[Outages-discussion] [outages] Ping to Google 8.8.8.8

Jay R. Ashworth jra at baylink.com
Wed Feb 9 18:51:42 EST 2022 

----- Original Message -----
> From: "Charles Sprickman" <spork at bway.net>
> To: "jra" <jra at baylink.com>
> Cc: "Jay Hennigan" <jay at west.net>, outages-discussion at outages.org
> Sent: Wednesday, February 9, 2022 6:36:17 PM
> Subject: Re: [Outages-discussion] [outages] Ping to Google 8.8.8.8

>> On Feb 9, 2022, at 6:14 PM, Jay R. Ashworth <jra at baylink.com> wrote:
>> 
>> ----- Original Message -----
>>> From: "Jay Hennigan" <jay at west.net>
>> 
>>> Every Meraki radio in the world doing that to the same target once a
>>> second, on the other hand....
>> 
>> Oh, it's *Meraki*?
>> 
>> Why am I not surprised.
> 
> You’d think they’d at least ping OpenDNS/Umbrella instead of 8.8.8.8...
> 
> https://docs.umbrella.com/deployment-umbrella/docs/point-your-dns-to-cisco
> 
> They appear to be anycasted (6ms on east coast, 2ms on west coast for
> 208.67.222.222).
> 
> Seems like if anyone could dig up an easy to remember IP and own it, Cisco
> could.

Well, this conversation has gotten a little cloudy (pun entirely intentional)
or maybe it's me.  There are 2 or maybe 3 separate tasks being discussed here:

1) User tries to find out if a perceived outage is in their building/carrier/
    at the other end (or an exchange point, if they're smart enough).

2) Device wants to know if it's connected to the Greater Internet

3) Device wants to know *exactly when it loses contact* with the greater Internet.

The first two are pretty easy for the Internet (or people who said "y'know
what'd be really cool!?  Let's pick an IP for our DNS customer resolver servers
that's a really memorable numerical pun!" and then that bit them, like the owners
of 1.1.1.1, 4.2.2.x, 8.8.4.4 and 8.8.8.8) to absorb, even at scale, without
all that much trouble at the *traffic* layer (which, as I noted, is separate
from the layer 8 or 9 bitching).

The last, though, that's a separate issue entirely, and, even moreso than #2,
is a function that should be dealt with *by pinging addresses the manufacturer
itself owns and operates; if Meraki is hammering 8.8.8.8, as has been suggested
here, then that's a Mortal Sin, and should be being addressed as a P1 task by 
whomever is closest to the relevant product manager.

The 2006 D-Link NTP vandalism incident is the canonical example here:

https://web.archive.org/web/20060408150155/http://people.freebsd.org/~phk/dlink/

(Note that the original version of that page merely notes that an "amicable
olution was reached; I *hate* settlements with gag orders, and so does Wikipedia,
where that link came from.

Cheers,
-- jra
-- 
Jay R. Ashworth                  Baylink                       jra at baylink.com
Designer                     The Things I Think                       RFC 2100
Ashworth & Associates       http://www.bcp38.info          2000 Land Rover DII
St Petersburg FL USA      BCP38: Ask For It By Name!           +1 727 647 1274

More information about the Outages-discussion mailing list