Kamfanin Cloudflare bayar da rahoto kan lamarin na jiya, wanda ya haifar da hakan daga 13:34 zuwa 16:26 (MSK) an sami matsaloli tare da samun dama ga albarkatu da yawa akan hanyar sadarwar duniya, gami da abubuwan more rayuwa na Cloudflare, Facebook, Akamai, Apple, Lindode da Amazon AWS. Matsaloli a cikin kayan aikin Cloudflare, wanda ke ba da CDN don shafuka miliyan 16, daga 14:02 zuwa 16:02 (MSK). Cloudflare ya yi kiyasin cewa kusan kashi 15% na zirga-zirgar ababen hawa na duniya sun yi asara yayin da aka kashe.
Matsalar ta kasance Yayyo hanyar BGP, a lokacin da kusan prefixes dubu 20 don cibiyoyin sadarwa 2400 ba daidai ba aka karkatar da su. Tushen ledar shine mai bada sabis na DQE Communications, wanda yayi amfani da software don inganta kwatance. BGP Optimizer yana raba prefixes na IP zuwa ƙananan ƙananan, misali raba 104.20.0.0/20 zuwa 104.20.0.0/21 da 104.20.8.0/21, kuma a sakamakon haka, DQE Communications ya ci gaba da kasancewa a gefensa ɗimbin takamaiman hanyoyin da suka wuce fiye da haka. hanyoyin gama-gari (watau maimakon gabaɗaya hanyoyin zuwa Cloudflare, an yi amfani da ƙarin manyan hanyoyin zuwa takamaiman hanyoyin sadarwa na Cloudflare).
An sanar da waɗannan hanyoyi masu mahimmanci ga ɗaya daga cikin abokan ciniki (Allegheny Technologies, AS396531), wanda kuma yana da haɗi ta hanyar wani mai badawa. Allegheny Technologies suna watsa hanyoyin da aka haifar zuwa wani mai bada jigilar kaya (Verizon, AS701). Saboda rashin ingantaccen tace sanarwar BGP da ƙuntatawa kan adadin prefixes, Verizon ta ɗauki wannan sanarwar kuma ta watsa sakamakon prefixes dubu 20 zuwa sauran Intanet. Maganganun da ba daidai ba, saboda girman girman su, an ɗauke su a matsayin fifiko mafi girma tun da takamaiman hanya tana da fifiko mafi girma fiye da na gaba ɗaya.
Sakamakon haka, zirga-zirgar manyan cibiyoyin sadarwa da yawa sun fara tafiya ta hanyar Verizon zuwa ƙaramin mai ba da sabis na DQE Communications, wanda ya kasa sarrafa zirga-zirgar zirga-zirgar zirga-zirgar, wanda ya haifar da rugujewa (sakamakon ya yi kama da maye gurbin wani ɓangare na babbar hanyar mota tare da babbar hanya. hanyar kasar).
Don hana faruwar irin wannan lamari a nan gaba
:
- Amfani sanarwa dangane da RPKI (BGP Origin Validation, yana ba da damar karɓar sanarwa kawai daga masu cibiyar sadarwa);
- Iyakance matsakaicin adadin prefixes da aka karɓa don duk zaman EBGP (matsakaicin saitin prefix zai taimaka don watsar da watsa prefixes dubu 20 nan da nan a cikin zama ɗaya);
- Aiwatar da tacewa dangane da rajistar IRR (Rijista na Intanet, yana ƙayyade ASes ta hanyar da aka ba da izinin yin amfani da ƙayyadaddun prefixes);
- Yi amfani da tsoffin saitunan toshewa da aka ba da shawarar a cikin RFC 8212 akan masu amfani da hanyoyin sadarwa ('refault deny');
- Dakatar da yin amfani da abubuwan ingantawa na BGP.
source: budenet.ru