Slashdot Mirror
A Look Inside the BBC's Network
the-dark-kangaroo writes "The BBC have provided the entire internet with a look inside their amazing network. It shows everyone the almighty web power they are with over 40 webservers and 12 firewalls and their 8Gbps intersite connections. All this seems to running some form of *NIX with perl underlying their powerful website delivery. Take a look at those load graphs!"
Well, according to the ever reliable Netcraft:
Solaris 8 Apache/1.3.26 (Unix)
SunOS 4 Apache/1.2.1
SunOS 4 unknown
SunOS 4 Apache/1.2.1
SunOS 4 unknown
SunOS 4 Apache/1.2.1
SunOS 4 Apache/1.2.1
SunOS 4 unknown
SunOS 4 Apache/1.2.1
SunOS 4 unknown
Now if I get the urge to hack into the BBC network, I won't have to do as much poking and prodding to get my own network map. They've done the time-consuming work for me!
I'm a big tall mofo.
... how well can all this great technology stand up to a good old-fashioned slashdotting?
It shows everyone the almighty web power they are with over 40 webservers and 12 firewalls
Well, it's rather a lot, but "almighty?" What ever happened to British undertatement?
One man's -1 Flamebait is another man's +5 Funny.
Geez, having an awful time getting access to the graphs and all that fun data. So much for that 8gbps then huh?
As a network engineer for a large web hosting company, having worked for very large ISP's, etc all I can say is that I'm impressed. The 4 OC-12's alone coming out of NY sold me. =)
Nah, they're already slashdotted. Watch those load graphs.. as they rise like they've never risen before!
Man holding teacup: "Nigel, what's that sudden whirring noise?"
You can't talk about Wikipedia's flaws on Wikipedia
This is not considered incorrect. "BBC" can be considered a collective noun, and as a Brit, I can say with some certainty that we would use the third person plural pronoun - i.e. "they" to refer to that company without naming it.
:P
In fact, this is commonplace for any company/body corporate/corporation...any group, surely? Consider: Microsoft are evil. They are bastards.
iqu
Step 1: Build webfarm
Step 2: Tout its mightyness on Slashdot
Step 3: Review logs after free stress test
Step 4: Fix issues
Step 5: See Step 1
IT is Dead. The industry is Shot Join Others Who Feel Your Pain http://www.internalstrife.com/
It's been Slashdotted before the first 10 replies!
its slashdotting like a man.
I got the page load in ~8 seconds when comment counter said 30...thats about when most sites have smoke coming out of the servers.
SLASHDOT: news for people who can't concentrate on work or have no life at all and got tired of yelling back at the TV.
...of this technological terror you've constructed. The ability to serve the internet is insignificant compared to the power of a slashdotting.
The overview diagram points to a directory, so it can be virtually hosted anywhere, further distributing the load.
Maybe they'd be kind enough to measure the /. effect and post a separate graph showing traffic with referrals from slashdot? Now that would be neato...
Cheers, guys! Steady on!
You have to feel sorry for Declan. The duty team roster has him doing a 24 hour shift today.
--
Linux VPS Hosting with 24x7 support, so we know how he feels.
Nope, the BBC is funded entirely through the license fee, which you have to pay if you own a TV. The government allows it to demand this, and it is effectively a tax, but that's not to be confused with 'tax money'
Nor is it controlled by a government board. The day to day running is controlled by the Director general. The overall direction is controlled by the government (who do have to be approved by the government, but that doesn't mean that they are part of the government), only above that is the culture secretary, who doesn't really get much say either way. The only other contact that the government has with it is the Royal charter whic has to be renewed every 10 years by act of parliament. It's not a good idea for the BBC to annoy the government, but the government doesn't actually control them at any direct level.
FGD 135
The network infrastructure throughout the BBC, certainly in News, is so microsoft centric it's unheard of. The network has recently been sold, along with the staff, to Siemens. It's based around Active Directory, all file servers are Windows, all DNS and DHCP is maintined by windows, with only a smattering of *nix boxes (DHCP at one london office, unix for parts of the BBC-Wide Imaging system "elvis" and "Jupiter"). The desktop is 2K/XP, and so locked down we cant even run the BBC News Ticker on it! (For what it's worth, everyone in my office ignores such policies as we need things like Putty and VNC to work)
Over 40 high performance webservers : $
12 firewalls : $$
8Gbps network to connect them : $$$
Not able to handle the Slashdot effect : Priceless.
Nevertheless, the BBC is independant of the government and posts whatever news it wants to. It frequently posts bad things about the government without fear of being shut down.
The BBC has a charter to say what it can and can't do, the government doesn't get a say in how it is run outside of that charter. The charter is reviewed every few years, see http://www.bbccharterreview.org.uk/
Steve.
A latent existence
"John, could you put down your tea and come here for a moment."
"Yes?"
"It seems our load monitoring application is overloaded. I can't monitor the system."
"Hmm, try tapping on the dials."
"Uhm, there aren't dials John. This is a computer program."
"Don't you mean, 'programme'?"
"Yes, sorry. So, what do I do now?"
"Let me check the manual... let's see.. squirrels chewing through fibre-optic.. alien invasian.. tea shortage.. politcal unrest.. ahh, here we go, inaccessible monitoring.. it says simply, 'Panic'."
"Panic? What does that mean?"
"I think it means we should run about the room screaming or some such."
"Like this? WOOWOWOWOWO"
"No, that's more celebration. Try more anguish, like this: Aahhhhhhhhhrg!!!"
"Ahhwoooooooo!"
"No, try and keep from letting your mouth go round like that. Here, watch me: Aaaaaaaaaaaaaaaaaahrg!"
"Aaaaaaaaaaaahrg??"
"That's good. Aaaaaaaahrg!!! And flail your arms about like this: Aaaaaaaaaaaaaaahrg!!!"
"I think I've got it! Aaaaaaaaaaaaaaaaaaaaaahrg!"
1. Karma Whore
2. Goto step 1.
Technically, this network is now owned and managed by Siemens Business Services. BBC Technology, which grew out of a few different parts of the BBC Engineers and IT depts, was sold to Siemens in October last year, to form part of Siemens Business Services, specifically the 'Media' part. SBS run the network both internally and out, as a managed service. This creates some interesting issues with network boundaries, and "who owns what", but it keeps us on our toes!
Of couse, most of the same staff are there, so little has changed on that front. The lads and ladies in Maidenhead do a very good job of running a VERY complicated network. The BBC is the top content (not search) site in the UK, if not the world (don't quote me on that). The internal network is also pretty damn reliable, with a dual fibre ring running round most of the London buildings.
> Just remember, security by obscurity is bad! ;)
All security is by obscurity, that is a fundamental truth of any system whose state can be altered. You have to know how to get its state to change and if you know how then you can change its state.
The issue is how much knowledge do you need to be able to change the state of a part of the system, and how much effort do you have to put in to get that information. Also how likely are you to be caught attempting to learn how, and how much of the system can you break into with that information before you have to learn more information (essentially the value of that information).
Strong cryptographic authentication uses a mathematical formula to produce a *different* method of access for each key, and the key is a description of the method. Thus, cracking one key gives you access only to the systems that use the method that that key describes. For a weak cypher, it is relatively easy to determine the correct method to access a system.
Similarly for *all* communication with a computer. If you know what software is used, and you know how to get it to respond, then you have access. So, since you are *always* relying on attackers not knowing the method to access your systems, you must ensure there is a different method for each system to limit damage when the method is no longer obscure.
"Security Through Obscurity" refers to the technique where many system use the same method and depend on none of the other systems being cracked. This is risky: ie, chances of cracking are small, but cost of cracking is extremely expensive as all systems become vulnerable. Though chances are not so small as one may think as the value of the knowledge needed to access the systems is extremely high, and thus more effort tends to be dedicated to its discovery.
This is why open source software will tend to become more secure over time (provided that there is a sufficient interest in its security - ie popularity). While it is less costly to discover the information necessary to crack a system, it is also less costly for the organisations that use it to discover that information, thus the systems tend to be fixed. That also devalues the knowledge from the perspective of the cracker. How many organisations will send their disks to MS for analysis vs how many can do the analysis with reference to the source code.
All those little factors cause the initial risk of open source software to be much higher, but the risk of a mature and popular system to be lower. Compare with closed source, which for new and unpopular software the risk is low, and for mature and popular software, the risk is high.
The best opportunity (as the world begins to realise the value of security) for closed source producers is to be cheap to market, quick to help mature an open source competitor, and quick to help your customers migrate to the open source alternative, siphoning a lucrative support and development contract as you move onto new product as restart the cycle.