Results 1 to 25 of 137
Thread: HE FMT2 Core Router
-
06-21-2011, 01:44 AM #1
WHT Addict
- Join Date
- Aug 2008
- Posts
- 133
HE FMT2 Core Router
So far today I've seen at least 3 outages at Hurricane Electric's FMT2 facility. The latest occurred just a few minutes ago. Their looking glass shows BGP session durations in the sub three minute range. We've suffered outages there 5 times this week. Things really seem to have gone downhill at FMT2 this year.
Each time this happens I open a ticket to their support to get confirmation so I can document this ongoing problem. Occasionally I get someone clueful who gives me some tidbit or another about what is going on. The best I can piece together is that their router core1.fmt2.he.net has been the subject of repeated DDoS attacks and these attacks create a resetting BGP failure and spike the CPU on the router. One support engineer confided that they are waiting for a security update from Brocade to better manage this problem.
I know a number of you host servers at HE FMT2 in some capacity. Have you detected similar issues on your network?
I'm really sick of all these alerts and issues and I'm sure they are growing sick of me documenting my case.
- Sponsored Links
-
06-21-2011, 02:20 AM #2
Gonna continue happening as a lot of Chinese DDOS users are hosting at HE Fremont now.
EasyDCIM.com - DataCenter Infrastructure Management - HELLO DEDICATED SERVER & COLO PROVIDERS! - Reach Me: chris@easydcim.com
Bandwidth Billing | Inventory & Asset Management | Server Control
Order Forms | Reboots | IPMI Control | IP Management | Reverse&Forward DNS | Rack Management
-
06-21-2011, 02:27 AM #3
WHT Addict
- Join Date
- Aug 2008
- Posts
- 133
So you're saying that HE's network is the *source* of the DDoS attacks?
That sucks.
The hosting provider or providers are violating the ToS.
http://www.he.net/aup.html
Or are these client machines otherwise compromised?
-
06-21-2011, 02:33 AM #4
The machines hosted on HEs network are the targets. The attacks are coming from Chinese ISP's (and else where as well) to servers hosted on HE's network by resellers of dedicated servers.
EasyDCIM.com - DataCenter Infrastructure Management - HELLO DEDICATED SERVER & COLO PROVIDERS! - Reach Me: chris@easydcim.com
Bandwidth Billing | Inventory & Asset Management | Server Control
Order Forms | Reboots | IPMI Control | IP Management | Reverse&Forward DNS | Rack Management
- Sponsored Links
-
06-21-2011, 02:56 AM #5
WHT Addict
- Join Date
- Aug 2008
- Posts
- 133
I'm more sympathetic to the notion that HE is hosting some targets of DDoS attacks. To date HE have indicated that their router itself was the target of the attacks. I suspected it was someone hosting there. Any specific sites you know of that are being subjected to DDoS?
Thanks
-
06-21-2011, 03:09 AM #6
No, they are Chinese websites and/or services.
Gameservers, game cheats, etc etc. They all ddos each other over and over.EasyDCIM.com - DataCenter Infrastructure Management - HELLO DEDICATED SERVER & COLO PROVIDERS! - Reach Me: chris@easydcim.com
Bandwidth Billing | Inventory & Asset Management | Server Control
Order Forms | Reboots | IPMI Control | IP Management | Reverse&Forward DNS | Rack Management
-
06-21-2011, 09:50 AM #7
We've black holed many /8s that are in use by china ISP.
A$$holes.'Ripcord'ing is the only way!
-
06-21-2011, 01:14 PM #8
Web Hosting Guru
- Join Date
- Jan 2008
- Location
- Chicago, IL
- Posts
- 337
+1, we have a number of Chinese subnets blackholed at our edge routers too..We've black holed many /8s that are in use by china ISP.
A$$holes.
-
06-21-2011, 04:14 PM #9
Yes HE.net FMT2 router is under attack a lot lately by substantial DDOS attacks. The latest attack (several hours ago) was ~10 gigabit/s and 12 Mpps
But fact is, a decent Juniper or Cisco router would have swallowed that without too much of an issue. True, without filtering devices in place, the segment behind it would be affected, but it would not affect the whole datacenter. Brocade/Foundry routers have specific weaknesses to DDOS attacks that are currently being exploited. Brocade finally seem to have promised some security update (this i understand from HE.net), but that is in my opinion several years too late - when we last tested Brocade/Foundry (for routing purposes) we already noticed their extreme vulnerability to specific DDOS attacks.
Offtopic
The good news is, that the XMR / RX8 / RX16 series convert to decent coffee tables, just as the classic Cisco 12000 series
Last edited by swiftnoc; 06-21-2011 at 04:25 PM.
█ Swiftway.net Your Business deserves our Quality - Experts on Hand since 2005. Europe & US locations, we operate our own network AS35017
█ Unbeatable dedicated bandwidth deals for Dedicated servers ! Support response time <15 minutes 24/7
-
06-21-2011, 04:28 PM #10
So you're saying HE is losing entire nodes to 10 Gbps DDoS attacks?
-
06-21-2011, 04:33 PM #11
Not exactly - but they do get a hell of a lot of Packet-loss across the whole DC. There are some specific DDOS attacks that the RX8/RX16 and its brothers and sisters cannot handle. Personally i would not use them as routers, if i would need to use them, then they would be deployed as (core) switches.
█ Swiftway.net Your Business deserves our Quality - Experts on Hand since 2005. Europe & US locations, we operate our own network AS35017
█ Unbeatable dedicated bandwidth deals for Dedicated servers ! Support response time <15 minutes 24/7
-
06-21-2011, 04:34 PM #12
I hear absolutely nothing but horrible reviews about Brocade around these parts...
-
06-21-2011, 04:38 PM #13
Yes - as core routers they are very vulnerable. Its pretty easy to remotely reset a BGP session of a Brocade. Many providers handle this by setting up BGP sessions over private IPs with their uplink providers - but its a vulnerability that should not be present in the first place.
These devices have a whole range of vulnerabilities to DDOS attacks.█ Swiftway.net Your Business deserves our Quality - Experts on Hand since 2005. Europe & US locations, we operate our own network AS35017
█ Unbeatable dedicated bandwidth deals for Dedicated servers ! Support response time <15 minutes 24/7
-
06-21-2011, 05:18 PM #14
Newbie
- Join Date
- Jun 2006
- Location
- Boca Raton, FL
- Posts
- 21
-
06-21-2011, 10:21 PM #15
Junior Guru
- Join Date
- Apr 2003
- Location
- Pittsburgh, Pa
- Posts
- 199
Hmm... This is a interesting thread, especially after we just bought MLXe's (XMR). Guess they are now going to be expensive core switches instead of border routers.
Can anyone PM me specific's on this? All the research I did before buying never discovered this. Why is juniper not effected by the same thing?
-
06-22-2011, 11:01 AM #16
WHT Addict
- Join Date
- Mar 2005
- Posts
- 148
Looks like HE is down again
-
06-22-2011, 04:04 PM #17
Newbie
- Join Date
- Mar 2011
- Posts
- 10
Down again. Was down for several minutes, now it's sporadic at best (losing about 15% of pings to anywhere beyond their core router in Fremont).
-
06-22-2011, 04:14 PM #18
Randy
- Join Date
- Aug 2006
- Location
- Ashburn VA, San Diego CA
- Posts
- 4,524
I have seen this happen a couple times on their Ashburn and UK core as well -- mass BGP flappage blamed on DDOS. Maybe twice in the past year, so this issue isn't new.
Fast Serv Networks, LLC | AS29889 | Fully Managed Cloud, Streaming, Dedicated Servers, Colo by-the-U
Ashburn VA + San Diego CA Datacenters
-
06-23-2011, 04:31 AM #19
WHT Addict
- Join Date
- Oct 2010
- Posts
- 167
-
06-23-2011, 04:37 AM #20█ Swiftway.net Your Business deserves our Quality - Experts on Hand since 2005. Europe & US locations, we operate our own network AS35017
█ Unbeatable dedicated bandwidth deals for Dedicated servers ! Support response time <15 minutes 24/7
-
06-23-2011, 04:49 AM #21
Web Hosting Master
- Join Date
- Sep 2005
- Location
- London
- Posts
- 2,404
-
06-23-2011, 04:49 AM #22
WHT Addict
- Join Date
- Oct 2010
- Posts
- 167
-
06-23-2011, 11:11 AM #23
WHT Addict
- Join Date
- Aug 2008
- Posts
- 174
-
06-23-2011, 11:17 AM #24█ Swiftway.net Your Business deserves our Quality - Experts on Hand since 2005. Europe & US locations, we operate our own network AS35017
█ Unbeatable dedicated bandwidth deals for Dedicated servers ! Support response time <15 minutes 24/7
-
06-23-2011, 01:26 PM #25
Newbie
- Join Date
- Jun 2011
- Posts
- 20
Our connection keeps dropping at the FM2 location this morning 9AM PST. I called their NOC and they said they are under DDOS attacks.
Similar Threads
-
Core router suggestions
By WW_P in forum Colocation and Data CentersReplies: 46Last Post: 10-29-2011, 01:30 PM -
Difference between so-called Edge and Core router?
By laimi190 in forum Web Hosting LoungeReplies: 1Last Post: 02-24-2011, 09:52 AM -
Fire sale at HE on used Cisco core router equipment
By theansweris6 in forum Colocation and Data CentersReplies: 8Last Post: 12-17-2007, 06:53 AM -
OneZero Hosting HE.net FMT2 1U +5Mbps $75 and more...
By alias_willsmith in forum Colo Hosting OffersReplies: 7Last Post: 05-06-2007, 06:33 AM -
Savvis.net - Core Router Down
By ChrisTech in forum Providers and Network Outages and UpdatesReplies: 3Last Post: 04-16-2004, 11:01 PM


Reply With Quote







