<?xml version="1.0" encoding="utf-8" standalone="yes"?><rss version="2.0" xmlns:atom="http://www.w3.org/2005/Atom" xmlns:content="http://purl.org/rss/1.0/modules/content/"><channel><title>Bgp on Azarudeen.com</title><link>http://azarudeen.com/tags/bgp/</link><description>Recent content in Bgp on Azarudeen.com</description><generator>Hugo</generator><language>en-us</language><lastBuildDate>Fri, 01 Oct 2021 10:00:00 +0530</lastBuildDate><atom:link href="http://azarudeen.com/tags/bgp/index.xml" rel="self" type="application/rss+xml"/><item><title>When the Map Burns with the Territory: BGP Lockouts and Cascading Dependencies</title><link>http://azarudeen.com/posts/08-oct-2021-to-dec-2022-when-the-map-burns-with-the-territory/</link><pubDate>Fri, 01 Oct 2021 10:00:00 +0530</pubDate><guid>http://azarudeen.com/posts/08-oct-2021-to-dec-2022-when-the-map-burns-with-the-territory/</guid><description>&lt;h1 id="when-the-map-burns-with-the-territory-oct-2021--dec-2022"&gt;When the Map Burns with the Territory (Oct 2021 – Dec 2022)&lt;/h1&gt;
&lt;p&gt;The defining image of this window is Facebook engineers reportedly unable to
badge into their own buildings because the outage had taken down the systems
that controlled the doors. Incident after incident showed recovery tooling,
communications, and even physical access welded to the infrastructure they were
supposed to repair.&lt;/p&gt;
&lt;h2 id="the-incidents-that-defined-the-period"&gt;The incidents that defined the period&lt;/h2&gt;
&lt;ul&gt;
&lt;li&gt;&lt;strong&gt;Facebook/Meta, October 4, 2021&lt;/strong&gt; — A routine maintenance command
disconnected Facebook&amp;rsquo;s backbone; its DNS servers, by design, &lt;strong&gt;withdrew their
BGP routes&lt;/strong&gt; when they couldn&amp;rsquo;t reach the datacenters. Facebook, Instagram,
and WhatsApp vanished from the internet for ~6 hours. Internal tools and
remote access died too, forcing physical datacenter visits
(&lt;a href="https://engineering.fb.com/2021/10/04/networking-traffic/outage/"&gt;engineering.fb.com&lt;/a&gt;).&lt;/li&gt;
&lt;li&gt;&lt;strong&gt;Roblox, October 28–31, 2021&lt;/strong&gt; — A 73-hour outage from a subtle interaction
between a Consul feature and BoltDB performance. The postmortem, co-published
with HashiCorp months later, was praised for depth and for neither party
hiding behind the other.&lt;/li&gt;
&lt;li&gt;&lt;strong&gt;AWS us-east-1, December 7, 2021&lt;/strong&gt; — An automated scaling activity triggered
a thundering herd on the &lt;strong&gt;internal network&lt;/strong&gt; connecting AWS&amp;rsquo;s own services;
monitoring and support tooling were among the casualties, slowing diagnosis
(&lt;a href="https://aws.amazon.com/message/12721/"&gt;aws.amazon.com/message/12721&lt;/a&gt;).
Two further December us-east-1 incidents made &amp;ldquo;why is everything in one
region?&amp;rdquo; a CTO-level question.&lt;/li&gt;
&lt;li&gt;&lt;strong&gt;Log4Shell, December 2021&lt;/strong&gt; — A logging library CVE that turned every Java
shop&amp;rsquo;s December into an incident. The response was run like an outage and
postmortem&amp;rsquo;d like one; SBOMs went from acronym to mandate.&lt;/li&gt;
&lt;li&gt;&lt;strong&gt;Atlassian, April 2022&lt;/strong&gt; — A maintenance script given the wrong IDs
&lt;strong&gt;permanently deleted&lt;/strong&gt; ~400 customers&amp;rsquo; cloud sites; restoration took up to
two weeks because recovery was designed for whole-service rollback, not
per-customer restore. The postmortem&amp;rsquo;s candor about that gap was the lesson.&lt;/li&gt;
&lt;li&gt;&lt;strong&gt;Rogers, July 8, 2022&lt;/strong&gt; — A maintenance update removed a routing filter and
the resulting BGP flood crashed Canada&amp;rsquo;s largest network — including 911
access and Interac payments — for ~a day. National reviews followed;
reliability became telecom regulation.&lt;/li&gt;
&lt;li&gt;&lt;strong&gt;Cloudflare, June 21, 2022&lt;/strong&gt; — A BGP change during a datacenter conversion
took down 19 of their busiest locations; postmortem published same day.&lt;/li&gt;
&lt;li&gt;&lt;strong&gt;UK heatwave, July 2022&lt;/strong&gt; — Google and Oracle cloud regions in London
throttled by cooling failures: climate as a reliability factor.&lt;/li&gt;
&lt;li&gt;&lt;strong&gt;Southwest Airlines, December 2022&lt;/strong&gt; — Crew-scheduling software collapsed
under a winter storm; ~17,000 flights cancelled. The eventual reckoning
(including a record fine) made &amp;ldquo;legacy system risk&amp;rdquo; a board agenda item.&lt;/li&gt;
&lt;/ul&gt;
&lt;h2 id="what-the-postmortems-reveal"&gt;What the postmortems reveal&lt;/h2&gt;
&lt;p&gt;&lt;strong&gt;1. Recovery must not depend on the thing being recovered.&lt;/strong&gt; Facebook&amp;rsquo;s DNS,
AWS&amp;rsquo;s monitoring, Atlassian&amp;rsquo;s restore tooling — each incident extended because
the repair path ran through the failure. Out-of-band management networks,
break-glass access, and offline runbooks became the era&amp;rsquo;s universal action item.&lt;/p&gt;</description></item><item><title>One Regex and a Pandemic: Global Blast Radius Meets Global Load</title><link>http://azarudeen.com/posts/06-apr-2019-to-jun-2020-one-regex-and-a-pandemic/</link><pubDate>Mon, 01 Apr 2019 10:00:00 +0530</pubDate><guid>http://azarudeen.com/posts/06-apr-2019-to-jun-2020-one-regex-and-a-pandemic/</guid><description>&lt;h1 id="one-regex-and-a-pandemic-apr-2019--jun-2020"&gt;One Regex and a Pandemic (Apr 2019 – Jun 2020)&lt;/h1&gt;
&lt;p&gt;This window bookends neatly: it opens with self-inflicted global outages at
Cloudflare and Google that sharpened the industry&amp;rsquo;s thinking about staged
rollouts, and closes with COVID-19 stress-testing every capacity plan on Earth.&lt;/p&gt;
&lt;h2 id="the-incidents-that-defined-the-period"&gt;The incidents that defined the period&lt;/h2&gt;
&lt;ul&gt;
&lt;li&gt;&lt;strong&gt;Google Cloud, June 2, 2019&lt;/strong&gt; — A maintenance automation event descheduled
network control-plane jobs across multiple regions; congestion throttled
Google Cloud, YouTube, and Gmail for ~4 hours. The postmortem detail everyone
remembers: &lt;strong&gt;the outage impaired the tools engineers needed to fix the outage.&lt;/strong&gt;&lt;/li&gt;
&lt;li&gt;&lt;strong&gt;Cloudflare, July 2, 2019&lt;/strong&gt; — A single WAF rule containing a
&lt;strong&gt;catastrophically backtracking regex&lt;/strong&gt; was pushed globally (WAF rules were
exempt from staged rollout, by design, for emergency response) and pinned every
CPU on Cloudflare&amp;rsquo;s edge. 27 minutes of global 502s, and one of the finest
postmortems ever written
(&lt;a href="https://blog.cloudflare.com/details-of-the-cloudflare-outage-on-july-2-2019/"&gt;blog.cloudflare.com&lt;/a&gt;) —
including a mini-lecture on regex complexity and why their kill switch was slow.&lt;/li&gt;
&lt;li&gt;&lt;strong&gt;Verizon BGP route leak, June 24, 2019&lt;/strong&gt; — A small ISP&amp;rsquo;s route optimizer leaked
routes through Verizon, blackholing chunks of the internet including Cloudflare.
Cloudflare&amp;rsquo;s blunt public writeup (&amp;ldquo;a small heart attack&amp;rdquo;) pushed RPKI adoption
into the mainstream.&lt;/li&gt;
&lt;li&gt;&lt;strong&gt;Stripe, July 2019&lt;/strong&gt; — Two coupled database failures; Stripe published a
detailed root-cause report, notable for a payments company.&lt;/li&gt;
&lt;li&gt;&lt;strong&gt;Salesforce, May 2019&lt;/strong&gt; — A database script granted broad permissions across
orgs; the remediation (revoking permissions widely) caused more disruption than
the bug. Recovery-as-second-incident became a named pattern.&lt;/li&gt;
&lt;li&gt;&lt;strong&gt;COVID-19 surge, March–June 2020&lt;/strong&gt; — Zoom grew ~30x; Robinhood suffered
repeated trading-day outages (thundering-herd load on launch-day architecture);
streaming services voluntarily degraded quality in Europe; unemployment systems
running on mainframes buckled. Not one incident but a planetary load test.&lt;/li&gt;
&lt;/ul&gt;
&lt;h2 id="what-the-postmortems-reveal"&gt;What the postmortems reveal&lt;/h2&gt;
&lt;p&gt;&lt;strong&gt;1. Emergency paths are the most dangerous paths.&lt;/strong&gt; Cloudflare&amp;rsquo;s WAF pipeline
skipped staged rollout &lt;em&gt;on purpose&lt;/em&gt; — speed against attackers. The lesson wasn&amp;rsquo;t
&amp;ldquo;never ship fast&amp;rdquo; but &amp;ldquo;your fastest pipeline needs the strongest circuit
breakers.&amp;rdquo; Global-instant anything became a red flag in design reviews.&lt;/p&gt;</description></item></channel></rss>