How a small company caused Internet disruption
In a startling demonstration of exactly how little it can take to disrupt the Internet, a relatively innocuous network configuration update by a small Czech company last Monday briefly caused widespread router problems and traffic slowdowns around the globe.
The issue, which was addressed almost as quickly as it was caused, has evoked considerable discussion in some security and network-related blogs and newsgroups, particularly because all it took to cause it was one apparently inexperienced administrator.
[ Keep up on the latest networking news with our Networking Report newsletter. And discover the top-rated IT products as rated by the InfoWorld Test Center. ]
The trouble was seemingly caused by the manner in which the company, SuproNet, provided a crucial bit of information for telling network routers how to reach its site -- or IP address -- from other locations.
According to one description of the problem, on a blog maintained by Internet monitoring company Renesys , there is more than one way to reach a block of IP addresses. So the directions that are provided by sites to routers include an attribute known as the Autonomous System (AS) path, which tells routers the specific list of carrier networks that have to be traversed to reach IP addresses. Those paths are then propagated throughout the Internet by network routers to direct traffic to a site from locations around the world.
If network administrators don't want routers to select a particular path they use a process known as prepending to artificially lengthen the path so that it is only chosen as a back-up or secondary route to their sites. In this recent mishap, SuproNet lengthened its path for its secondary route by several orders of magnitude greater than was either needed or is customary on the Internet. As its routing announcements were propagated over the Internet, the sheer length of SuproNet's path information caused them to essentially "tear down" or end their sessions with the immediate source of that data.
"What we think happened next is the Internet equivalent of a massive buffer overflow," Earl Zmijewski, vice president and general manager at Renesys, wrote in the blog post. "While most of the core routers run by major ISPs fared well, processing the ridiculous path and sending it on, others choked," causing widespread network disruptions and slowdowns around the globe, he said.
Zmijewski toldComputerworldtoday that while SuproNet's AS path length was unusually long, that alone should not have created the cascading set of problems around the Internet. Instead the problem has to do with a bug in Cisco Systems' routers that makes its Internetwork Operating System (IOS) software susceptible to problems when they encounter such long AS paths.
"These Cisco routers were located all over the planet so it was a global event," Zmijewski said. "What would happen is that these Cisco routers choked on the path [information] and assumed that the input was junk and by that they thought that whoever was giving it to then was wrong," and essentially tore down connections with the source, he said. "You don't want to propagate garbage so you turn it down."
The matter was resolved fairly simply, when SuproNet changed the AS-path information after apparently being informed about the problems its routing update was causing around the Internet. Zmijewski said that as the change propagated, in a matter of a few minutes, routers started working as usual.
Danny McPherson, chief security officer at Arbor Networks , noted in a blog post that the problem was the result of some versions of Cisco IOS not allocating enough buffer space "for silly long" AS paths. "So they blow chunks when they receive the update," such as the one announced by SuproNet, he said. Arbor provides a range of network security services for large ISPs and enterprises. According to McPherson, the problem seems to have "triggered a great deal of wide-spread routing system instability and underlying connectivity issues," last Monday.
Ivan Pepelnnjak, chief technology advisor for NIL Data Communications in Slovenia, described in a blog post the bug in Cisco IOS as a new issue that is triggered on a router only when an inbound AS-path contains closes to 255 AS numbers. The blog provides technical descriptions of the bug and a fix for it.
Cisco did not immediately respond to a request for comment. It is not immediately clear if a patch is available for the flaw.
Computerworld is an InfoWorld affiliate.
Read More ...
Update: VMware adds to cloud strategy
VMware has security for its cloud OS, an API for integrating internal and external clouds and improved management features in store for the visitors of VMworld Europe, which kicks off on Tuesday.
At the event, the company will continue to build on the Virtual Datacenter Operating System (VDC-OS), the vCloud Initiative and the vClient Initiative -- all of which were announced in September at the U.S. version of the event.
[ Related cloud news: "Microsoft cites cloud as transformational" | Learn more about what cloud computing really means | Follow the cloud with InfoWorld's Cloud Computing blog. ]
All three initiatives will be important pillars of VMware's strategy, according to Bogomil Balkansky, VMware's senior director of product marketing.
Its VDC-OS, which will allow enterprises to build their own so-called "internal" clouds in their own data centers, has gotten a real name: vSphere, VMware CEO Paul Maritz announced during his keynote on Tuesday.
Maritz likes to think of the new architecture as a software mainframe, at least when he is talking to people over 45, and describes it as a new substrate of software that provides the foundation either for an internal cloud or a foundation for an external cloud provider.
"It allows you to very effectively pool resources together, and think of it as a single, giant computing resource," said Maritz.
Virtualization is fundamentally about encapsulating, according to Maritz. Users can take an existing application and all the complexity around it and package it into a "black box." Then they can use virtualization and VDC-OS to handle it in a much more flexible way, he said.
VMware isn't just naming its VDC-OS platform: It is also adding new parts, including a security service called vShield Zones, to its VDC-OS platform. The addition of vShield Zones will let users create separate zones in a cloud-based datacenter, similar to the notion of a demilitarized zone in the traditional IT infrastructure, but based on virtual machines rather than physical devices.
"Historically there has been a bit of a conflict between the security policy that is tied to the physical device and this new world of virtualization that is a lot more mobile and dynamic, and vShield Zones is really about marrying the best of both worlds," Balkansky said.
Virtual servers, which have been grouped in a zone, can still move around like they have before, but the security policy associated with the servers will also move with them, according to Balkansky.
"What VMware is focused on doing with the Virtual Datacenter Operating System is really to bring the benefit of cloud computing to the internal data center and to allow companies to build their own internal cloud, and to make it act with the efficiency, resilience and characteristics of a cloud service provider," said Balkansky.
VMware is still very secretive about the release of VDC-OS, only saying that it will be sometime in 2009. Pricing and packaging will also be announced later.
The company is one of a growing number of vendors that see future cloud computing as a hybrid between internal and external services running hand in hand -- which VMware calls a virtual private cloud, something that will be made possible by its vCloud Initiative.
CIOs won't have the luxury of being able to move internal IT systems to new cloud service providers, including Google and Amazon, according to Balkansky.
If VMware gets its way, software from the company will be used in both the internal and external cloud. At the same time, VMware says it wants to be a part of driving standards around cloud computing interoperability.
Standards will be very important to the future cloud computing. If standards aren't developed clouds run the risk of becoming a Hotel California, a place where you can check in, but never check out, according to Maritz.
At VMworld Europe, the company is adding an API (Application Programming Interface) to its vCloud Initiative. The vCloud API will allow the migration of virtual machines between a company's own infrastructure and another service provider and will also become part of VDC-OS.
The API is currently in a private release for VMware's vCloud partners. "Service providers would use the API to build their cloud computing services in a way that they import and export virtual machines from the on-premise infrastructures of customers," Balkansky said.
If a virtual machine is to be moved from one cloud to another, they need to speak a common language. Even if both sides are based on the same platform, the receiving cloud service provider needs to know what's running inside the virtual, about security policies and availability, according to Balkansky.
Management will be important to the success of both vCloud Initiative. At VMworld Europe, the company is adding a plugin to the VI Client -- the user interface of vCenter. It will allow administrators to see and manage all of the virtual machines, and it won't matter where they are running, Balkansky said.
He expects the adoption of the technology to closely mimic that of virtualization; starting with testing and development and then moving from there.
VMware also announced it is adding a high availability feature called vCenter Server Heartbeat to its central management console vCenter.
Heartbeat will provide a fail-over feature to the vCenter server itself. If something happens to the primary management server, a spare copy will take over without any downtime, Balkansky said.
The availability of vCenter is becoming increasingly important as VMware installations grow in size. A lot of customers can't bear even a second of downtime, and have been pushing VMware to make some improvements, according to Balkansky, who added that even if the management server goes down the infrastructure keeps going.
VMworld Europe runs until Thursday, Feb. 26.
Read More ...
Update: Gmail back after two-hour outage
Google's Gmail service was unavailable starting around 10:30 a.m. GMT on Tuesday, but it appeared to come back online for most users around two hours later.
The scope of the outage was not immediately clear, but at least some users in Europe and Asia on Tuesday could not get access to their inboxes or had to wait a minute or more for them to open.
[ Discover the top-rated IT products as rated by InfoWorld's 2009 Technology of the Year Awards. ]
"We're aware of a problem with Gmail affecting a number of users," Google said in an advisory on its Gmail support site. "We're working hard to resolve this problem and will post updates as we have them. We apologize for any inconvenience that this has caused."
As of filing time the message had not been updated.
Google has had trouble with Gmail before, setting off waves of concerns over the reliability of the service.
Last August, Gmail had three significant outages that affected not only individual consumers of the free Web mail service but also companies and organizations paying for Apps Premier, the company's hosted suite of collaboration, messaging and office productivity services. Apps Premier costs $50 per user per year.
To compensate for the downtime, Google decided to extend a credit to all Apps Premier customers and also said it would get better at notifying people of problems. Google offers a 99.9 percent uptime guarantee for Gmail for users paying for Google Apps Premier.
An outage on Aug. 11 lasted about two hours and affected almost all Apps Premier users. The other two, on Aug. 6 and Aug. 15, hit a small number of Apps Premier users but locked some users out of their accounts for more than 24 hours.
Ingres, Alfresco debut open-source SharePoint rival
Open-source vendors Ingres and Alfresco are teaming up on a software appliance that bundles the Ingres database with Alfresco's content management platform, hoping the combination will prove to be an enticing alternative to Microsoft SharePoint.
The two vendors have already bundled their products but decided to go a step further with the appliance, which adds a Linux operating system and can be installed on commodity hardware, said Deb Woods, vice president of product management at Ingres.
[ Stay informed on trends in the open source community with the Rodrigues & Urlocker Open Source blog. ]
"One of the pieces of feedback we got [from the bundle] was that customers wanted to get up and running more quickly," she said.
The appliance will also provide customers with a single point of contact for support, which will be provided by Ingres.
Ingres, which previously released a BI (business-intelligence) appliance that uses software from JasperSoft , sees appliances as an easier way to get its technology into customers' hands, Woods said. "A lot of companies aren't necessarily looking for another database."
Nor may they be inclined to rip and replace SharePoint, but Alfresco's support for SharePoint and Office protocols means that wouldn't be necessary. SharePoint tightly integrates with Office applications, and the protocols allow Alfresco to act as a stand-in on the back end.
Ingres will charge $32,500 per CPU (central processing unit) for subscription support per year for the appliance, with CPUs counted by the socket. In comparison, the company charges $8,000 for per socket for the core database product.
The ECM appliance should provide "an attractive choice" for customers in the market for collaboration tools, as well as systems integrators who want to build alternatives to SharePoint, according to 451 Group analyst Matthew Aslett.
But it is unclear just how much of a pure technological leap has been made here, said Curt Monash, founder of Monash Research, via e-mail.
"Ingres' appliances have always seemed to be more about pricing and distribution than technology," he said. "If they've simplified configuration and installation, good for them. But the most successful appliances are usually those that were designed to be appliances from the ground up."
Attackers targeting unpatched vulnerability in Excel 2007
Microsoft's Excel spreadsheet program has a zero-day vulnerability that attackers are exploiting on the Internet, according to security vendor Symantec.
A zero-day vulnerability is one that does not have a patch and is actively being used to attack computers when it is publicly revealed. The problem affects Excel 2007 and the same version of that program with Service Pack 1, according to an advisory on SecurityFocus, a Web site that tracks software flaws. Other versions of Excel may also be affected, it said.
[ Learn how to secure your systems with Roger Grimes' Security Adviser blog and newsletter, both from InfoWorld. ]
The program's vulnerability can be exploited if a user opens a maliciously crafted Excel file. Then, a hacker could run unauthorized code. Symantec has detected that the exploit can leave a Trojan horse on the infected system, which it calls "Trojan.Mdropper.AC."
That Trojan, which works on PCs running the Vista and XP operating systems, is capable of downloading other malware to the computer. Microsoft said it is only aware of "limited and targeted attacks" and that it would release more information later on Tuesday.
Hackers have increasingly sought to find vulnerabilities in applications as Microsoft has spent much effort into making its Vista OS more secure.
Read More ...
Microsoft cites cloud as transformational
Promoting its Windows Azure cloud OS, Microsoft described on Monday the cloud as a transformational shift for the industry.
The move to the cloud follows transformations from the mainframe to the PC, from the PC to client-server, and from client-server to the Internet, according to Microsoft.
[ InfoWorld breaks down what cloud computing really means. | Cloud computing is shaping up to be a big trend in 2009. ]
"So what is all this fuss about SaaS (software as a service)? Well, really, it is the transformation that cloud computing will bring to our industry," said Mark Hindsbo, Microsoft general manager for developer and platform evangelism, during the MSDN Developer Conference in San Francisco.
Microsoft is touting Windows Azure and the Azure Services Platform. With Azure, developers can use the Visual Studio software development environment to build applications for the cloud.
"The easiest way to think about [Windows Azure] is it is Windows Server in the cloud," said Hindsbo. It supports development using REST and XML services and native or managed code.
Cloud computing and SaaS can provide benefits in today's tough economy, offering quick application deployment, Hindsbo said.
"I think one of the things that we're all facing right now is the big software projects that require massive up-front investments before our business customers see any return are probably very dubious," he said.
Microsoft's emphasis on cloud computing drew an endorsement from conference attendee Curtis Pope II, CEO of MetroDataOne, a software development and consulting firm.
"Just the fact that people are able to store not only their personal information but also their work information or work from anywhere, even, that's a beautiful thing," Pope said. Cloud computing harks back to the days of terminal-based computing but is flexible, he said.
Azure currently is offered in a pre-released, community preview format. General availability of Azure technology is anticipated for some time in 2010.
Red Hat targets VMware, Microsoft with virtualization line
Red Hat introduced Monday an entire line of virtualization software aimed at disrupting the current market and leader VMware's position by giving customers an open source option for virtualizing their datacenters.
The new line includes the built-in virtualization of RHEL (Red Hat Enterprise Linux) OS as well as two virtual-machine management products: one for desktops and one for servers. Red Hat also is offering a stand-alone hypervisor called Red Hat Enterprise Virtualization.
[ The battle lines are being drawn in the virtualization field as Microsoft recently teamed with Citrix to go against VMware | Keep up with the latest in virtualization with David Marshall's Virtualization Report ]
The new products also position Red Hat more solidly against Microsoft, which has a line of virtualization-enablement and management technologies to accompany its popular Windows Server software.
Red Hat purchased Israel-based virtualization software vendor Qumranet last September, and the new offerings are based on some of the technology from that deal. They also represent a migration from the Xen hypervisor, on which Red Hat based the virtualization included in RHEL 5, to the KVM (kernel-based virtual machine) hypervisor. KVM is based on the Linux kernel and is designed for high performance and stability.
Red Hat will continue to support customers using the Xen virtualization software through the lifecycle of the RHEL 5 OS, which is until at least 2014, the company said. The KVM hypervisor will first appear in RHEL 5.4, the next version of RHEL that is due for final release in the next few months. Red Hat released the current version of RHEL, RHEL 5.3, on Jan. 20.
Red Hat's virtualization line and news last week that Red Hat and competitor Microsoft will support customers running each other's virtualization software mean the heat is on market leader VMware, which had a rocky 2008 with the sudden departure of President and CEO Diane Greene amid financial woes. She was replaced midyear by former Microsoft executive Paul Maritz.
Microsoft and Citrix Systems also said Monday that they are working more closely together to compete better with VMware. Citrix plans to release a new suite of virtualization management tools in April that will be offered for Microsoft's Hyper-V and its Citrix XenServer virtualization software, the companies said.
Specifically, Red Hat's new product line includes the Red Hat Enterprise Virtualization Manager for Servers, Red Hat Enterprise Virtualization Manager for Desktops, RHEL and the hypervisor.
The server virtualization manager product will provide a scalable, graphical user interface-based management system so enterprises can manage every object in a virtualized environment, be it a user, an image or a virtual server, said Navin Thadani, senior director of Red Hat's virtualization business.
Similarly, the desktop virtualization manager will allow enterprises to centrally manage, secure, and enforce policies for a virtual desktop environment without interrupting the user experience, Thadani said. The software takes advantage of a technology called SolidlCE from Qumranet and the SPICE remote rendering technology.
Red Hat Enterprise Virtualization Hypervisor is a small-footprint hypervisor that Thadani said would likely be most popular with customers who have limited virtualization experience. He defended Red Hat's decision to offer another stand-alone hypervisor to a market that already has several options of what is rapidly becoming a commodity technology, saying that Red Hat wants to give customers choice for their different virtualization needs.
Red Hat did not provide pricing information for its virtualization line. The company will introduce the products gradually over the next 18 months, with the first ones appearing in about three months, it said.
Read More ...
Ubuntu will target cloud computing with October release
Support for cloud computing will be a major feature of the October release of Ubuntu, the Linux distribution maintained by Canonical, company CEO Mark Shuttleworth announced in an e-mail to the Ubuntu developers mailing list on Friday.
The server version of Ubuntu 9.10, nicknamed "Karmic Koala," will include support for EC2, the cloud computing service run by Amazon Web Services, and a portfolio of standard Amazon Machine Images (AMIs) to make it easier for applications running in the cloud to collaborate with one another by using similar configurations, Shuttleworth wrote.
[ Learn more about what cloud computing really means | Follow the cloud with InfoWorld's Cloud Computing blog ]
Amazon's EC2 also supports Windows Server 2003, OpenSolaris, and a number of other Linux distributions, including Red Hat Enterprise Linux and Oracle Enterprise Linux.
Microsoft plans its own hosted cloud computing service, Azure, set to open for business later this year. Ubuntu, though, could make the market much tougher for Microsoft by helping other competitors to spring up, or letting businesses do it themselves.
Beyond support for Amazon's EC2, Kosmic Koala will incorporate Eucalyptus, an open-source tool allowing enterprises to create EC2-style computing clouds in their own datacenters. It will also offer better management of datacenter energy consumption, allowing server instances to sleep when there is no work to be done, and to quickly resume when workload increases, dynamically changing resource installations according to need, Shuttleworth wrote.
Canonical releases two updates to Ubuntu each year, in April and October, each with alliterative animal nicknames. Version 8.10, "Intrepid Ibex," released in October 2008, focused on simplifying the configuration of Internet connections and improving the user interface, especially for netbooks. The goal for "Jaunty Jackalope," scheduled for release in April as Ubuntu 9.04, is to shorten boot times, to 25 seconds on a netbook, and blur the line between desktop and web-hosted applications.
Koala will also feature desktop innovations: Shuttleworth wants to make it boot even faster than Jaunty on a netbook, and to make the boot and log-in screens more attractive. There will also be a new Netbook Edition of Ubuntu, designed to install on a greater variety of hardware and with the graphical user interface tuned for small screens, he said.
Before the coding begins in earnest, developers will be able to contribute to the software's design at the next Ubuntu Developer Summit, in Barcelona, May 25 to May 29.
Computerworld is an InfoWorld affiliate.
Read More ...
Why netbooks are killing Microsoft
When Microsoft laid off 5,000 people in January, analysts and pundits pointed to plenty of reasons for the first major layoffs in the company's history. The obvious culprits included the overall economic meltdown, Apple's continued success and Wall Street's desire to see a leaner Microsoft.
But the real cause of the layoffs can be summed up in a single word: netbooks. These lightweight, stripped-down laptops that sell for between $200 and $400 have taken a big chunk out of Microsoft's bottom line. Unless the company comes up with a plan to handle them, its revenue will stagnate.
[ InfoWorld's Tom Sullivan makes the case that the main culprit in the Microsoft layoffs is Vista. | The InfoWorld Test Center rates netbooks for business. See who came out on top. ]
In announcing the layoffs, Microsoft said that its revenue had increased an anemic 1.6 percent in the quarter that ended Dec. 31 compared to the same quarter a year earlier. But that number doesn't tell the whole story. Windows took the biggest hit, while systems for servers and related tools had hefty increases in sales. Windows sales were down an eye-popping 8 percent; server and related revenue grew 15 percent.
Microsoft clearly blames netbooks for the drop in Windows sales. Here's what it said in its statement: "Client revenue declined 8% as a result of PC market weakness and a continued shift to lower priced netbooks."
Netbooks have become the only bright spot for PC makers, with sales accelerating while the rest of the PC market stays in the doldrums. According to IDC, 10 million netbooks were sold in 2008 and that number should double to 20 million in 2009.
Why is all this bad news for Microsoft? First, an estimated 30 percent of all netbooks ship with Linux. That means Microsoft doesn't get a penny for Windows from 30 percent of all netbooks being sold. Given that netbooks represent the fastest-growing PC market segment, the company's problem may get worse with time.
In addition, netbook owners who buy Linux machines won't be buying Microsoft Office, handing Microsoft an additional revenue hit for every Linux netbook sold. So it's not surprising that in the most recent quarter, sales of Office were anemic. Overall, sales for Microsoft's business division, which is in charge of Office, were up slightly, at 1.9 percent. But sales of the consumer version of Office plummeted 23 percent -- and consumers are the people buying netbooks.
Microsoft faces other netbook-related woes as well. The company doesn't get paid as much for a version of Windows sold on a netbook as it does for a version of Windows sold on a laptop or desktop PC. There's very little margin on a machine selling for $200 to $400, and so Microsoft simply can't charge full freight for Windows on one. And given the price that Microsoft charges for consumer versions of Office -- usually about $200 for the lowest-priced version -- netbook owners who use Windows aren't likely to pay for Office either. It doesn't make much sense to pay as much for a piece of software as you did for your entire PC.
Microsoft clearly recognizes the problem and is taking action to try to solve it. First, it built Windows 7 to run on netbooks, something that Vista doesn't do. When Windows 7 ships, expect Microsoft to spend plenty of money promoting it for use on netbooks, in an attempt to drastically cut into Linux sales.
In addition, Microsoft is working on low-cost, ad-supported, Web-based versions of Office. That way, it can start to get Office revenue from netbook owners.
Will these steps be enough to make up for the overall shortfall in revenue caused by netbooks? Probably not. That's why the company is desperate to figure out a way to make its online businesses succeed. If it can't, the days of big revenue growth are behind Microsoft, thanks in part to netbooks.
Preston Gralla is a Computerworld.com contributing editor and the author of more than 35 books, including "How the Internet Works" (Que, 2006). Computerworld is an InfoWorld affiliate.
No comments:
Post a Comment