[55276] in North American Network Operators' Group
mSQL Attack/Peering/OBGP/Optical exchange
daemon@ATHENA.MIT.EDU (David Diaz)
Sun Jan 26 12:56:50 2003
In-Reply-To: <Pine.WNT.4.43.0301260008290.2284-100000@TEMPEST.hq.nac.net>
Date: Sun, 26 Jan 2003 12:52:50 -0500
To: <nanog@merit.edu>
From: David Diaz <techlist@smoton.net>
Errors-To: owner-nanog-outgoing@merit.edu
Morning all,
In light of the recent attack, and the dramatic impact it had on
internet connectivity. I was wondering if any operators (esp of
exchange pts) would provide information on utilization. Especially
any common backplane %s.
I have received information on router utilizations, some routers it
seems may have held up better then others. That information is
useful. But I am working on some optical exchange point/optical
metro designs and this might have a dramatic impact if one considers
things like OBGP, Uni 1.0, ODSI etc etc.
A working hypothesis on the affect of this type of attack on a
dynamically allocated bandwidth network (such as an optical exchange
running OBGP etc) would have had a drastic affect on resources. All
the available spare capacity would have likely be allocated out. So
the "bucket" would have run dry. Understanding that exchange points
of this type (or metro area dynamic layer1 transport networks) will
manage the total bandwidth needs to always maintain adequate
available capacity.
With the rapid onset of an attack such as the one sat morning.
Models I have show that not only would the spare capacity been
utilized quickly but that in a tiered (colored) customer system.
That the lower service level customers (lead colored, silver etc)
would have had their capacity confiscated and reallocated to the
Platinum and Gold customers. The impact would have been much
greater. Especially if the "lead" customers where not using their
links for a simple off-hours server backup link, or redundant
circuits to production circuits on another network. If they were low
cost IP providers attempted to complete with the lowest cost server,
they would have been drastically affected.
The affect might have caused a cascading type failure. If enough IP
service providers were affected (disconnected) and their peering
circuits or metro links disconnected, this traffic would have
rerouted and flooded other IXs and private peering links. Without
taking into consideration the BGP adds/withdraws load. They traffic
levels alone would have had a sever impact on border routers and
networks. At least that would be by assessment.
One other considerations is that optical IXs will have a greater
impact on the internet, possibly good and bad. With larger circuit
sizes of OC48 and OC192 for peering. An attack would have a greater
ability to flood more traffic. A failure of a peering session here
would cause a reroute of greater traffic. A possible benfit might be
that larger circuit sizes might mean that an attack might not be able
to overwhelm the larger capacities especially if backbone sizes are
the constricting factor, not peering circuits or optical VPN circuits
at the optical IX.
Any feedback, devil's advocate position, voodoo or "other" is welcome.
Dave
--
David Diaz
dave@smoton.net [Email]
pagedave@smoton.net [Pager]
www.smoton.net [Peering Site under development]
Smotons (Smart Photons) trump dumb photons
