mSQL Attack/Peering/OBGP/Optical exchange

David Diaz techlist at smoton.net
Sun Jan 26 17:52:50 UTC 2003


Morning all,

In light of the recent attack, and the dramatic impact it had on 
internet connectivity.  I was wondering if any operators (esp of 
exchange pts) would provide information on utilization.  Especially 
any common backplane %s.

I have received information on router utilizations, some routers it 
seems may have held up better then others.  That information is 
useful.  But I am working on some optical exchange point/optical 
metro designs and this might have a dramatic impact if one considers 
things like OBGP, Uni 1.0, ODSI etc etc.

A working hypothesis on the affect of this type of attack on a 
dynamically allocated bandwidth network (such as an optical exchange 
running OBGP etc) would have had a drastic affect on resources.  All 
the available spare capacity would have likely be allocated out.  So 
the "bucket" would have run dry.  Understanding that exchange points 
of this type (or metro area dynamic layer1 transport networks) will 
manage the total bandwidth needs to always maintain adequate 
available capacity.

With the rapid onset of an attack such as the one sat morning. 
Models I have show that not only would the spare capacity been 
utilized quickly but that in a tiered (colored) customer system. 
That the lower service level customers (lead colored, silver etc) 
would have had their capacity confiscated and reallocated to the 
Platinum and Gold customers.  The impact would have been much 
greater.  Especially if the "lead" customers where not using their 
links for a simple off-hours server backup link, or redundant 
circuits to production circuits on another network. If they were low 
cost IP providers attempted to complete with the lowest cost server, 
they would have been drastically affected.

The affect might have caused a cascading type failure.  If enough IP 
service providers were affected (disconnected) and their peering 
circuits or metro links disconnected, this traffic would have 
rerouted and flooded other IXs and private peering links.  Without 
taking into consideration the BGP adds/withdraws load.  They traffic 
levels alone would have had a sever impact on border routers and 
networks.  At least that would be by assessment.

One other considerations is that optical IXs will have a greater 
impact on the internet, possibly good and bad.  With larger circuit 
sizes of OC48 and OC192 for peering.  An attack would have a greater 
ability to flood more traffic.  A failure of a peering session here 
would cause a reroute of greater traffic.  A possible benfit might be 
that larger circuit sizes might mean that an attack might not be able 
to overwhelm the larger capacities especially if backbone sizes are 
the constricting factor, not peering circuits or optical VPN circuits 
at the optical IX.

Any feedback, devil's advocate position, voodoo or "other"  is welcome.

Dave
-- 

David Diaz
dave at smoton.net [Email]
pagedave at smoton.net [Pager]
www.smoton.net [Peering Site under development]
Smotons (Smart Photons) trump dumb photons





More information about the NANOG mailing list