Forgot your password?
typodupeerror
Google Network The Internet Technology

Why Google Went Offline Today 110

Posted by Soulskill
from the ok-who-tripped-on-the-cable dept.
New submitter mc10 points out a post on the CloudFlare blog about the circumstances behind Google's services being inaccessible for a brief time earlier today. Quoting: "To understand what went wrong you need to understand a bit about how networking on the Internet works. The Internet is a collection of networks, known as "Autonomous Systems" (AS). Each network has a unique number to identify it known as AS number. CloudFlare's AS number is 13335, Google's is 15169. The networks are connected together by what is known as Border Gateway Protocol (BGP). BGP is the glue of the Internet — announcing what IP addresses belong to each network and establishing the routes from one AS to another. An Internet "route" is exactly what it sounds like: a path from the IP address on one AS to an IP address on another AS. ... Unfortunately, if a network starts to send out an announcement of a particular IP address or network behind it, when in fact it is not, if that network is trusted by its upstreams and peers then packets can end up misrouted. That is what was happening here. I looked at the BGP Routes for a Google IP Address. The route traversed Moratel (23947), an Indonesian ISP. Given that I'm looking at the routing from California and Google is operating Data Centre's not far from our office, packets should never be routed via Indonesia."
This discussion has been archived. No new comments can be posted.

Why Google Went Offline Today

Comments Filter:
  • by X0563511 (793323) on Tuesday November 06, 2012 @03:58PM (#41899143) Homepage Journal

    Nope. DNS doesn't mean shit if the routers are sending your traffic to the wrong place. (DNS points to an IP, which is (supposed to) point to the target machine. If that last part isn't working, the first part won't work no matter what)

  • BGP Attack! (Score:5, Informative)

    by Jeremiah Cornelius (137) on Tuesday November 06, 2012 @04:20PM (#41899439) Homepage Journal
  • by vlm (69642) on Tuesday November 06, 2012 @04:35PM (#41899647)

    Yes, someone at Moratel screwed up, but this is exactly why upstream ISPs should never allow advertisements from their customers for networks that their customer does not control.

    Another important point is its twenty freaking twelve and at a "respectable" ISP this was part of my job a decade ago. Too many customers try advertising too much stupid space. Rule number one for a BGP operator... never trust whats incoming from nobody. Rule number two is when you call in for support and 1st level call center tells you to reboot everything, tell them to F off and transfer directly to my desk unless you want to learn the joys of route flap dampening. Rule 2 is hilarious when there's a genuine catastrophic failure and like 30 customers all want to talk to me personally because all their sessions dropped when the Juniper caught fire or whatever it was... so beware.

    There are only three things funnier than a fat finger BGP route advertisement:
    1) Why can't I advertise my old /28 from AT&T on your network? Well dumbass thats their space not "your" /28, and secondly on the civilized internet everyone filters at /24 or bigger to keep out the riff raff so even if I was dumb enough to advertise a subnet of another ISPs space, no one gonna see it past our borders.
    2) Multihomed people who basically accidentally try to turn themselves into a transit network. Oh, you connect to L3? How nice. You don't really want to advertise that the whole freaking internet can route thru you to reach it, do you?
    3) Advertising space in BGP, maybe redistributing a static or null route, doesn't mean you can actually route it on your internal network. OK I see your measly little /20 and now that you let me know to update our filters, we can all see it via us on any looking glass in the world. Yes I'm quite sure it doesn't work and no its not BGPs fault, go fix your internal routing protocol and filters and GTF off my phone so I can go back to sleep. No for the 20th time its not a BGP problem just look at the looking glass I'm not filtering you anymore.

    The primary problem is BGP is a social layer 8 protocol for how network managers... manage. You don't learn that shit in a weekend training class where they teach you the exact syntax of "show ip bgp neighbor" or by memorizing AS path regex syntax or whatever. At least up till I got out of the business half a decade ago, no one was teaching anything like "this is how to use BGP while not making an ass outta yourself" class. No book either. I think "Internet Routing Architectures" and maybe the name Halabi sticks in my mind as a good theoretical book as I recall, but no one had a practical "real" hands on class or book. I suppose I shouldda done something about that but its been a long time now. Then again I've probably forgotten more about BGP that most one week CCNP bootcampers will ever know, so maybe its not too late anyway. Another "in my infinite spare time" project.

    Sorry if I've offended any /.er I've actually talked to on the job who Fed up, nothing personal... But since I carefully identified noone by name, at least no one knows you Fed up. If today I failed to offend anyone who Fed up while I was doing front line BGP support then I'll try harder next time. BGP is kind of the network engineering version of giving little kids boxes of matches. Its surprising more networks don't burn down, but boxes of matches are so blasted useful if you actually know how to use them safely so its not like we'll ever get rid of it.

  • We don't do Porn, we try to keep on the erotic art side of things, and thanks for drawing attention to it lots of visitors from your mention! - HEX
  • by steelfood (895457) on Tuesday November 06, 2012 @05:34PM (#41900591)

    In the age of information, there is one thing people continue to forget: information relies on trust. And like sociology tells us, trust as a commodity is only easy to trade on a small scale. Trust is very hard to acquire in large populations.

    There are two fundamental flaws with the internet. The first is that it was originally designed and built on a small scale. Trust was not an issue. This is apparent everywhere, at every layer. Every piece of information received is inherently considered true. Validation is limited only to determining the accuracy of the reproduction.

    When trust became a problem, people attempted to address this issue via a glorified whitelist. Certificates were meant to address both concerns of the accuracy of the information, and the validity of the origin. Trust in the contents of the whitelist was implicit. It worked on small scales, but on large scales, it fails.

    The whitelist was used because of the second fundamental problem: statelessness. Trust relies on the continual accuracy throughout many interactions. It cannot be calculated or created out of materials, but is acquired over time. The more times the information is accurate from a particular source, the greater the trust in the information. Time requires state. It requires having both a before, and an after.

    The stateless nature of the internet makes it impossible to be fully trusted. Even if the internet had state, it is difficult to enough to devise an algorithm that will accurately calculate the trustworthiness of a piece of information. Trust is a judgment call. It is a product of emotion, not of logic. Without state, it is an impossibility.

The speed of anything depends on the flow of everything.

Working...