Broken internet

“The internet is broken”. Uh? This is a common complaint a) from my wife who isn’t particularly technology savvy and b) from people whose broadband connection has gone down for whatever reason.

Yesterday this complaint, slightly tongue in cheek, came from our development engineering team. US network operator Level3 had a problem with a bug in it’s Juniper routers. This affected access to quite a few websites worldwide and is certainly likely to have hit more than a few ISPs. Word is that this was BGP related and leads to the need to reboot the Juniper kit. In fact a number of ISPs issued emergency maintenance window alerts last night so that they could upgrade to newer versions of their Junos operating system.

Most of the time you can live with a bug – design around it perhaps.I’m sure the problem will get sorted. My observations here though relate to the

security of the internet itself. The network was designed to be resilient but is dependent on the equipment of a handful of large manufacturers to operate.

If you drill into any of these large scale routers there are many bugs (features) identified with each one at any given point in time. These are complicated bits of kit running many interdependent software protocols. It isn’t possible to design one that is bug free especially as technology is advancing at such a rapid pace and networks grow ever more complex. Sometimes you only find out about a bug under certain conditions – eg when traffic through a router reaches certain levels. Most of the time you can live with the bug – design around it perhaps. At other times a bug develops into a critical problem and this usually results in an emergency patch by the vendor of the particular router. To avoid this dependency some networks are designed as two totally different networks based on different vendor kit – LINX (London Internet Exchange) for example which carries so much traffic that a total outage would have a huge knock on effect. This is an expensive option.

Where am I getting to here? The Level3 outages today show just how vulnerable the world could be if an unfriendly entity wanted to cripple the global economy. It’s a racing certainty that many engineers out there know how to go about it, just by exploiting known weaknesses in routers.

We are dependent on these engineers remaining good guys – the ISP industry is by and large staffed by folk who pride themselves on their professionalism and integrity.

Published by Trefor Davies

Liver of life, father of four, CTO of trefor.net, writer, poet, philosopherontap.com

Join the Conversation

2 Comments

  1. Thank goodness the engineers know what they are doing and take a pride in their work. I have spoken to many BT ones, and although they tear their hair out at working with obsolete copper lines and exchanges with holes in the roofs they do their level best to keep the service going. I love engineers, they are the salt of the earth, and they will keep as many online as they can do.

  2. Perhaps the reason why we’ve not had the scenario you describe is that router operating systems have not, by and large, been in the hands of the masses because they are dedicated to one purpose unlike a server or desktop OS and consumer routers do not share the same software.

    Coupled with this, the accompanying qualifications take a great committment both in terms of finances and time to both attain and maintain and can be revoked by the issuing manufacturer or professional body at any time and for any reason they deem necessary, including I would assume by bringing them into disrepute by using the attained skills to bring down a piece of equipment by exploiting its known weaknesses.

    I did make a start on a CCNA course myself last year but had to withdraw due to various things going on in my life at the time but am intending to go back to it soon but it was really hard graft and required absolute focus and concentration.

    After putting in all that work and having to sit an exam, why would anyone risk being stripped of their professional qualification?

    I believe that is the reason why we’ve not seen any malicious attacks on the core routing infrastructure so far.

    However, if the Government is to be believed it maybe only a matter of time before state sponsored hackers turn their attentions to the routing infrastructure itself, particularly now they’ve seen the havoc a routing protocol bug in one vendor’s software can wreak.

Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.