[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Staale & Elm




> Hmm.  I saw problems friday and saturday.  Saturday I was checking URLs in
> a book on hacking and security that I'm editing, and a number of
> ordinarily reachable sites were down.  Traceroutes to them showed
> wierd routing problems, mostly routing 'loops'.
> 

Things looked fairly stable Saturday, from my perspective. I'll sniff around.
Routing loops do sound suspicious. Where were they cropping up?

> 
> I'm not picking on cisco, you missed my point.
> 

No, just ignored it.  :)

Actually, there is a lot of change going on right now affecting network
topology; many ortganizations are migrating away from the basics and are
implementing packet shredders ^H^H^H^H^H^H^H^ ATM, higher speed circuits
than they are accustomed to, running alpha code on production routers out
of necessity (perceived or otherwise), etc. Very hard to "certify"  that
type of environment, but the exponential growth rate of the 'net has
required (or resulted in) some drastic actions. 


> 
> In all other 'infrastructures' (i.e. phone company, roads)
> only officially-sanctioned people are allowed access to work on things.
> With the phone company, it's phone company employees & contractors, with
> the roads its government employees and contractors.  When private
> extensions are added, they're restricted and compartlemtalized so
> that they can't affect the entire infrastructure... a private
> corporate phone switch's misprogramming doesn't bring down Pac Bell.

It's the "and contractors" that is the catch-all here. That includes damn
near everybody these days. Also - the voice system is still primarily a
connection-switched network, not a packet-switched network. Different
animal. Even so, a certain well known long distance providor managed to
bring down local calling across most of the east coast 4 or 5 years ago,
as a result of a software upgrade that didn't. 


> a situation like this is to design more fail-safes into the system to
> prevent a clueless admin or a router with a software error from
> causing so much damage. 

So much damage? There have been far more severe Internet outages. There 
have been far more severe voice network outages, and for far greater 
duration. Amtrak managed to backhoe a major fiber trunk a while back, and 
nailed both voice and data services in the mid-atlantic region rather 
severely, not all that long ago. Friday was a fairly isolated and short 
term problem, unless you were working at Sprint.

As far as engineering solutions go, the route filtering vs. AS_PATH debate
has been going on for a while.  Recent events should add a bit of fuel. 

 But politicians, when faced with the same
> situation, their first reaction is "We gotta have a Law".

True. But it is hard to legislate competence. Perhaps we could start with 
Congress as an experiment.

> My prediction is that if things like this keep happening, the Internet will
> be declared a "defense interest computer system" or something similar,

Like NIPRnet, which was only about 20% functional for most of a day only 
a few weeks back as a result of ATM switch failures?

The Internet is growing far too rapidly to be 100% dependable, at the 
moment, and no measure of legislation will fix this, certainly not in the 
short run. If Uncle Sam needs a reliable, fault-tolerant network, he 
should fix NIPRnet. If he can figure out how to do that (doubtful), maybe 
he'll have a qual when talking about the big picture.

-r.w.
-------------------------------------------
Shit happens.
-------------------------------------------