Presentation is loading. Please wait.

Presentation is loading. Please wait.

Dissecting Significant Outages from 2014 Valerio Plessi CCIE R&S 24744 Customer Success Engineer

Published byBrendan Jordan Modified over 8 years ago

Similar presentations

Presentation on theme: "Dissecting Significant Outages from 2014 Valerio Plessi CCIE R&S 24744 Customer Success Engineer"— Presentation transcript:

1 Dissecting Significant Outages from 2014 Valerio Plessi CCIE R&S 24744 Customer Success Engineer valerio@thousandeyes.com

2 1 Passive Monitoring –Capture traffic from the network by generating a copy of the traffic usually via a span port, mirror port or network tap –Typical Use: Discover what is going on Active Probing –Generating a synthetic probe that will discover information and report back –Examples: ping, traceroute –Typical Use: Find the root cause Let’s look at a variety of events to see this in action. –DNS hijack, Cable Cut, BGP hijack, BGP Prepending Error, DDoS Using Active Probing to Diagnose Outages

3 Craigslist DNS Hijack November 2014

4 3 Craigslist DNS Records Compromised At height of attack, 27% of records observed were incorrect Compromised DNS registrar account used to add records pointing to Worldnic and 000Webhost

5 4 Affected DNS Caching Servers over a Week From 74% to 99% of vantage points resolving to correct records

6 5 Impact Varied across Countries and Networks Most affected countriesMost affected networks

7 6 DNS Trace with Hijacked Records Compromised records pointing to 000Webhost

8 Yahoo Irish Sea Cable Cut November 2014

9 8 Brits Lose Their Yahoo Email

10 9 Latency from Europe to Yahoo Dublin Data Center November 20th

11 10 Path Topology Prior to Cable Cut Yahoo Dublin AMS to Dublin cable London to Dublin cable (source of the cut)

12 11 When Cable Repair Ships Attack Cable cut occurs (8ms  80ms over Irish sea)

13 12 High Latency Topology After the Cable Cut Yahoo New York Transatlantic links in red

14 Indosat BGP Hijack April 2014

15 14 Normal Routes to PayPal PayPal / Akamai prefix Akamai AS 16625 Comcast upstream AS7922

16 15 Routes Advertised from Indosat PayPal / Akamai prefix Correct AS16625 (Akamai) Hijacking AS4761 (Indosat) Locations with completely hijacked routes Comcast upstream AS7922 PCCW upstream AS3491

17 16 PCCW Has No Routes to PayPal AS16625 PCCW Network only connected to Indosat Not to Akamai / PayPal AS16625

18 17 Causing All Traffic to Drop Traffic transiting PCCW has no routes and terminates

19 Country Financial BGP Prepending October 2014

20 19 Routing Topology Before the Event Cogent HE Access2Go Country Financial

21 20 Country Financial Experiences Outage TCP connection issues

22 21 And Corresponding Packet Loss And packet loss of >50%

23 22 Path Visualization During the Event

24 23 Routing Topology During the Event Oooops! Jaguar Communications is AS15011 and no monitors connected..

25 24 And the Routing Table Says… Doh!

26 HSBC America DDoS February 2014

27 26 Congested Nodes in Upstream ISPs Verizon, AT&T Nodes with >25% packet loss Packet loss in upstream ISPs Verizon and AT&T HSBC bank website under attack High packet loss from all testing points

28 27 Mitigation Effectiveness Using Verisign Verisign DDoS mitigation networks in yellow

29 28 Mitigation Handoff to Verisign Using BGP New Autonomous System (VeriSign) Prior Autonomous System (HSBC) Withdrawn routes New routes HSBC prefix

30 Thanks! valerio@thousandeyes.com

Download ppt "Dissecting Significant Outages from 2014 Valerio Plessi CCIE R&S 24744 Customer Success Engineer"

Similar presentations

© 2004-2012 NetBrain Technologies Inc. All rights reserved NetBrain In Action Real World Use Cases:

© NetBrain Technologies Inc. All rights reserved NetBrain In Action Real World Use Cases:
Interconnection Networks: Flow Control and Microarchitecture.

Interconnection Networks: Flow Control and Microarchitecture.
CSE534- Fundamentals of Computer Networking Lecture 12-13: Internet Connectivity + IXPs (The Underbelly of the Internet) Based on slides by D. Choffnes.

CSE534- Fundamentals of Computer Networking Lecture 12-13: Internet Connectivity + IXPs (The Underbelly of the Internet) Based on slides by D. Choffnes.
BGP Border Gateway Protocol EE122 Section 3. Border Gateway Protocol Protocol for inter-domain routing Designed for policy and privacy Why not distance-vector?

BGP Border Gateway Protocol EE122 Section 3. Border Gateway Protocol Protocol for inter-domain routing Designed for policy and privacy Why not distance-vector?
11 TROUBLESHOOTING Chapter 12. Chapter 12: TROUBLESHOOTING2 OVERVIEW  Determine whether a network communications problem is related to TCP/IP.  Understand.

11 TROUBLESHOOTING Chapter 12. Chapter 12: TROUBLESHOOTING2 OVERVIEW  Determine whether a network communications problem is related to TCP/IP.  Understand.
1 Interdomain Routing Protocols. 2 Autonomous Systems An autonomous system (AS) is a region of the Internet that is administered by a single entity and.

1 Interdomain Routing Protocols. 2 Autonomous Systems An autonomous system (AS) is a region of the Internet that is administered by a single entity and.
Transient BGP Loops Do they matter, and what can be done about them? Nate Kushman MIT/Akamai Srikanth Kandula, Dina Katabi and John Wroclawski.

Transient BGP Loops Do they matter, and what can be done about them? Nate Kushman MIT/Akamai Srikanth Kandula, Dina Katabi and John Wroclawski.
Loss and Delay Accountability for the Internet by Presented by:Eric Chan Kai Chen.

Loss and Delay Accountability for the Internet by Presented by:Eric Chan Kai Chen.
Interdomain Routing Security COS 461: Computer Networks Michael Schapira.

Interdomain Routing Security COS 461: Computer Networks Michael Schapira.
Delayed Internet Routing Convergence Craig Labovitz, Abha Ahuja, Abhijit Bose, Farham Jahanian Presented By Harpal Singh Bassali.

Delayed Internet Routing Convergence Craig Labovitz, Abha Ahuja, Abhijit Bose, Farham Jahanian Presented By Harpal Singh Bassali.
Decongestion Control Offense by James Gross Amit Mondal.

Decongestion Control Offense by James Gross Amit Mondal.
Measurement and Monitoring Nick Feamster Georgia Tech.

Measurement and Monitoring Nick Feamster Georgia Tech.
Network Monitoring for Internet Traffic Engineering Jennifer Rexford AT&T Labs – Research Florham Park, NJ 07932

Network Monitoring for Internet Traffic Engineering Jennifer Rexford AT&T Labs – Research Florham Park, NJ 07932
DARPA NMS PI Meeting November 14, 2002 Understanding BGP in Action Dan Massey USC/ISI.

DARPA NMS PI Meeting November 14, 2002 Understanding BGP in Action Dan Massey USC/ISI.
1 Network Topology Measurement Yang Chen CS 8803.

1 Network Topology Measurement Yang Chen CS 8803.
What is Actual Internet Speed? Seung Il Lee Network Engineer NTT Com ICT Solutions.

What is Actual Internet Speed? Seung Il Lee Network Engineer NTT Com ICT Solutions.
Characterizing Residential Broadband Networks Marcel Dischinger †, Andreas Haeberlen †‡, Krishna P. Gummadi †, Stefan Saroiu* † MPI-SWS, ‡ Rice University,

Characterizing Residential Broadband Networks Marcel Dischinger †, Andreas Haeberlen †‡, Krishna P. Gummadi †, Stefan Saroiu* † MPI-SWS, ‡ Rice University,
DDoS Attack and Its Defense1 CSE 5473: Network Security Prof. Dong Xuan.

DDoS Attack and Its Defense1 CSE 5473: Network Security Prof. Dong Xuan.
1 Studying Black Holes on the Internet with Hubble Ethan Katz-Bassett, Harsha V. Madhyastha, John P. John, Arvind Krishnamurthy, David Wetherall, Thomas.

1 Studying Black Holes on the Internet with Hubble Ethan Katz-Bassett, Harsha V. Madhyastha, John P. John, Arvind Krishnamurthy, David Wetherall, Thomas.
INTERNET TOPOLOGY MAPPING INTERNET MAPPING PROBING OVERHEAD MINIMIZATION  Intra- and inter-monitor redundancy reduction IBRAHIM ETHEM COSKUN University.

INTERNET TOPOLOGY MAPPING INTERNET MAPPING PROBING OVERHEAD MINIMIZATION  Intra- and inter-monitor redundancy reduction IBRAHIM ETHEM COSKUN University.

Similar presentations

Ads by Google