Earlier today, the caching and security service provider CloudFlare went down, taking with it more than 700 thousand websites for over an hour (including our very own SCRIPTed journal). While downtime is to be expected even in the ever-connected world, what piqued my interest about this event is the nature of the disconnection, and what it has to say about the new Internet.
CloudFlare is what is known as a content delivery network (CDN), an intermediary that allows content to be delivered faster by providing a distributed architecture of servers where content is cached and given to the end-user on demand. A large part of the world’s most visited websites rely on CDN services in order to minimise loading times. The idea is that these are companies that have data servers which store all sort of content in locations that are closer to the consumer than their stated origins. CDNs also serve to protect services against denial of service attacks, as they distribute content provision between servers.
The Internet thrives on decentralisation and distribution, so in principle The Cloud, as implemented through CDNs, should be an ideal tool that diminishes centralisation and enhances distribution. Under normal circumstances, web content is stored in one server, and then deployed to the rest of the Internet from one central IP address. CDNs share content amongst distributed servers, so in theory the Web is more resilient.
There is, however, a small problem with the Cloud ideal, one that was made very clear today. In order to work, cloud services require content owners to change domain name server (DNS) providers and use those of the CDN service operator. Allow me to use SCRIPTed and this blog to illustrate the problem. SCRIPTed and Technollama are both hosted by GoDaddy, but SCRIPTed uses a CDN, while this blog does not. This means that when someone is looking for technollama.co.uk, there is a name server that tells the Internet where the content is located, which is Godaddy’s own (X.DOMAINCONTROL.COM). As SCRIPTed uses CloudFlare, the name server is X.CLOUDFLARE.COM. In other words, for all of the distributed nature of the Cloud, its Achilles Heel is the name server, if it goes down, then the entire architecture behind it, thousands upon thousands of servers and websites, will fall as well. This is precisely what happened today.
This sort of vulnerability and incredible centralisation might be an inevitable by-product of our need for faster loading times. When the event took place, I posted the following message on Twitter:
“CloudFlare’s name servers are down. When will we admit that the cloud makes the Web more centralised and less resilient?”
Gareth Dickson astutely provided the best response so far:
“
@technollama Prob around the same time we withdraw from global banking in favour of putting cash under our mattresses”
This is totally accurate, but depressing nonetheless. The cloud genie is out of the bottle, and it is highly unlikely that it will be put back in. CDNs work as intended, they provide security and speed, but these come at a cost. The cost is yet again a more centralised network, one prone to cascading failures when a vital element in the distribution chain is attacked. To use Gareth’s banking analogy, imagine that everyone in the world is using a few banks (this is depressingly close to reality as well). Your bank has thousands of branches, but all withdrawals must go through one single ATM. You don’t like this, but you cannot change banks because the others have the same setup.
Death by name server monoculture.
There is another legal angle to this, one that we should also be wary of. One of the websites affected by today’s failure was Wikileaks. It is curious that Wikileaks has become a symbol of resilience, yet it can be affected by something as mundane as name server troubles. The worry is that by using fewer providers based in the USA, be they cloud, hosting, or domain name registrars, we are all becoming more prone to jurisdictional attacks at the very heart of the infrastructure. Wikileaks could simply change their CDN provider if theirs is sued, but at some point, we are building a centralised infrastructure where we cannot live without these few providers.
I truly hope that I am wrong, but the more I look, the more worried I become.
3 Comments
mlinksva · March 3, 2013 at 6:14 am
GoDaddy?! A lolcat dies for each knowledgeable customer stays with them. 🙂
Important post. I hope you'll write about technical and regulatory mitigations to centralized naming.
Andres · March 3, 2013 at 8:11 am
I know, I know…
Ian Brown · March 3, 2013 at 1:55 pm
Agree with your overall point. In this specific case: you can do more decentralised DNS using anycast and multiple failover nameservers (as happens at the root) – something we should encourage!