[Outages-discussion] [outages] Ping to Google

Damian Menscher damian at google.com
Sat Feb 19 17:28:46 EST 2022

On Wed, Feb 9, 2022 at 4:00 PM Jay R. Ashworth <jra at baylink.com> wrote:

> Well, this conversation has gotten a little cloudy (pun entirely
> intentional)
> or maybe it's me.  There are 2 or maybe 3 separate tasks being discussed
> here:
> 1) User tries to find out if a perceived outage is in their
> building/carrier/
>     at the other end (or an exchange point, if they're smart enough).
> 2) Device wants to know if it's connected to the Greater Internet
> 3) Device wants to know *exactly when it loses contact* with the greater
> Internet.
> The first two are pretty easy for the Internet (or people who said "y'know
> what'd be really cool!?  Let's pick an IP for our DNS customer resolver
> servers
> that's a really memorable numerical pun!" and then that bit them, like the
> owners
> of, 4.2.2.x, and to absorb, even at scale, without
> all that much trouble at the *traffic* layer (which, as I noted, is
> separate
> from the layer 8 or 9 bitching).
> The last, though, that's a separate issue entirely, and, even moreso than
> #2,
> is a function that should be dealt with *by pinging addresses the
> manufacturer
> itself owns and operates; if Meraki is hammering, as has been
> suggested
> here, then that's a Mortal Sin, and should be being addressed as a P1 task
> by
> whomever is closest to the relevant product manager.
> The 2006 D-Link NTP vandalism incident is the canonical example here:
> https://web.archive.org/web/20060408150155/http://people.freebsd.org/~phk/dlink/
> (Note that the original version of that page merely notes that an "amicable
> olution was reached; I *hate* settlements with gag orders, and so does
> Wikipedia,
> where that link came from.

To give a sense of scale, receives a steady-state 12Mpps (roughly
one 10Gbps link) of ICMP ECHO_REQUEST traffic.  This is mostly from
millions of devices monitoring with one ping each second, but there are a
few top-talkers just leaving a ping -f running all day.

Where do we go from here?  Personally, I'd love to just turn it off for 24h
each April 1 to help identify all the broken devices that inappropriately
depend on it.  If this were an annual occurrence perhaps vendors would stop
producing abusive gear?  (Or perhaps they'd just ping additional unwilling
victims for redundancy....)

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://puck.nether.net/pipermail/outages-discussion/attachments/20220219/152f41b6/attachment-0001.htm>

More information about the Outages-discussion mailing list