Ask HN: Is Google Compute down?
I'm not able to ssh into any of my boxes or access any of the sites, yet my status monitor isn't showing downtime. Spotify is also down for me, which is another GCP customer.
I'm in Los Angeles but the servers are hosted on us-central1
79 comments
[ 4.5 ms ] story [ 134 ms ] threadEDIT: Some services are intermittently responsive. I had ~5 minutes of no access to anything. Some are slowly coming back.
Edit: We're also in Los Angeles, connecting to us-central1. Seems to be a pattern?
17 195.219.156.146 (195.219.156.146) 152.490 ms 152.423 ms *
18 * * mskn17ra-lo1.transtelecom.net (217.150.55.21) 198.658 ms
19 * * Google-gw.transtelecom.net (217.150.44.9) 192.230 ms
20 * * 108.170.250.111 (108.170.250.111) 172.086 ms
We have servers in San Jose that cannot access Google services. Trace route shows everything going to China when leaving the San Jose data center. We can access the same services from Vancouver just fine.
By revoking China's privileges, you reinventing the Great Firewall. Or at least part of how it works, by "revoking routing privilege of selected IP ranges."
You know what, that's the narrative of China's wall building proposal in the place. To end USA's "Internet supremacy" and to advocate "Internet sovereignty".
Also in LA, had intermittent issues with google.com and Spotify all morning.
edit: linked to wrong issue
Definitely something interesting going on, and I am sure no shortage of some frantic research and effort to resolve this all at Google and such right now.
This kind of thing should not be possible. Are there any protocol proposals or other kind of upgrades to the routing protocols that would prevent these kind of mistakes/attacks?
It's if the internet doesn't like all that centralization with all that market domination. It's naturally resilient only when there is a lot of competition.
It sounds like you're asking google to solve https://en.wikipedia.org/wiki/BGP_hijacking ?
Getting the big ISPs/Telcos to adopt them... that's another matter
When reality conflicts with what you believe to be possible, it's time to reexamine your assumptions.
https://www.scion-architecture.net/
Our teams are continuing to work with upstream and downstream service providers to remedy the issue.
Edit: Didn't someone recently share a tool to monitor BGP hijack attempts?
[0]: https://www.cnet.com/news/how-pakistan-knocked-youtube-offli...
It needs to filter traffic to any address, and wouldn't have specific google ranges configured.
https://news.ycombinator.com/item?id=18429099
Is our first time actually rolling over the entire stack to AWS - and it worked!
GCP outage currently is massive, can't even use other regions.
Edit: This also affected AWS Oregon region earlier. I do not know how yet, but they too were unreachable briefly. Seems to be okay now.
I'm not familiar with BGP routing attacks; the article above seems to imply the attacker needs to compromise certs in order to glean useful data from the attack.
If that's accurate, is this Google-oriented traffic vulnerable to this type of attack?
However for more general traffic, well look at the trusted root list in your browser/OS. Realise that every single one of those trusted routes can issue certificates for a given domain...
Of the top of my head, assuming malicious intent, well not all browser (especially older ones) do certificate pinning, so perhaps then Chinese users of Google services using old browsers would find their traffic being intercepted?
Past that the leakage would seem fairly minor, a list of source IP addresses and destination hosts.
https://arstechnica.com/information-technology/2018/11/stran...
In another comment in this thread I read:
> Seems like its time to start or accelerate a working group on secure BGP.
Indeed things can't go on like this for much longer...