Tuesday, May 29, 2007

The Network Should Never Be Down

That a whole country could be DOS'd is evidence of someone doing a bad network install. The network should never be down.

Lots of companies have a root-and-branches approach to Internet connectivity, too, thinking that each site (or the whole corporate intranet) needs only one gateway to the outside. It leverages a small investment in Internet connectivity for an entire organization. Put all your eggs in one basket, and watch the basket. For the family baked bean recipe confidentiality that's good, but for availability that's bad.

It takes a lot of effort to protect a single address against a distributed Denial of Service attack, in which thousands of virus-infected machines send relatively small amounts of traffic against a target. When that target is a single gateway for an organization, the connection leverage is used in reverse, causing a lot of disruption for a little effort.

The "right" way to do it is to have multiple redundant shared trunks with neighbors. That word "shared" is scary to network administrators (or rather, to their pencil-pushing mentors). It means they'll have to carry outside traffic on their pipes (that's a metaphor, Senator), and that has risks: it costs money, and it has the potential to allow someone to see inside the network.

It takes a lot more effort on the part of the bad guys to attack multiple addresses, and with a multi-trunked network, keeping one or two gateways up can keep the whole network working.

The rewards for sharing bandwidth are enormous: multiple ISPs mean allowing TCP/IP to do its job, routing traffic to avoid disasters like DOS attacks, hurricanes, and nuclear bombs. The ISPs and other bandwidth partners know they have an interest in helping to protect your network. The technical risks can be mitigated simply by routing and tunneling.

Is the above realistic? Nope. Not in a corporate environment, anyway. I'd be really surprised if anyone outside academia or pure ISP does shared trunking anymore.

But it can also happen at the leaf nodes: you and your neighbors share cable broadband and DSL connections, routing through wifi. That violates most subscriber agreements, but it's the way the protocols were designed to work. Your network should never be down.


No comments: