Slashdot Mirror
One Failed NIC Strands 20,000 At LAX
The card in question experienced a partial failure that started about 12:50 p.m. Saturday, said Jennifer Connors, a chief in the office of field operations for the Customs and Border Protection agency. As data overloaded the system, a domino effect occurred with other computer network cards, eventually causing a total system failure. A spokeswoman for the airports agency said airport and customs officials are discussing how to handle a similar incident should it occur in the future.
Though I heard it was a switch. Same idea though- all it takes is one malfunctioning card flooding the LAN with bad packets to bring it all down.
SJW: a person who perceives an injustice, and while correcting it, commits a greater injustice.
According to the effing article, it wasn't even a server, but a goddamn desktop. How in the holy hell does a desktop take down the whole system? I can't even conceive of a situation where that could be the case on anything other than a network designed by chimps, especially through a hardware failure...A compromised system might be able to do it, but a system just going dark?
For that to have had any effect at all, that system must have been the lynchpin for a critical piece of the network...probably some Homeland security abortion tacked on to the network, or some such crap...This is like the time I traced a network meltdown to a 4 port hub (not a switch, and unmanaged hub) that was plugged into (not a joke) a T-3 concentrator on one port, and and three subnets of around 200 computers each on the other 3 ports. Every single one of the outbound cables from the $15.00 hub terminated in a piece of networking infrastructure costing not less than $10,000 dollars.
This is like that. Single point of failure in the worst possible way. Gross incompetence, shortsightedness, and general disregard for things like "uptime"; pretty much what we've come to expect from the airline industry these days. If I'm not flying myself, I'm going to be driving, sailing, or riding a goddamn bicycle before I fly commercial.
ad logicam Claiming a proposition is false because it was presented as the conclusion of a fallacious argument.
"...said airport and customs officials are discussing how to handle a similar incident should it occur in the future."
What makes them think they'll get another shot? Rank and file voters are ready with their own plan...should a 'similar incident' by the same fools happen again.
First you see latency on a network, then you fire up a sniffer and hope to god you can get enough packets to deduce which is the flaky card without shutting down every NIC on your network.
Of course I did write a paper on this behavior years ago in my CS networking class. Taking a Snort box and a series of custom scripts to notify admins with spikes on the network outside of normal operating ranges for that device's history. However implementing this successfully in an elegant fashion has been beyond me and I just rely on Nagios to do a lot of my bidding.
CS: It is all sink or swim...oh and did I mention there are sharks in that water?
...for not firing the networking manager. The fact that they were NOT terrified that this news would get out and were too stupid to cover it up indicates he/she and their subordinates SIMPLY DON'T KNOW THEY DID ANYTHING WRONG by not putting in a sufficently montiored switch architecture which would rapidly alert IT staff and lock out the offending node.
Simply amazing. Will someone in the press publish the names of these losers so they can be blacklisted?
DHS's idea of a "backup plan" will probably be to build a huge fenced area into which to dump arriving passengers when their systems are down.
Yes, I am glad to be out of that velvet lined rut and in a world where there are actual professionals.
CS: It is all sink or swim...oh and did I mention there are sharks in that water?
Ha! Ha!
Teaches you to rely on technology...
Also known as IEEE 802.3ad supports aggregating NICs to both improve overall bandwidth as well as gracefully deal with failed links.t rol_Protocol
More info at http://en.wikipedia.org/wiki/Link_Aggregation_Con
Systems seem to be more commonly shipping with multiple NICs (esp. servers) so maybe this will be used more and more. It is important to note that the network switch/router needs to be able to support LACP (dumb/cheap switches do not while expensive/managed ones do) so that might be a barrier. Cisco switches and maybe others have implemented proprietary trunking/aggregation schemes but this 802.3ad is a standard.
In practice, I tried to use LACP with a Linksys SRW2048 $800 switch (targeted at small-businesses, much cheaper than typical managed switch) but it did not work reliably (performance got worse, some clients could not connect/timed-out.) Still working on it.
So... have you seen "The Number 23" by any chance?
To all you novice net admins out there: network cards do *not* like chunky peanut butter! Smooth/creamy only, please.
Now you see what happens when some joker thinks [s]he can get away with using chunky for something as critical as proper care and feeding of network cards. Pfft.
Bah! Kids these days... I tell ya. Probably the same folks that think the interwebnet is the same as the World Wide Web.
Great, Scott! What's next?!
Running 'Nix is like owning a Lightsaber. It's "a more elegant weapon for a more civilized time."
When the U.S. Government is letting millions of illegal aliens cross over from Mexico and live here with impunity, then what the fuck is the point with stopping a few thousand document carrying people getting off of planes from entering the country?
I guess the system exists to give the appearance that the feds actually give a shit.
And then the Pres and Congress wonder why their approval ratings are as small as their shoe sizes...
Out of order? Fuck! Even in the future nothing works! - Dark Helmet (Rick Moranis) "Spaceballs"
Years ago we had a 10BT nic go defective so that whenever the nic was plugged into the switch it would obliterate traffic on that segment. The fun part: EVEN IF THE NIC WAS NOT PLUGGED INTO THE PC. Luckily that happened in one of the few areas that had switches at the time, everything else was one huge flat lan.
It seems the controller in L.A. suggested the same thing years ago. (pdf)
1 2152003.pdf
http://www.lacity.org/ctr/press/ctrpress18616087_
Got Trader Joe's? friendwich.com RSS feeds work now!
I believe you are thinking of a quote attributed to Albert Einstein:
"Only two things are infinite, the universe and human stupidity, and I'm not sure about the former."
http://www.quotedb.com/quotes/1349
How about doing regular police work instead of pre crime, so that passengers don't have to stand around while your network flakes out?
Friends don't help friends install M$ junk.
We had something similar happen at my building when I worked at Kent State University. The air conditioning was being worked on and the workers thought it would be a good idea to plug an AC unit into the server room, something they had been specifically told not to do. The Additional load of the AC flipped the breaker and set off all the alarms, all the switches lost power and backup units shutdown all servers. It wouldn't have been so bad except that all university traffic ends up going through our building for internet, which caused all routers to become backed up. ALL of them. What made things worse was the new sysadmin didn't know about some of the backup systems, and no one knew how to reset the breakers (it was a special system) plus there was a special pin that had to be used that no one knew. It was a hillious 2 hours without internet.
Except in the future, the incident isn't going to be similar, aside from being similarly boneheaded. This attitude of "only defend yourself from things that have already happened to you before" is just plain dumb. Obviously their system was set up and administered by a boneheaded organization to begin with, and now that same boneheaded organization is rushing to convene a committee to discuss a committee to discuss how to prevent something that already happened from happening again. The root flaw is still in the organization.
In Repressive Burma, it's not just your connection that dies. slashdot.org/comments.pl?sid=314547&cid=20819199
The NIC that failed isn't the part that's at fault. NICs fail, and can be counted on to do so inevitably, if relatively unpredictably (MTBF is statistical).
The real problem NIC is the one that wasn't there as backup. Either a redundant one already online, or a hotswap one for a brief downtime, or just a spare that could be replaced after a quick diagnostic according to the system's exception handling runbook of emergency procedures.
Of course, we can't blame a NIC that doesn't exist, even if we're blaming it for not existing. We have to blame the people who designed and deployed the system with the single point of failure, and the managers and oversight staff who let the airport depend on that single point of failure.
But instead I'm sure we'll blame the dead NIC. Which gave its life in service to its country.
--
make install -not war
Where I work, if there's a packet storm someplace (server is getting attacked, server is attacker, or someone just has a really phat pipe on the other end and is moving a ton of data) we get a SNMP TRAP for packet threshold on the offending port. BAM! You know where the problem is, and since we have managed switches you just shut off the port if you can't resolve the problem.
Having said that, since the managed switches are gigE uplinked and each port is only 10/100, I don't think we've ever had a problem where a server was outbounding and brought down the switch/network (just made some extra latency). We've had some really large inbounds occasionally take down a whole switch, and heaven forbid some idiot shuts the port off on an inbound attack instead of nulling it at the border, cause then the ARP drops and the DOS gets forwarded to every port on the VLAN on a ton of switches.. but a broken NIC packet storming would not have been an issue.
OK, so maybe they don't have managed switches all the way down the to the lowest point on the network. They should still have SOME further up the chain and be monitoring them such that they know from what direction the problem is coming, and shut it off / look at it with a sniffer etc.
Infrastructure that is as important as an airport should have it's own infrastructure properly equipped and maintained with managed equipment, making this nearly a non-issue and certainly one easily resolved.
I used to work for a very large travel agency and have seen queues of travel resevations get pretty backed up and cause problems before although on a smaller scale.
Most reservations are checked for problems automatically but pushed through by a person and moved from one queue to another. If the program that checks them crashes, it can back things up.
I remember a program crashing and a queue getting 2000+ reservations in it before someone figured out what was going on and it had things screwed up for about 2 days while a replacement computer gradually cleared the queue out.
Contrary to popular belief, Unix is user friendly. It just happens to be particular about who it makes friends with.
You're right to a point. An ethernet frame, along with the source and destination addresses, has a checksum. A switch that is using a store and forward procedure is supposed to drop the frame if the checksum is invalid. If the nic was throwing garbled frames onto the network, it would have to be garbled in such a way as to have a valid checksum (assuming they are using store and forward switches in the first place).
When our name is on the back of your car, we're behind you all the way!
Perhaps they upgraded their token ring to thinnet.
When our name is on the back of your car, we're behind you all the way!
This brings out an obvious point, despite the advances we have made in computing and IT, it is still relatively young and not that robust.
This is the equivalent of your car stops working and the 'check engine' light does not even come on. At least now some of the technology for cars is getting to the point that it will find the problem for you. The same still cannot be said for large computer networks.
When people stop treating computers as flawless wonder machines, then we shall see some real progress made.
Change to Wifi because that can't have NIC faults.
C'mon folk... help me out here!
Engineering is the art of compromise.
So a desktop got infected and started to Spew crap onto the network. Then we blame it on the nic it self..
HaH security what is that? when 1/2 our personal information can be found on p2p networks because government employees can't actually do the job they have to screw around and download music / movies or whom knows what else. What would make air port employees any different..
When you boil down to the root problem you'll find it's Lack of leaders ship allowing these problems / attitudes to exist.
And Great out tax dollars paid for this Screw up.
Got any references or links to various tutorials and/or documents on how I could setup my network to notify me about a rogue NIC?
This space is not for rent.
Sadly, many real-world systems are often nothing like what people might envision as them as. We all sit back in our chairs reading slashdot and thinking everything is masterfully architected, fully HA, redundant, etc.
Then as you work more places you start seeing that this is pretty far from actual truth. Many "production" systems are held together by rubber bands, and duct tape if you're lucky (but not even the good kind.) In my experience it can be a combination of poor funding, poor priorities, technical management that doesn't understand technology, or just a lack of experience or skills among the workers.
Not every place is a Google or Yahoo!, that I can imagine look and smell like technology wherever you go on their fancy campuses. Most organizations are businesses first, and tech shops last. If software and hardware appears to "work", it is hard to convince anybody in a typical business that anything should change- even if what is "working" is a one-off prototype running on desktop hardware. It often requires strong technical management and a good CIO/CTO to make sure that things happen like they should.
I suspect that a lot of things that we consider "critical" in our society are a hell of a lot less robust under then hood than anything Google is running.
Now that being said, a good slice and dice of a network will save you some heartache but it will not solve the problem as at some point your miracle subnets (I will assume you meant vlans) will all have to connect somewhere, now you have reduced the chance of a nic failing as there are less NICs and all are confined to their respective homes, but you still are dealing with NICs and they still short out, go bad, mice chew, and all goes haywire.
Of course you dont know these things unless you ahve actually experienced the scenarios (experienced it here with equipment less than a year old), on a large network and by large I mean at least 1000+ nodes.
My solution to the problem? Get away from large enterprise networks and stick to smaller ones, I really enjoy the perks of having a sub 500 node network and I have the time and can afford the equipment to cut things up properly.
CS: It is all sink or swim...oh and did I mention there are sharks in that water?
Are they saying that one bad card destroyed other cards? That seems a bit unusual.
"It's the height of ridiculousness to say for those 9 lines you get hundreds of millions."
Yes, but this is slashdot so I feel the compulsive need to render quotes in a way to fit my needs.
CS: It is all sink or swim...oh and did I mention there are sharks in that water?
who forgot to pay the IT guy? last time i checked shouldn't most switches correct this issue... i could see them using hubs and thats what really caused the overload :)
(yes i know i suck at spelling fell free to correct my grammar and/or spellin i dont care, im still not going to change
Yeah, my employer makes monitoring software, so obviously I'm biased here, but... are you freaking joking me? They couldn't bother to install a monitoring system to warn them their NIC was fried? Hmm... I can think of one offhand ;)
-John Mark
Hyperic Community Manager
Like most of the TSA and the DHS poor design abetted with high levels of secrecy and politicization results in a fragile system. With a large number of single points of failure and a lack of fall-backs and fail-safes means that one problem hoses the system. One wonders what happens when things really go pear shaped in an unanticipated fashion.
It is laughable that there is no non-computerised backup for the system. (How about filling out the forms and scanning them in later?)
This story is incomplete:
like the time I traced a network meltdown to a 4 port hub (not a switch, and unmanaged hub) that was plugged into (not a joke) a T-3 concentrator on one port, and and three subnets of around 200 computers each on the other 3 ports. Every single one of the outbound cables from the $15.00 hub terminated in a piece of networking infrastructure costing not less than $10,000 dollars.
Tell me that the old hub was hidden in a ceiling tile and that it melted because the HVAC dude thought it was unused. Then you will have matched the worst story I have heard yet.
Friends don't help friends install M$ junk.
Google search chattering NIC. You want to emulate this? Take a NIC and hard code it to 100/full and set your switch to auto or 100/half. Now start transfering a ton a data to the server. Watch what happens to the other network devices on that switch. A chattering NIC is similar. Sometimes worse.
Sometimes stuff just happens.
I agree, but the scope of the problem is much larger.
Americans are still designing systems (and I'm talking WHOLE systems, not just the computers) for the industrial revolution. Much the same way, we're educating our kids for the same purpose- to make them cogs for manufacturing.
The Japanese have a more 'cellular' structure, as opposed to the 'pyramid' designed back a couple of 'turns of the century' ago. One man on top drives five, who drive 200, who drive them all. But the Japanese model is more like object orientation: each unit has private parts. So long as the command it's given produces the proper results and stays within budget, who cares?
Assembly lines gather at their meetings and decide policy on their own. "Fred has been late 3 times this week; do we care?" and the only people to whom it matters, decide. There's no need for a strict, top-down policy, especially since only tiny organizations all do only one job.
Imagine the broken structures in a holding company; they own a newspaper, a carwash and a grocery store; the top man can't say "We'll only use glass containers", because that would be a disaster in a car wash. They can't say "we choose leaded inks" which might be fine for the car wash, but danger at the newspaper. Each unit has it's own purpose.
So how about giving the network admins the power to do *whatever* it takes to let them keep the equipment up to date? As long as it runs, under budget, and doesn't get'em on the newspapers, who cares about the specifics? Why not let the unused budget from every year sit in an account (not being taken back) and use THAT to improve infrastructure?
If these guys were able to have that kind of control, this discussion wouldn't be happening.
--- For a good time mail uce@ftc.gov
Linksys 1 LAX 0
I blame Microsoft since they took Clippy out of Word. He was my only friend.
Yes NICs can go crazy and start blasting broadcasts or Unicasts over your network, if you have a Cisco switch (or any other that supports storm control like features) you may want to enable it, it costs you nothing but the time it takes you to update the config. on the access switch (the one connected to your PCs) get into config mode at type this on every interface that connects directly to a PC (use the interface range command to speed things up if you want). Switch(config-if)#storm-control unicast level X where X is the percent of total interface bandwidth you specify as the threshold for cutting access to that port. Its measure every second, so if you have 100 meg port and you set it to 30, if the PC pushes more than 30 meg a sec in unicasts the switch kills the port, till the pc calms down, if its a 10 meg port the 30 then equals 3 meg, etc etc. You can also add a second line to control broadcasts by changing the word unicast to broadcast. If that had this in place, when the NIC went nuts, the switch would have killed the port, and no outage (I assume a lot here, but you get the point).
Man, when a Token Ring card went bad, it was hell on the network, nothing worked because the token would not get passed properly.
The worst thing is when a user decides to unplug the cable to move something or whatever. Then the token can fall out and you have to spend hours on your hands and knees with a magnifying glass trying to find the damn thing!
Its true! I saw it in a Dilbert cartoon!
In the free world the media isn't government run; the government is media run.
The CNN article was older and adds nothing to the main point of the discussion, that a cheap network component caused such an extensive failure. It appears the only purpose of the CNN page was its higher body count.
When did I say Cisco routers? Thanks for the advice though. We have a very modest sun fire that monitors close to ten thousand cable modems using a system similar to what (I think) I'm describing. You're right about that, and the UDP traffic below. But again, my idea of checking up on the clients, not the switch, might lead you to the root of the problem more easily. I would not use it as my only tool however. With very large networks like this, more then one type of monitoring is a good thing. A few sflow/netflow collectors, like ntop etc.. could also be useful. Add an snmp graphing server for your routers and more centered equipment, like MRTG or PRTG, and some custom stuff such as these scripts I like, and you have tools to find out who's crashing your network. Cisco equipment seems to not have a problem forwarding data to a netflow collector BTW. I've also used dnstop, which is great for finding bad clients / DoS, but that won't find a wonky Ethernet card I imagine. Once in a college dorm I followed the most active orange lights down the tree of 10Mb Cisco switches all the way to a very senile old ISA Ethernet card in a 386. It was bringing about 200 clients down. We kindly upgraded the kids computer. Network latency quite suddenly started happening in very set intervals for about a day, strangely correlating to in class / out of class times, so we kind of knew it was an Ethernet card. Managing a cable plant is not "thousands of ports" though. A CMTS will discriminate amongst hundreds of modems on one port thanks to the quite amazing upstream scheduling algorithms built into a few ASICs and modems don't fail into a crash the network state. Crappy Ethernet cards fail into a crash the modem state though. Often.
The average journalist is not technical enough to convey information from a technical source to a technical audience. And they can't just quote, either. No, they have to "explain" the story in their own words, whether or not they understand it. The cause of this problem, of course, is that skilled technical people would rather not be journalists. This is why it's so hard to find people to write documentation.
You'll be fine...
Faster! Faster! Faster would be better!
So, what are you telling me, that their tubes got clogged?
The Christian Right is Neither (Christian nor right). See: Matthew 23, Matthew 25, Ezekiel 16:48-50
Hack, ha, $10.00 used mini switch from home with looped cabling is the real terror weapon.
This reminds me of a situation that happened on my campus network. Somebody in one of the campus dorm rooms plugged in a router backwards. The router took down much of the network because it was serving up DHCP addresses. The IT people were able to track down the offending segment and shut it off within two hours.
i'm not even an operations guy but even i know enough to say "when it occurs in the future", not "should it occur in the future".
...so we can segment our networks so they don't *all* get hosed when something like this happens?
It seems to me that some of the new Network Access Control (NAC) technologies might be able to mitigate such a situation - they can automatically shutdown switch ports that are using excessive bandwidth or doing other "naughty things".
I can think of at least one way that a bad NIC can take out other hardware... Etherkiller. Kids, don't try this at home!
Did you mount a military-grade, variable-focus MASER on an unlicensed artificial intelligence?
Why can't you just make it work? It worked fine like this before when the switch was in the other closet, I'm tired of spending money replacing these things.
I prefer boron titanium alloy, you insensitive clod!