João Tomé, writing on the Cloudflare blog:

The latest Internet outage, in the South Pacific country of Tonga (with 169 islands), is still ongoing. It started with the large eruption of Hunga Tonga–Hunga Haʻapai, an uninhabited volcanic island of the Tongan archipelago on Friday, January 14, 2022. The next day, Cloudflare Radar shows that the Internet outage started at around 03:00 UTC (16:00 local time) — Saturday, January 15, 2022 — and is ongoing for more than four days. Tonga’s 105,000 residents are almost entirely unreachable, according to the BBC.

James Vincent, writing for The Verge:

Like many island nations, Tonga relies on just a single undersea cable, about the thickness of a garden hose and filled with fragile fiber-optic filaments, to get citizens online. But on Tuesday, the government of Tonga said “communications both international and domestic were severed due to damage sustained by the submarine cable.”

According to the BBC, repairs coule take upto two weeks.

“It could take up to two weeks to get it repaired. The nearest cable-laying vessel is in Port Moresby,” he added, referring to the Papua New Guinea capital, more than 4,000 km (2,500 miles) from Tonga.

The folks at Cloudflare have published a fascinating look into the recent ~6 hour long downtime that the Facebook network went through, taking down not just the Facebook product itself, but also WhatsApp, Instagram, FB’s internal looks, and a lot more. It’s a somewhat technical explanation, but Cloudflare’s Tom Strickx and Celso Martinho have made it very easy to understand.

Today at 1651 UTC, we opened an internal incident entitled “Facebook DNS lookup returning SERVFAIL” because we were worried that something was wrong with our DNS resolver 1.1.1.1. But as we were about to post on our public status page we realized something else more serious was going on.

Social media quickly burst into flames, reporting what our engineers rapidly confirmed too. Facebook and its affiliated services WhatsApp and Instagram were, in fact, all down. Their DNS names stopped resolving, and their infrastructure IPs were unreachable. It was as if someone had “pulled the cables” from their data centers all at once and disconnected them from the Internet.

How’s that even possible?

It’s really interesting to see how a (possibly) minor piece of code can take down large parts of the internet like this. Honestly, it would be a good thing for the internet overall of Facebook disappears from the internet, but I feel for everyone at Facebook behind this issue. Major hugs to the people involved in bringing the network back up.

Then again, imagine messing up so bad that your boss ends up losing $6 billion.

Thibault Meunier, writing on the Cloudflare blog:

We want to get rid of CAPTCHAs completely. The idea is rather simple: a real human should be able to touch or look at their device to prove they are human, without revealing their identity. We want you to be able to prove that you are human without revealing which human you are! You may ask if this is even possible? And the answer is: Yes! We’re starting with trusted USB keys (like YubiKey) that have been around for a while, but increasingly phones and computers come equipped with this ability by default.

Let’s face it, CAPTCHAs are annoying. I may have clicked on thousands of little photos of traffic lights so far, and it’s been an annoyance every single time.

If you have a YubiKey, you can try out the flow on https://cloudflarechallenge.com — a test website setup by Cloudflare.

I’d love to see where this initiative goes.

Is BGP Safe Yet? Cloudflare Launches Website to Check Whether your ISP Prevents Route Leaks & Hijacks

Louis Poinsignon writes on the Cloudflare blog:

BGP leaks and hijacks have been accepted as an unavoidable part of the Internet for far too long. We relied on protection at the upper layers like TLS and DNSSEC to ensure an untampered delivery of packets, but a hijacked route often results in an unreachable IP address. Which results in an Internet outage. 

The Internet is too vital to allow this known problem to continue any longer. It’s time networks prevented leaks and hijacks from having any impact. It’s time to make BGP safe. No more excuses.

In June 2019, large parts of the Internet were put offline for no fault of theirs, thanks to Verizon — just one of the many hundreds of Internet Service Providers across the world who do not have security practices and filtering in place to prevent such a thing from happening.

Tom Strickx wrote on the Cloudflare blog back then:

Today at 10:30UTC, the Internet had a small heart attack. A small company in Northern Pennsylvania became a preferred path of many Internet routes through Verizon (AS701), a major Internet transit provider. This was the equivalent of Waze routing an entire freeway down a neighborhood street — resulting in many websites on Cloudflare, and many other providers, to be unavailable from large parts of the Internet. This should never have happened because Verizon should never have forwarded those routes to the rest of the Internet. To understand why, read on.

And this sort of thing happens a lot. And it isn’t just an inconvenience, it can also cause tremendous damage. Lily Hay Newman, writing for Wired, says:

BGP disruptions happen frequently, generally by accident. But BGP can also be hijacked for large-scale spying, data interception, or as a sort of denial of service attack. Just last week, United States Executive Branch agencies moved to block China Telecom from offering services in the US, because of allegedly malicious activity that includes BGP attacks. 

To make this internet a better place for everyone, Cloudflare has today launched an effort to push ISPs to implement checks and filtering to prevent BGP leaks & hijacks. The company has launched IsBGPSafeYet.com, a website that lets you check whether your Internet Service Provider (ISP) or broadband provider has BGP filtering in place or not. You can run the test in your browser and get instant results.


Indian ISPs Fail the Test

I ran the test for my ISPs Jio & ION and both of them failed the test. I also asked a few of my friends to run the test on their respective ISPs, and so far all Indian ISPs are failing the test. Here’s a non-exhaustive list:

Indian ISPs Failing the Test:

If you’re using any of the above ISPs, let them know.

If you’re in India, please run the test on IsBGPSafeYet.com in your browser and let me know on Twitter, so I can update this list.

Martin J Levy, writing on the Cloudflare blog:

We are especially excited to announce our Kathmandu data center while attending APRICOT conference, being held in Nepal this year. The event, supported by APNIC, the local Regional Internet address Registry (RIR) for the Asia-Pacific region, attracts leaders from Internet industry technical, operational, and policy-making communities. Cloudflare’s favorite part of APRICOT is the Peering Forum track on Monday.

Come for the announcement, stay for the flag dimensions’ nerdy.

Cloudflare Gets Ready for a Massive Expansion in 2018 with Two New Data Centers in India

Matthew Prince, CEO of Cloudflare, announces their 120th data center in Salt Lake City, Utah and says the company has planned a “massive expansion” for 2018.

We have big plans. By the end of the year, we’re forecasting that we’ll have facilities in 200 cities and 100 countries worldwide. Twelve months from now we expect that 95% of the world’s population will live in a country with a Cloudflare data center.

In the post linked above, I noticed the network map includes five (maybe six) dots for India.

Cloudflare Network Map for India

Cloudflare Network Map for India

This includes the three existing Cloudflare data centers in New Delhi, Mumbai, and Chennai, which the company launched in November 2015. The fourth dot, seen in Orange, looks like a new data center in progress in or around Nagpur in central India. Similarly, the fifth dot, seen in teal here looks like a new data center in or close to Bengaluru planned for sometime in 2018. It also looks like Cloudflare will be launching a new data center in Nepal.

As someone who lives in Mumbai and builds websites for clients — the majority of whom are located in the Indian subcontinent, I’m incredibly excited about all this.

Literally all of the popular iXyr Media websites, including this one, are powered by the amazing CloudFlare architecture. There is tremendous value that CloudFlare gives out for Free and I couldn’t be happier with the product. A few days ago, CloudFlare made this big announcement that has long been my only feature request to them:

India is home to 400 million Internet users, second only to China, and will add more new users this year than any other country in the world. CloudFlare protects and accelerates 4 million websites, mobile apps and APIs, and is trusted by over 10,000 new customers each day. Combine these forces, and we are positioned to connect hundreds of millions of Indian users with the millions of Internet applications they use each day.

Today, we accelerate this momentum with the announcement of three new points of presence (PoPs) in Mumbai, Chennai and New Delhi. These new sites represent the 66th, 67th and 68th data centers respectively across our global network.

They didn’t just announce a POP in India, they went all out and announced three of them.

As of this moment, our data centers in Mumbai, Chennai and New Delhi are serving all CloudFlare customer content in under 50 milliseconds to users across the entire Indian subcontinent, about 7 times faster than the blink of an eye. And we’re not done yet—we’re still making tweaks to further decrease latency.

As someone whose sole livelihood depends on building and running websites, this is the best thing to happen this year.