originally posted by: DontTreadOnMe
a reply to: Identified
I really thought it was my ISP at first. IT ws odd as most of the down sites were political....so then I thought it was probably more widespread.
I still don't understand what happened...it wasn't a DDoS?????
If cloudfare is/was the problem, then it's happened before,
extract from Clouflare's post mortem,
The cause of the outage was a system-wide failure of our edge routers. CloudFlare currently runs 23 data centers worldwide. These data centers are
connected to the rest of the Internet using routers. These routers announce the path that, from any point on the Internet, packets should use to reach
our network. When a router goes down, the routes to the network that sits behind the router are withdrawn from the rest of the Internet.
We regularly will shut down one or a small handful of routers when we are upgrading a facility. Because we use Anycast, traffic naturally fails to the
next closest data center. However, this morning we encountered a bug that caused all of our routers to fail network wide.
We are largely a Juniper shop at CloudFlare and all the edge routers that were affected were from Juniper. One of the reasons we like Juniper is their
support of a protocol called Flowspec. Flowspec allows you to propagate router rules to a large number of routers efficiently. At CloudFlare, we
constantly make updates to the rules on our routers. We do this to fight attacks as well as to shift traffic so it can be served as fast as
This morning, we saw a DDoS attack being launched against one of our customers. The attack specifically targeted the customer's DNS servers. We have
an internal tool that profiles attacks and outputs signatures that our automated systems as well as our ops team can use to stop attacks. Often, we
use these signatures in order to create router rules to either rate limit or drop known-bad requests.
In this case, our attack profiler output the fact that the attack packets were between 99,971 and 99,985 bytes long. That's odd to begin with because
the largest packets sent across the Internet are typically in the 1,500-byte range and average around 500 – 600 bytes. We have the maximum packet
size set to 4,470 on our network, which is on the large size, but well under what the attack profiler was telling us was the size of these attack
That's from, 3 March 2013, 01:47 pm. That was a DDoS attack.