From Microsoft's site

Greg A. Woods woods at weird.com
Fri Jan 26 06:14:34 UTC 2001


[ On Thursday, January 25, 2001 at 17:53:12 (-0800), Rusty H. Hodge wrote: ]
> Subject: Re: From Microsoft's site
>
> >  Which would not have suffered such an impact had it been designed
> >  correctly, with geographical and topological disparity.
> 
> You sure it isn't designed that way? Just because the IPs are on the 
> same /24 doesn't mean anything these days.

It seems in the case of M$'s DNS servers they are all in one place (be
it a room, a building, or their campus), and all behind one AS number,
with apparently only one router "entity" sitting in front of the whole
mess (if you believe what they've been saying has any basis in reality)

I haven't looked at how the routing advertisements for that /24 appear
out in the rest of the world, beyond what's registered at whois.ra.net,
but I doubt they've made separate advertisments for each IP# or some
subnets that would separate them, and even if they did I doubt such
advertisments coul even make it past the route filters of their peers.

By "topological disparity" I meant each server should have radically
different IP routing *and* physical connectivity.  Even if M$ did have
good geographic dispersion with each of their four DNS servers in the
four corners of the continental USA and connected back to their campus
by some form of private circuits, they've still got effectively one IP
routing path to whatever they might use to provide that non-IP
connectivity back out to those four corners.  I.e. there's still a
single point of failure from the perspective of random users on random
Internet sites.  If there wasn't a single point of failure then the
recent events would not have occurred.

I just noticed this gem too:

Microsoft (NETBLK-MICROSOFT-GLOBAL-NET)
   One Microsoft Way
   Redmond, WA 98103
   US

   Netname: MICROSOFT-GLOBAL-NET
   Netblock: 207.46.0.0 - 207.46.255.255

   Coordinator:
      Microsoft  (ZM39-ARIN)  noc at microsoft.com
      425-936-4200

   Domain System inverse mapping provided by:

   DNS4.CP.MSFT.NET             207.46.138.11
   DNS4.CP.MSFT.NET             207.46.138.11

So, how is it that ARIN let them get away with two entries for the same
damn server?!?!?!?!?

-- 
							Greg A. Woods

+1 416 218-0098      VE3TCP      <gwoods at acm.org>      <robohack!woods>
Planix, Inc. <woods at planix.com>; Secrets of the Weird <woods at weird.com>




More information about the NANOG mailing list