[Outages-discussion] [outages] Ping to Google 8.8.8.8

Jay R. Ashworth jra at baylink.com
Sat Feb 19 18:13:28 EST 2022


----- Original Message -----
> From: "Damian Menscher" <damian at google.com>

> On Sat, Feb 19, 2022 at 2:46 PM Jay R. Ashworth <jra at baylink.com> wrote:
> 
>> > From: "Damian Menscher" <damian at google.com>
>>
>> > To give a sense of scale, 8.8.8.8 receives a steady-state 12Mpps (roughly
>> > one 10Gbps link) of ICMP ECHO_REQUEST traffic.  This is mostly from
>> > millions of devices monitoring with one ping each second, but there are a
>> > few top-talkers just leaving a ping -f running all day.
>>
>> I have that as 12,000,000 * 64 bytes = 768MB, an order and a half of
>> magnitude less than you.  1GB/s.  No?
> 
> Bytes --> Bits. ;)  And then there's the small matter of framing....

It's late, the caffeine's worn off; that's my story and...

>> Sure, it's a big hose, but this *is* Google we're talking about here; if their
>> aggregate connectivity in the US isn't *well* over 1TB/s, I'll eat it.
> 
> Sure, we ate a 2.54 Tbps DDoS without incident back in 2017.  But that
> wasn't a situation where people demanded we respond to every single attack
> packet (for a service we don't offer!) or they'd post to the outages@
> list....

Well, *speaking as the admin* of the outages lists (one of us, at least),
when I spot things that fit that description, I tend to slap them down, more
or less politely depending on whether the speaker sounds goofy, and my caffeine
level, and other such criteria.

As you can infer from my initial message in this thread, though, *those people*
aren't the ones causing the trouble here, as is usually the case.

>> Where do we go from here?  Personally, I'd love to just turn it off for 24h
>> > each April 1 to help identify all the broken devices that inappropriately
>> > depend on it.  If this were an annual occurrence perhaps vendors would stop
>> > producing abusive gear?  (Or perhaps they'd just ping additional unwilling
>> > victims for redundancy....)
>>
>> Not a bad idea.
>>
>> Or we could roll ICMP to high-profile DNS resolvers into BCP38 edge blocking,
>> though the website below has been up for like 10 years now, with little
>> wide-scale uptake I can find... :-}
> 
> There's a dedicated cleanup effort over the past several months that is
> bearing fruit.

If it's pertinent, someone might want to write that up for that wiki...

Cheers,
-- jra
-- 
Jay R. Ashworth                  Baylink                       jra at baylink.com
Designer                     The Things I Think                       RFC 2100
Ashworth & Associates       http://www.bcp38.info          2000 Land Rover DII
St Petersburg FL USA      BCP38: Ask For It By Name!           +1 727 647 1274


More information about the Outages-discussion mailing list