« Skype outage: post mortem evolves | Main | Laptop crash - expect email delays »

September 16, 2007

Architecturally induced denial of service susceptability

Fundamental design decisions have a big impact on how a network behaves under stress.  I just noticed two otherwise unrelated posts both touching on network design issues that result in (or protect against) network collapse under stress.

Yesterday, I wrote about August's Skype outage where the system took over 36 hours to recover from a collapse.  The issue was too many clients attempting to reconnect at once.  Instead of clients “backing off” when supernodes weren’t immediately available, they kept hammering away, trying to log in.

Last week I wrote about the ways the Internet and the Telecoms networks respond to congestion in the backbone.  In December 2006 an earthquake off the coast of Taiwan broke multiple fiber cables causing a congestion collapse on the Internet backbone in significant parts of Asia.  The issue was too many computers attempting to reestablish TCP sessions with the result there was no capacity left for any session to actually send data.

In both cases, there were externally induced problems but, rather than recovering, there was the equivalent of a denial of service attack, self inflicted!

Both of these failures have a fairly simple solution, at least architecturally.  Under conditions of severe overload, the system must be able to restrict new attempts (new TCP sessions, new Skype logins, etc.) to some small percentage of the available capacity.  This allows the rest of the capacity to serve the logins, sessions or calls that do get through, with the result that what capacity remains is put to good use.

As I commented last week, this is one place where the telecoms industry has the correct architecture.  When disaster strikes subjecting some part of the network to overload, it's easy to restrict new call attempts on trunks into the congested area, for example by call gapping. This limits the amount of new traffic to that which the network can handle.  Thus, if only 30% capacity is available, at least the network handles 30% of the calls, not 3% or zero.

Here's one place where network architects can learn from established telecoms practice.

September 16, 2007 at 05:50 PM in Networks, Peer-to-Peer, Telecom Services, VoIP |

Technorati Tags: , , , , , ,

|

TrackBack

TrackBack URL for this entry:
http://www.typepad.com/services/trackback/6a00d8341c398553ef00e54edee12b8833

Listed below are links to weblogs that reference Architecturally induced denial of service susceptability:

» Ring! Ring! Monday News Analysis, 17th September from Telco 2.0
New details on the Great Skype Crash; looks like it was the client software and the Microsoft patchday whatdunnit. See also Brough Turner’s blog. Telco 2.0 Comment: Spot the bonus STL content in the first link! Worth remembering that large p2p n... [Read More]

Tracked on September 17, 2007 at 09:56 AM

» Ring! Ring! Monday News Analysis, 17th September from Telco 2.0
Concentrated links, every Monday [Read More]

Tracked on September 18, 2007 at 03:32 AM

Comments

The comments to this entry are closed.

My Photo

About

Search this Blog

Subscribe to this blog's feed

Subscribe by Email

My Online Status

February 2012

Sun Mon Tue Wed Thu Fri Sat
      1 2 3 4
5 6 7 8 9 10 11
12 13 14 15 16 17 18
19 20 21 22 23 24 25
26 27 28 29      

Archives

More...

Categories

People of Note

Fiber

ICT in Emerging Markets

Internet Law & Policy

Mobile

Social Software

Telecom Disruption

Venture Focus

Wireless Net Access

Recent Posts

Technorati


Site Meter

Upcoming Travel & Conferences


Links

Twitter Feed