's some other ones like EBGP over IBGP or the shortest path to the next hop via your IGP, which is basically just like, if you're deciding which of two exits to go out of in your company, you want to get to the internet with the shortest interior path possible.
Mikey Pruitt (37:38)
Do you know how the ⁓ Tor network operates? Does it operate in similar fashion?
Brian Wilson (37:43)
that's a good question. I don't think that's involved with PGP, but I'm not really sure. Well, I guess it's on the internet, so maybe. I don't understand that. I've read it before, but I can't remember.
Mikey Pruitt (37:51)
Yeah.
Well, I'm curious. So you've got like this whole brand identity around BGP. You have an extensive background in the space and you're growing a following. You've got a good community going. What does it look like in the future for Brian Wilson?
Brian Wilson (38:14)
Yeah, so actually I kind of have the two tracks now. Originally, I was just trying to start my BGP consulting company. So I have that, which is called BGP Engineering and Design Group. And I've actually been picking up a few clients. I've probably had about five right now. Expanding pretty rapidly and I'm probably going to need to start bringing other people on to handle that pretty quickly. But that's just consulting with companies, working on things like migrations, different equipment or a backup BGP connection.
I'm working with a fixed wireless network nationwide, things like that. So that's all the corporate consulting side that I want to grow. then I do have, like you mentioned earlier, the BGP Black Belt Community on Discord. And that's for just answering questions for junior network engineers, ⁓ networking community, help people find jobs, providing training resources, and just anything else like that growing a...
community of network engineers that I can teach and mentor VGP to.
Mikey Pruitt (39:17)
feel like you should start, do like a short course or something to tell us all how the internet works.
Brian Wilson (39:21)
Yeah.
I've had a lot of people that have been asking for a digital course for BGP. that's, I've been thinking about putting that together and actually it's, you know, I've spent all this time on the LinkedIn post. ⁓ So I'm going to assemble a spreadsheet that lists all of those by topic. And that's sort of like, I don't know if you consider that a course, cause it's not really like refined into a course yet. It's more just like an index. ⁓ But I think that pretty soon I'm going to.
put that out there as ⁓ another kind of lead magnet or whatever, or just a resource that people can have. Because, you know, if you just follow me on LinkedIn, you might miss posts, you might not see them all, you might get them out of order. And if you have that, then you have an index like, hey, I want to know this topic about BGP, you can just go directly to what I posted about it. But yeah, additionally, ⁓ it just takes a while to develop. But maybe in the next year, I might put together an actual course with like video lessons or something like that.
And there's also some other partners or collaborators I can recommend that have courses on BGP as well.
Mikey Pruitt (40:30)
You could use your LinkedIn posts, like their performance metrics, to see which topics are most appealing to the audience.
Brian Wilson (40:38)
Yeah,
for sure. mean, a lot of that just depends on if you have the right marketing, if you got the right hook or the image, just whether people are going to look at it and engage with it. But you also have to have solid content for the engagement. Yeah, just, my most recent technical post that did well was, because like I said, the one where I was introducing the community got like 40,000 views. But I think I got 20,000 views on the last one.
I'm trying to remember the topic. I had one on IBGP before that and then, that slips my mind right now, but that did pretty well.
Mikey Pruitt (41:16)
You've definitely
tapped a ⁓ wealth of interest. I mean, you got my interest. I was like, I've got to talk to Brian. This is great.
Brian Wilson (41:28)
Yeah, it's great. You know, when started, well, so when I was starting my business, I was like listening to advice and looking at LinkedIn posts and everybody's like, oh, you need to niche down, niche down, you know, get really specific. And you feel like, oh, but I'm not going to, I'm going to lose. Well, well, no, but like just because I could do network engineering in general, but you feel like, oh, if I, if I get specific, I'm just going to like exclude all these people that are interested in OSPF and EIGRP and all these other networking topics. But it really is true. And it's funny, the more specific you get.
Mikey Pruitt (41:41)
It's already BGP. It's not like
Brian Wilson (41:57)
the more people that are interested in that specific thing are like, yes, that's for me for sure. And then you actually get a larger audience because you're more unique and nobody else is doing the same thing. Whereas if you're just more generic, you know, nobody's going to care as much.
Mikey Pruitt (42:12)
So BGP was the niche. Yes. Love it. Good.
Brian Wilson (42:14)
Right. Yeah, I probably could get more
specific for that for like BGP for 33 year old people in New Zealand or something, but I think BGP is pretty specific enough, I guess, at this point, since there's not a lot of other people to adjust BGP.
Mikey Pruitt (42:29)
Well,
if you had, you know, words of wisdom to give your younger self, ⁓ you know, as you were coming up through networking or in school or whatever, what would those words of wisdom be?
Brian Wilson (42:43)
Yeah, that's a good question. think the main thing was, ⁓ well, I don't know. was going to say maybe just, ⁓
Figure out what you're interested in and good at as early as you can and stick to that one thing and just keep expanding it. ⁓ If you hop all over the place, you sort of have to figure out what you want to do, what you want to work on. But if you can, find something that's working for you and just get started as early as possible and try to learn as much as you can about that one thing and become the best you can at it.
mean, the thing that's really valuable to people is a unique expertise or point of view or perspective. So if you can just focus on one thing that really vibes with you or appeals to you that you can be good at and that you can help other people with, just pursue that as much as possible.
Mikey Pruitt (43:44)
Good words of advice. Well, if you want to look for Brian, you can probably search for BGP Brian on LinkedIn and find him. I just did it and you were the first one that popped up. However, my algorithm may be tainted since we've been messaging back and forth, but where?
Brian Wilson (43:54)
You
Yeah, I've been trying to
expand my personal brand with BGP Brian. It kind of sticks in your head, you know. But you can find me on LinkedIn. Brian Wilson is a pretty generic name, that might be a problem. But I think it's, if you just type it out, it's like Brian Wilson dash BGP. It's LinkedIn slash in slash Brian Wilson dash BGP is my actual page.
Mikey Pruitt (44:10)
Ha!
Yes. So go look for Brian and Brian, thank you for joining me today and telling me about BGP and helping me decipher some memes and understand a little bit more about how the internet works.
Brian Wilson (44:33)
Yeah, thanks, Mikey. I'm glad you had me on. Really appreciate being here.
Mikey Pruitt (44:38)
Thank you.