Re: Level 3 DC issues?
I've got low latency TO 'Level3 Washington' - but I time out about three hops later. I'm coming from the Sprintlink. On Jan 29, 2010, at 2:22 PM, John Palmer (NANOG Acct) wrote: Anyone see any connectivity issues with Level-3 in the DC area? This issue is causing big latency problems that appeared to have taken out Bank of America's website.
RE: Level 3 DC issues?
Looks like an internal problem to BoA. The redirect works, and I get an immediate reply. The https redirect page appears boinked. Even with a -k curl took over 30 seconds to get the page, and the browser would have timed out. rob...@robert ~ $ curl -i -G www.bankofamerica.com HTTP/1.1 301 Moved Permanently Server: Sun-ONE-Web-Server/6.1 Date: Fri, 29 Jan 2010 19:25:08 GMT Content-length: 122 Content-type: text/html Location: https://www.bankofamerica.com/index.jsp Connection: close HTMLHEADTITLEMoved Permanently/TITLE/HEAD BODYH1Moved Permanently/H1 An error has occurred. /BODY/HTML rob...@robert ~ $ curl -i -G www.bankofamerica.com HTTP/1.1 301 Moved Permanently Server: Sun-ONE-Web-Server/6.1 Date: Fri, 29 Jan 2010 19:25:28 GMT Content-length: 122 Content-type: text/html Location: https://www.bankofamerica.com/index.jsp Connection: close HTMLHEADTITLEMoved Permanently/TITLE/HEAD BODYH1Moved Permanently/H1 An error has occurred. /BODY/HTML rob...@robert ~ $ curl -i -G https://www.bankofamerica.com/index.jsp curl: (60) SSL certificate problem, verify that the CA cert is OK. Details: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed More details here: http://curl.haxx.se/docs/sslcerts.html curl performs SSL certificate verification by default, using a bundle of Certificate Authority (CA) public keys (CA certs). If the default bundle file isn't adequate, you can specify an alternate file using the --cacert option. If this HTTPS server uses a certificate signed by a CA represented in the bundle, the certificate verification probably failed due to a problem with the certificate (it might be expired, or the name might not match the domain name in the URL). If you'd like to turn off curl's verification of the certificate, use the -k (or --insecure) option. rob...@robert ~ $ curl -k -i -G https://www.bankofamerica.com/index.jsp Robert D. Scott rob...@ufl.edu Senior Network Engineer 352-273-0113 Phone CNS - Network Services 352-392-2061 CNS Phone Tree University of Florida 352-392-9440 FAX Florida Lambda Rail 352-294-3571 FLR NOC Gainesville, FL 32611 321-663-0421 Cell -Original Message- From: John Palmer (NANOG Acct) [mailto:nan...@adns.net] Sent: Friday, January 29, 2010 2:22 PM To: NANOG list Subject: Level 3 DC issues? Anyone see any connectivity issues with Level-3 in the DC area? This issue is causing big latency problems that appeared to have taken out Bank of America's website.
Re: Level 3 DC issues?
John Palmer (NANOG Acct) wrote: Anyone see any connectivity issues with Level-3 in the DC area? This issue is causing big latency problems that appeared to have taken out Bank of America's website. Los angeles Downtown had a big power outage which affected quite a few dc's dont know if its related though
Re: Level 3 DC issues?
Looks like it may be a BoA issue. I also see their AS number peering to AS 701 (Verizon Business / UUNet) with a dead traceroute to BoA. On Jan 29, 2010, at 2:22 PM, John Palmer (NANOG Acct) wrote: Anyone see any connectivity issues with Level-3 in the DC area? This issue is causing big latency problems that appeared to have taken out Bank of America's website.
Re: Level 3 DC issues?
On 01/29/2010 08:30 PM, Robert D. Scott wrote: Looks like an internal problem to BoA. The redirect works, and I get an immediate reply. The https redirect page appears boinked. Even with a -k curl took over 30 seconds to get the page, and the browser would have timed out. Hi, Just noticed this article, maybe BoA is also a target ?: CIA, PayPal under bizarre SSL assault The massive flood of requests is made over the websites' SSL, or secure-sockets layer, port, causing them to consume more resources than normal connections, according to researchers at Shadowserver Foundation, a volunteer security collective. The torrent started about a week ago and appears to be caused by recent changes made to a botnet known as Pushdo http://www.theregister.co.uk/2008/02/29/botnet_spam_deluge/. http://www.theregister.co.uk/2010/01/29/strange_ssl_web_attack/ http://www.shadowserver.org/wiki/pmwiki.php/Calendar/20100129 Maybe that has something to do with this ? Hope you have a nice weekend. rob...@robert ~ $ curl -i -G www.bankofamerica.com HTTP/1.1 301 Moved Permanently Server: Sun-ONE-Web-Server/6.1 Date: Fri, 29 Jan 2010 19:25:08 GMT Content-length: 122 Content-type: text/html Location: https://www.bankofamerica.com/index.jsp Connection: close HTMLHEADTITLEMoved Permanently/TITLE/HEAD BODYH1Moved Permanently/H1 An error has occurred. /BODY/HTML rob...@robert ~ $ curl -i -G www.bankofamerica.com HTTP/1.1 301 Moved Permanently Server: Sun-ONE-Web-Server/6.1 Date: Fri, 29 Jan 2010 19:25:28 GMT Content-length: 122 Content-type: text/html Location: https://www.bankofamerica.com/index.jsp Connection: close HTMLHEADTITLEMoved Permanently/TITLE/HEAD BODYH1Moved Permanently/H1 An error has occurred. /BODY/HTML rob...@robert ~ $ curl -i -G https://www.bankofamerica.com/index.jsp curl: (60) SSL certificate problem, verify that the CA cert is OK. Details: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed More details here: http://curl.haxx.se/docs/sslcerts.html curl performs SSL certificate verification by default, using a bundle of Certificate Authority (CA) public keys (CA certs). If the default bundle file isn't adequate, you can specify an alternate file using the --cacert option. If this HTTPS server uses a certificate signed by a CA represented in the bundle, the certificate verification probably failed due to a problem with the certificate (it might be expired, or the name might not match the domain name in the URL). If you'd like to turn off curl's verification of the certificate, use the -k (or --insecure) option. rob...@robert ~ $ curl -k -i -G https://www.bankofamerica.com/index.jsp Robert D. Scott rob...@ufl.edu Senior Network Engineer 352-273-0113 Phone CNS - Network Services 352-392-2061 CNS Phone Tree University of Florida 352-392-9440 FAX Florida Lambda Rail 352-294-3571 FLR NOC Gainesville, FL 32611 321-663-0421 Cell -Original Message- From: John Palmer (NANOG Acct) [mailto:nan...@adns.net] Sent: Friday, January 29, 2010 2:22 PM To: NANOG list Subject: Level 3 DC issues? Anyone see any connectivity issues with Level-3 in the DC area? This issue is causing big latency problems that appeared to have taken out Bank of America's website.
