Khamphani ea Cloudflare tlaleha ka ketsahalo ea maobane, e entseng hore ho tloha 13: 34 ho 16: 26 (MSK) ho ne ho e-na le mathata a ho fumana lisebelisoa tse ngata marang-rang a lefats'e, ho kenyelletsa le lisebelisoa tsa motheo tsa Cloudflare, Facebook, Akamai, Apple, Linode le Amazon AWS. Mathata lits'ebetsong tsa Cloudflare, tse fanang ka CDN bakeng sa libaka tse limilione tse 16, ho tloha 14:02 ho 16:02 (MSK). Cloudflare e hakanya hore hoo e ka bang 15% ea sephethephethe sa lefats'e se ile sa lahleha nakong ea ho tima.
Bothata e ne e le Tsela ea BGP e lutla, eo ka eona li-prefixes tse ka bang likete tse 20 tsa marang-rang a 2400 li ileng tsa fetisoa ka phoso. Mohloli oa ho lutla e ne e le mofani oa DQE Communications, ea sebelisitseng software ho ntlafatsa tsela. BGP Optimizer e arola li-prefixes tsa IP ho tse nyane, mohlala ho arola 104.20.0.0/20 ho 104.20.0.0/21 le 104.20.8.0/21, 'me ka lebaka leo, DQE Communications e ile ea boloka ka lehlakoreng la eona palo e kholo ea litsela tse itseng tse fetang ho feta. litsela tse akaretsang (ke hore, ho e-na le litsela tse akaretsang tse eang Cloudflare, ho ile ha sebelisoa litsela tse ling tse nyenyane tse eang ho li-subnets tse khethehileng tsa Cloudflare).
Litsela tsena tsa lintlha li phatlalalitsoe ho e mong oa bareki (Allegheny Technologies, AS396531), eo hape a neng a e-na le khokahanyo ka mofani e mong. Allegheny Technologies e hasa litsela tse hlahang ho mofani e mong oa lipalangoang (Verizon, AS701). Ka lebaka la khaello ea tlhoekiso e nepahetseng ea liphatlalatso tsa BGP le lithibelo palo ea li-prefixes, Verizon e ile ea nka phatlalatso ena 'me ea phatlalatsa lihlomathiso tse likete tse 20 ho Marang-rang. Li-prefixes tse fosahetseng, ka lebaka la granularity ea tsona, li nkuoe e le tsona tse tlang pele kaha tsela e itseng e na le bohlokoa bo holimo ho feta kakaretso.
Ka lebaka leo, sephethephethe sa marang-rang a mangata a maholo se ile sa qala ho tsamaisoa ka Verizon ho mofani oa thepa e nyenyane ea DQE Communications, e neng e sa khone ho sebetsana le sephethephethe se neng se lebisitse ho putlama (phello e bapisoa le ho nkela karolo ea tsela e phetheselang sebaka ka sebaka sa marang-rang. naha tsela).
Ho thibela liketsahalo tse ts'oanang ho etsahala kamoso
:
- Sebelisa liphatlalatso tse thehiloeng ho RPKI (BGP Origin Validation, e lumella ho amohela liphatlalatso feela ho beng ba marang-rang);
- Fokotsa palo e kholo ea li-prefixes tse amoheloang bakeng sa linako tsohle tsa EBGP (setting ea li-prefix e ka thusa ho lahla hang-hang phetisetso ea li-prefixes tse likete tse 20 nakong ea seboka se le seng);
- Etsa kopo ea ho sefa ho ipapisitse le registry ea IRR (Internet Routing Registry, e etsa qeto ea li-ASes hore na tsela ea li-prefixes tse boletsoeng e lumelloang);
- Sebelisa litlhophiso tsa ho thibela kamehla tse khothaletsoang ho RFC 8212 ho li-routers ('default deny');
- Emisa tšebeliso e bohlasoa ea li-optimizer tsa BGP.
Source: opennet.ru