Why did facebook died

It has died due to a wrong BGP routing update.

Facebook is dead

BGP is the protocol that virtually runs the global Internet.

What has happened is something known as RTBH – remotely triggered blackholing  – RFC5635.

Effectively RTBH is the best and most powerful way to defend your infrastructure from DDOS attacks by blackholing attacks on the edge of your network.

In essence, RTBH could be source or destination-based – e.g to blackhole traffic based on a destination or source address.

A good document to read about RTBH is that one https://www.cisco.com/c/dam/en_us/about/security/intelligence/blackhole.pdf

Also the RFC itself https://datatracker.ietf.org/doc/html/rfc5635

Essentially what facebook most likely did is to blackhole their own DNSes which ultimately shut them down for some hours.

Without DNSes their own mappings between names and addresses disappeared.

DNS has the bad habit to cache as much as possible and as close to the end client as possible which made the problem even worse…

So guys and gurus remember to study about BGP and DNS :)

This entry was posted in Uncategorized and tagged , , . Bookmark the permalink.

Leave a Reply

Your email address will not be published. Required fields are marked *

− 1 = zero