As every last three years in a row, I attended SRECon in Europe. I can literally say this year was totally broken comparing with former conferences. I think it’s because I had much higher expectations from this conference. The first shot in 2014 was more than awesome, but year to year it’s getting worse. Almost all talks from Google were like a summary of every chapter in SRE book. We just skipped all the rest of the talks sourced by Google.
Almost every ISP responds unfortunately, they still cannot handle flowspec standard. It’s nearly 2018, almost every BGP-aware daemon software is able to send/receive flowspec. Those who don’t know what flowspec is:
Already 15 years passed when I played QuakeWorld and I feel too much nostalgic remembering those days. QuakeWorld (aka. Quake1) was released in 1996. It celebrates 21 this year and I tried to go back to 2002-2008 (it was the time I played QW quite professional). I must say, that well-known players such like Milton, Locktar are still on the track.
Nginx has two cool features to limit bandwidth for responses:
IPv4 has by design
127.0.0.0/8 delegated for loopback usage. It means that you can use ~16M addresses to identify hosts inside your fleet. I’ve touched this usage in networking world, but who else really needs this behavior while we are living in 2017 (containers world)? To be honestly, I’m talking about ancient IPv4 protocol.
I don’t know how much of ISPs are now using RPKI based validation for BGP prefixes to avoid hijacking attacks, but a few years ago most of the ISPs still used old-school method (prefix/ACL lists) to filter “good” and “bad” prefixes from neighbors. I remember when I was working on ISP we dealt with this problem as well.