UltraDNS Server Problem Pulls Down Netflix for 90 Minutes [telecom]

By Nicole Perlrothoct

UltraDNS Server Problem Pulls Down Websites, Including Netflix, for 90 Minutes

SAN FRANCISCO - UltraDNS, a web content delivery service, went down Thursday afternoon, taking with it a number of popular websites, including Netflix and Expedia.

The cause of the 90-minute failure was an internal issue in a server on the East Coast and was not the result of an attack by hackers, said Lara Wyss, an UltraDNS spokeswoman.

Initially, members of the UltraDNS support team indicated the issue stemmed from a DDoS or Denial of Service attack in which hackers flood a service with traffic until it collapses under the load. But after further investigation, the company's chief information officer said that the issue was not caused by a DDoS assault but by a technical malfunction, Ms. Wyss said in an interview.

formatting link

***** Moderator's Note *****

I've cut way back on "security" postings, but this one has a roundabout applicability to telecom: UltraDNS, the article notes, was acquired by Neustar, which at one time had the contract to provide the "Local Number Portability" database.

I'm also curious if any of the readers can explain how ultraDNS, Akamai, and CloudFlare make the Internet viable as a mass-content-delivery mechanism. We used to say that TCP/IP was B.A.D. for broadcasting use - "Broken As Designed" - but every Netflix subscriber, myself included, is making use of whatever the workaround is.

Bill Horne Moderator

...

They still do. The FCC put it up for bid and Neustar lost badly, to iConective (f/k/a Telcordia, f/k/a Bellcore, now a subsidiary of Ericsson), but Neustar's lawyers have diligently held up the completion of that switch while they milk the system for all it's worth.

Start with a B.A.D. design (and TCP/IP is awful in oh so many ways) and create workaround on top of workarounds. What happens in the CDN is that when you do a DNS lookup for one of these services, it looks at your IP address, guesses where you are from a database of IP-block locations, looks at the path to you, and returns one of multiple IP addresses at their nearest content farm. Then your request is redirected to one of the servers there, based on load balancing. These access a local cache of the content. So you're not reaching Netflix or frankly any major site at its own principal location; you're accessing a more local copy of it.

None of this is in the Internet's own official architecture, so it's basically a string of hacks that sort of make do. And since the Internet is ruled by juche thought, everyone from Cisco to the FCC to the "neutrality" activists assume that it's the best of all possible worlds, and any attempt to demonstrate otherwise is rejected out of hand.