North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

mSQL Attack/Peering/OBGP/Optical exchange

  • From: David Diaz
  • Date: Sun Jan 26 12:59:10 2003


Morning all,

In light of the recent attack, and the dramatic impact it had on internet connectivity. I was wondering if any operators (esp of exchange pts) would provide information on utilization. Especially any common backplane %s.

I have received information on router utilizations, some routers it seems may have held up better then others. That information is useful. But I am working on some optical exchange point/optical metro designs and this might have a dramatic impact if one considers things like OBGP, Uni 1.0, ODSI etc etc.

A working hypothesis on the affect of this type of attack on a dynamically allocated bandwidth network (such as an optical exchange running OBGP etc) would have had a drastic affect on resources. All the available spare capacity would have likely be allocated out. So the "bucket" would have run dry. Understanding that exchange points of this type (or metro area dynamic layer1 transport networks) will manage the total bandwidth needs to always maintain adequate available capacity.

With the rapid onset of an attack such as the one sat morning. Models I have show that not only would the spare capacity been utilized quickly but that in a tiered (colored) customer system. That the lower service level customers (lead colored, silver etc) would have had their capacity confiscated and reallocated to the Platinum and Gold customers. The impact would have been much greater. Especially if the "lead" customers where not using their links for a simple off-hours server backup link, or redundant circuits to production circuits on another network. If they were low cost IP providers attempted to complete with the lowest cost server, they would have been drastically affected.

The affect might have caused a cascading type failure. If enough IP service providers were affected (disconnected) and their peering circuits or metro links disconnected, this traffic would have rerouted and flooded other IXs and private peering links. Without taking into consideration the BGP adds/withdraws load. They traffic levels alone would have had a sever impact on border routers and networks. At least that would be by assessment.

One other considerations is that optical IXs will have a greater impact on the internet, possibly good and bad. With larger circuit sizes of OC48 and OC192 for peering. An attack would have a greater ability to flood more traffic. A failure of a peering session here would cause a reroute of greater traffic. A possible benfit might be that larger circuit sizes might mean that an attack might not be able to overwhelm the larger capacities especially if backbone sizes are the constricting factor, not peering circuits or optical VPN circuits at the optical IX.

Any feedback, devil's advocate position, voodoo or "other" is welcome.

Dave
--

David Diaz
[email protected] [Email]
[email protected] [Pager]
www.smoton.net [Peering Site under development]
Smotons (Smart Photons) trump dumb photons