回顾一下java8的变化_回顾3个月的全球流量变化
回顾一下java8的变化
There would be no TL;DR in this article, sorry.
抱歉,本文中没有TL; DR。
Those have been three months that genuinely changed the world. An entire lifeline passed from February, 1, when the coronavirus pandemics just started to spread outside of China and European countries were about to react, to April, 30, when nations were locked down in quarantine measures almost all over the entire world. We want to take a look at the repercussions, cyclic nature of the reaction and, of course, provide DDoS attacks and BGP incidents overview on a timeframe of three months.
过去三个月真正改变了世界。 从2月1日到1月30日,整个生命线过去了,那时冠状病毒大流行才刚刚开始传播到中国境外,欧洲国家即将做出React,到30月4日,几乎所有国家都被限制采取隔离措施。 我们想看一下React的影响,周期性,当然,还需要三个月的时间来概述DDoS攻击和BGP事件。
In general, there seems to be an objective pattern in almost every country’s shift into the quarantine lockdown.
总的来说,几乎每个国家向隔离区转移的转变似乎都有一种客观模式。
旋转下来 (Spin Down)
As the epidemic measures tightened, the transport and logistics (and tourism which is not possible without those) were first to get under stress, because people were massively cancelling or rescheduling their travels, deliveries, shipments and dispatches in coordination with countries closing or restricting the borders crossings. Taxis also felt the overall activity drop.
随着流行病措施的收紧,运输和物流(以及没有这些措施就不可能实现的旅游业)首先受到压力,因为人们正在与关闭或限制进口的国家协调大规模取消或重新安排其旅行,交付,装运和派遣计划。过境。 的士也感到整体活动下降。
It is not surprising that almost simultaneously, there was another layer where, contrarily, activity spiked tremendously: in stock, equity trading and currency exchange. Indeed, this is an industry that “buys the rumour and sells the news” as it were the traders who reacted to the changing world blazingly fast. And they still do, because they operate on both downward and upward movements of the price. Traders were among few professions over the Internet that had much more work and opportunities during those three months.
不足为奇的是,与此同时,又有另一层的活动急剧增加:股票,股票交易和货币兑换。 的确,这是一个“散布谣言并出售新闻”的行业,因为交易员对瞬息万变的世界做出了Swift的React。 而且它们仍然如此,因为它们在价格的上下波动中起作用。 在这三个月中,交易员是互联网上很少有更多工作和机会的专业。
As a next stage after-effect to shutting down the transportation and especially the events hosting lots of people (or should we rather say, shutting down virtually every event that takes place in real life), all the ticketing, reservations making and other venue activities-related services fell a considerable drop in their web attendance. And they are recovering very slowly because the difference in lockdown measures complicates international events, most borders are still closed and also by the fact that in quite a few countries the comeback of festivals, concerts or even theatrical performances is already planned. Those industries are trying to adapt to such new realities, and we don’t know yet how it would turn out for them, especially for the hoteliers and short-term rentals markets, that were strongly affected.
作为下一阶段的后果,即关闭交通运输,尤其是接待很多人的活动(或者应该说,关闭现实生活中几乎所有发生的活动),所有票务,预订和其他场所活动相关服务的网络访问量下降了很多。 他们的恢复非常缓慢,因为锁定措施的差异使国际赛事更加复杂,大多数边界仍然关闭,而且在相当多的国家中已经计划了节日,音乐会甚至戏剧表演的复出。 这些行业正在努力适应这样的新现实,我们还不知道对他们产生的影响如何,特别是对于受到严重影响的酒店经营者和短期租赁市场。
As a result of economic shocks and the rise of unemployment, as well as cancelling almost all sports activities, this is probably the worst time for betting. This time it combined several factors so crucial for the willingness of people to bet their money on something other than their health.
由于经济冲击和失业率上升,以及几乎取消了所有体育活动,这可能是最糟糕的**时间。 这次,它综合了几个因素,这些因素对于人们愿意将钱花在健康以外的其他事情上至关重要。
旋转起来 (Spin Up)
On the other hand, we have some industries and economic sectors that benefited from what was happening, although it is not clear if they could capitalize on achievements.
另一方面,我们尚有一些工业和经济部门从正在发生的事情中受益,尽管尚不清楚它们是否可以利用成就。
Mass media and social networks are among the ultimate winners. In the situation of stress, many people turn to news and stories sources, and we have seen how different the reaction could be, especially in self-managing communities, like Wikipedia. People need a source of information, and during those three months, we saw how active users grow on most of the general-themed news sites, but not exclusively. And many tried to exploit the information thrust to their advantage using all kinds of shadowy techniques like click-baiting, or even worse.
大众媒体和社交网络是最终的赢家。 在压力大的情况下,许多人转向新闻和故事来源,我们已经看到了React的不同之处,特别是在自我管理的社区中,例如Wikipedia。 人们需要一个信息源,在这三个月中,我们看到了活跃用户在大多数通用主题新闻网站上的增长情况,但不仅限于此。 许多尝试使用各种诱人的技术(例如单击诱饵或什至更糟)来利用信息,以发挥其优势。
Our friends at Habr.com showed us how tremendously Coronavirus pandemics changed the way people react and respond to specific stories. There was a single post that gathered the attention of millions of people, seeking data on the ultimate topic we had in those three months.
我们在Habr.com的朋友向我们展示了冠状病毒大流行如何极大地改变了人们对特定故事的React和响应方式。 有一篇文章引起了数百万人的关注,他们在这三个月中寻找有关最终主题的数据。
(Habr’s CDN stats for February and March 2020)
(Habr的2020年2月和3月CDN统计信息)
At the same time, online education and online streaming services, as well as gaming platforms and communities, skyrocketed. And with the streaming services, even local governments reacted with their requirements to lower the video quality for traffic optimization, and ultimately, that was complied with by the largest players, like Netflix and YouTube. The same download speed throttling came to the most significant game marketplaces, like PlayStation Network, while Steam was reporting a concurrent players peak.
同时,在线教育和在线流媒体服务以及游戏平台和社区也在飞速发展。 借助流媒体服务,甚至地方政府也对他们的要求做出了React,以降低视频质量以进行流量优化,最终, 最大的播放器 (如Netflix和YouTube)都遵循了这一要求 。 同样的下载速度限制也进入了最重要的游戏市场, 例如PlayStation Network ,而Steam 报告了并发玩家高峰。
You’re probably wondering here how we dare to mix education with entertainment.
您可能想知道我们如何敢于将教育与娱乐相结合。
Well, it seems that edutainment exists on the Internet. During this period, we saw how educational services, by opening their courses for free or with a discount, experienced tremendous growth in users and visitors count. As schools, universities and some offices were shut down for physical attendance, pupils, students and even grown-ups were looking for an efficient way to spend their time.
好吧,看来娱乐化存在于互联网上。 在此期间,我们看到了通过免费或打折开设教育课程的教育服务在用户和访问者数量上的巨大增长。 由于学校,大学和一些办公室因物理出勤而被关闭,学生,学生甚至成年人正在寻找一种有效的方式来度过自己的时间。
And we know pretty damn well that if you work hard, you can play hard. That is why the gaming and the streaming industries could be those long-term winners because those habits would probably stay with people that got them in those three months.
而且,我们非常清楚,如果您努力工作,就可以发挥作用。 这就是为什么游戏和流媒体行业可以成为长期赢家的原因,因为那些习惯可能会在那三个月内吸引了那些习惯。
E-commerce and retail changed immensely over that same period because, for months, the only way to sell something was to sell it over the Internet. We saw how businesses, from small to gigantic, were transforming their operations and tactics towards better efficiency under immense stress. Groceries, wholefoods, butchers, tailors, carpenters and gardeners — everybody had to take adaptation measures to stay with their clientele, not losing old ones and, probably, acquiring new ones. And this particular time, we also see a growth in alcohol retailers traffic growth and a significant drop in office tools retail, both of which are tied to mass migration to home offices.
电子商务和零售业在同一时期发生了巨大变化,因为几个月来,唯一出售商品的方法就是通过Internet出售商品。 我们看到了从小到大的企业如何在巨大的压力下将其运营和策略转变为更高的效率。 杂货,全食,屠夫,裁缝,木匠和园丁-每个人都必须采取适应措施以与他们的顾客在一起,而不是失去旧顾客,并可能获得新顾客。 在这个特定的时间,我们还看到酒精零售商的流量增长,而办公工具的零售量显着下降,这两者都与向家庭办公室的大规模迁移有关。
It was interesting to see how retail and e-commerce businesses were adapting to the fast-growing demand, and “shared” their customers with each other in real-time — as some specific websites got overwhelmed by the visitors and started to choke on resources (whether that were CPU, memory or what we saw as a number one factor — available transit bandwidth), customers immediately reoriented themselves for services that were more readily available, materializing the old proverb “vote with your wallet”.
有趣的是,零售和电子商务业务如何适应快速增长的需求,并实时“共享”客户,因为一些特定的网站被访问者所淹没,并开始占用资源(无论是CPU,内存还是我们认为的第一个因素-可用的传输带宽),客户立即重新定位自己,以便获得更容易获得的服务,从而兑现了古老的谚语“用钱包投票”。
The same stands for the software we use to communicate with our colleagues, partners, customers and suppliers of all kinds — during these 3 months many companies realized where they actually stand on the security field, as troubles were crippling the reputation of some widely used software products, names omitted.
我们用来与同事,合作伙伴,客户和供应商进行各种沟通的软件也代表着同样的意思。在这三个月中,许多公司意识到他们在安全领域的实际地位,因为麻烦困扰着一些广泛使用的软件的声誉。产品,名称省略。
And probably the last, although not the least thing in our quick introduction, was the pressure which tested every e-Gov service in any region of the world. As people were locked down in their homes, they tried to get ahead of the trouble and make everything possible to be ready for whatever was going to happen. Taxes, courts, appointments with government officials, insurance and hospital services, social services — everything was under fire as people were caught in unpleasant moments and seeking help from their governments.
最后,虽然不是我们快速介绍中的最重要的事情,但可能是测试世界各地任何e-Gov服务的压力。 当人们被关在家里时,他们试图克服麻烦,使一切为发生的一切做好准备。 税收,法院,与政府官员的任命,保险和医院服务,社会服务–由于人们陷入不愉快的时刻并寻求政府的帮助,一切都受到了抨击。
And it turned out that in most cases the government electronic services could adapt and survive through this high demand, which is excellent and, in best case scenario, would give us new insights in what services we believe and how we can interact with them.
事实证明,在大多数情况下,政府的电子服务可以通过这种高需求来适应和生存,这是极好的,在最佳情况下,它将使我们对我们所相信的服务以及如何与之交互有新的见解。
DDoS攻击 (DDoS-attacks)
In this section, we want to share with you our insights on how DDoS-attacks evolved and changed during the questioned period.
在本节中,我们想与您分享我们对DDoS攻击在疑问期间如何演变和变化的见解。
Please note that this timeL7 (application layer) attacks were intentionally excluded from the overview.
请注意,此timeL7(应用层)攻击有意从概述中排除。
First of all, let’s take a look at the candlestick charts that we’re describing the data with. We would start with the DDoS-attacks duration data for the period from February 1 to April 30.
首先,让我们看一下用来描述数据的烛台图。 我们将从2月1日到4月30日的DDoS攻击持续时间数据开始。
With these charts, we’re focusing on the median (quartile 2), the minimum/maximum and quantiles 25 and 75.
通过这些图表,我们将重点放在中位数(四分位数2),最小/最大值以及分位数25和75。
As you can see, the median attack time is 300 seconds — 5 minutes. But the overall distribution in time is broad, with the maximum attacking timeframe of 12.5 hours. Modern attacks are fast and intense, and this doesn’t change with pandemics.
如您所见,平均攻击时间为300秒-5分钟。 但是整个时间分配范围很广,最长攻击时间为12.5小时。 现代攻击快速而激烈,大流行不会改变。
对不同行业的攻击持续时间 (Duration of attacks on different industries)
Now let’s take those durations and take a look at how they differ from one client category to another.
现在,让我们来看看这些持续时间,看看它们在一个客户类别与另一个客户类别之间的区别。
It is pretty evident that the promo and e-commerce economy sectors have the most prolonged attacks, with banks having a median of their attacks quite low compared to taxi services or gaming and trade industry. Every industry has its specifics on the Internet, and since a large portion of the DDoS-attacks is unfair competition, you see the difference between approaches.
很明显,促销和电子商务经济部门的攻击时间最长,与出租车服务或游戏和贸易行业相比,银行的攻击中位数很低。 每个行业在Internet上都有其特定的特征,并且由于DDoS攻击的很大一部分是不公平的竞争,因此您会看到方法之间的差异。
不同行业的攻击带宽 (The bandwidth of attacks on different industries)
That is the bits per second candlestick chart for the same attacked industries in the questioned timeframe.
这是在受质疑的时间范围内相同受攻击行业的每秒烛台图。
As you see the most intense attacks during these three months were targeted at the education sector, followed by payment systems, local governments and public sector services, with promo pages and betting resources closing the top-3. Here the maximum attack bandwidth in the Education sector was targeted at one of our clients opening the educational courses for free, followed by an assault of hundreds of gigabits per second on their resources. Someone else wanted those students too.
如您所见,这三个月中最严重的攻击针对教育部门,其次是支付系统,地方政府和公共部门服务,促销页面和**资源排名前三。 在这里,教育领域的最大攻击带宽针对的是我们免费开放教育课程的一位客户,其后每秒攻击他们资源的数百吉比特。 有人也想要那些学生。
攻击媒介的分布 (Distribution of attack vectors)
Fragmented IP flood is still the king of the DDoS-attacks mountain with 43,32% of all attacks (though a certain portion of this achievement belongs in fact to UDP amplification attacks). UDP flood follows with 29,37%, and SYN flood closes the top-3 with 19,53% of all assaults.
零碎的IP泛滥仍然是DDoS攻击之王,占所有攻击的43.32%(尽管这一成就的某些部分实际上属于UDP放大攻击)。 UDP泛洪攻击占29.37%,SYN泛滥攻击占所有攻击的19.53%,排名前三。
攻击向量的持续时间,秒 (Duration of attack vectors, seconds)
Here we can say that attacking vectors rarely drastically changes the timeframe of DDoS-attacks since those are mostly orthogonal things.
在这里我们可以说,攻击媒介很少会大幅改变DDoS攻击的时间范围,因为这些攻击大多是正交的。
攻击向量带宽和数据包速率 (Attack vectors bandwidth and packet rate)
Here we see what was known for a long time — UDP flood has the highest bandwidth median and maximum, followed by the fragmented IP flood. You probably already know that in real attacks that are real threats, several vectors would be utilized in order to maximize the effectiveness of compromised attacking resources.
在这里,我们看到了很长一段时间来已知的信息-UDP泛洪具有最高的带宽中值和最大值,其次是碎片化的IP泛洪。 您可能已经知道,在作为真实威胁的真实攻击中,将利用多个媒介来最大化被攻击资源的有效性。
That is the packet intensity (PPS) chart for the same vectors.
这就是相同向量的数据包强度(PPS)图。
And, finally, we have a pie chart of vectors combinations.
最后,我们有向量组合的饼图。
Where you can see that even while the IP flood stands for the most utilized attacking vector with 35,67% of all attacks, after clear UDP flood (with 15,71%) and SYN flood (with 12,31%) the rest 40% is in vectors combined.
从中可以看到,即使IP Flood代表了攻击次数最多的攻击媒介,占所有攻击的35.67%,而在清除UDP Flood(占15.71%)和SYN Flood(占12.31%)之后,其余40 %是向量的总和。
Again, we want to reiterate the chart we used at the beginning of this article.
同样,我们要重申在本文开头使用的图表。
Here you can see that the most attacked industries during those three months were:
在这里,您可以看到在这三个月中遭受攻击最多的行业是:
- Education, with 33.56% of all registered attacks; 教育程度,占所有已记录攻击的33.56%;
- Promo, where we count resources aimed at gathering attention in short periods; 促销,我们在其中收集旨在在短期内引起关注的资源;
- E-commerce (retail) with 13.01% of attacks; 电子商务(零售),受到攻击的比例为13.01%;
- Public and government services with a little less than a tenth of attacks — 8.44; 公共和政府部门遭受不到十分之一的攻击-8.44;
- And the top-5 closing with gaming sector attracting 7.30% of DDoS-attacks. 排名前五的游戏行业吸引了7.30%的DDoS攻击。
BGP路由 (BGP routing)
Almost simultaneously with the quarantine measures in each region and country lockdown and migration to home-offices where possible, major Internet exchange points were reporting historical records on the traffic flow. At the same time in many countries, ISPs were agreeing to lift or entirely cancel the data caps on last-mile consumer internet connections, which definitely is something we haven’t seen before.
几乎与每个地区的隔离措施以及国家封锁和尽可能迁移到本国办公室的同时,主要的Internet交换点正在报告有关流量的历史记录 。 同时,在许多国家/地区, ISP都同意取消或完全取消最后一英里消费者互联网连接的数据上限,这绝对是我们之前从未见过的事情。
We were also interested to see if, and how, the number of IX participants changed. To take a step into that direction, we used the PacketClearingHouse data.
我们还想知道IX参与者的数量是否以及如何改变。 为了朝这个方向迈进,我们使用了PacketClearingHouse数据 。
Although, evidently, PCH does not have 100% coverage of all the world's Internet Exchange Points, the amount of information it gets from the major ones is sufficient for this kind of experiment. We have seen individual IXes to offer free memberships and connections, so we wanted to look if the situation is similar worldwide and if participation in traffic exchange was motivated by the pandemic.
尽管很明显,PCH不能100%覆盖世界上所有的Internet交换点,但是从主要信息交换所获得的信息量足以进行此类实验。 我们已经看到了各个IXes提供免费的会员资格和联系,因此我们想看看全球情况是否类似,以及是否由于大流行而促使人们参与交通交流。
In short — no, the number hasn’t generally changed.
简而言之-不,这个数字通常没有改变。
主要互联网交易所的流量急剧增长 (The tremendous growth of traffic on major Internet Exchanges)
You could compare all those graphs from the largest IXes in the world with the graphic of our own, illustrating overall traffic growth within Qrator Labs filtering network from January 28 till May 1.
您可以将世界上最大的IX中的所有这些图与我们自己的图进行比较,以说明Qrator Labs过滤网络从1月28日到5月1日的总体流量增长。
Qrator Labs overall traffic dynamics from 28.1.2020 to 2.5.2020
Qrator Labs从28.1.2020到2.5.2020的整体流量动态
As you can see, it was truly a worldwide pandemic and this time we had the Internet.
如您所见,这确实是一场全球性的流行病,这次我们有了Internet。
We won't paste the participants' graphics here as there are lots of them. For the sake of saving space and volume of this article, we would like to write it with our own words simply — there is no correlation between the traffic growth on Internet exchange points and the number of participants on those exchanges. To put it merely — traffic spiked everywhere, for each and every transit network.
我们不会在此处粘贴参与者的图形,因为其中有很多图形。 为了节省本文的空间和体积,我们只想用自己的话写它— Internet交换点上的流量增长与这些交换的参与者数之间没有关联。 简而言之,对于每个传输网络,流量到处都是峰值。
在三个月内路由事件 (Routing incidents during three months)
During the period in question, we reported 6 significant routing incidents at the Radar blog. Those were events where severity and propagation combined to a significant extent, making those incidents visible outside of one particular region. And the one that happened on April 24 was as odd as the time we're living in — it contained only valid routes with correct ROA objects, and it did spread, although not wrecking as much havoc, yet. It was two days after we once again saw what we suppose to be a BGP optimizing software playing with networks from inside. Curious indeed.
在上述期间,我们在Radar博客上报告了6起重大路由事件 。 这些事件的严重程度和传播程度相结合,使这些事件在一个特定区域之外可见。 4月24日发生的那件事与我们所住的时间一样奇怪-它只包含带有正确ROA对象的有效路线,并且确实传播了,尽管还没有破坏太多。 两天后, 我们再次看到我们认为是一个BGP优化软件 ,可以从内部使用网络。 确实很好奇。
If we want to take a look at the monthly statistics of routing leaks from the beginning of the year, it would look like that (we’re only taking into consideration leaks with significant distribution):
如果我们要查看从年初开始的路由泄漏的每月统计数据,看起来应该是这样的(我们只考虑分布显着的泄漏):
一月 (January)
: 1
:1
二月 (February)
: 4
:4
游行 (March)
: 6
:6
四月 (April)
: 6 +1 in IPv6
:IPv6中的6 +1
So there is a growing trend on routing incidents we just don’t know yet how long it would last. Also, it is important to notice that since most routing incidents happen due to misconfiguration errors, the biggest threat is the moment everybody comes back to their offices and starts making changes to adapt to changed realities.
因此,路由事件有一个不断增长的趋势,我们只是不知道它能持续多长时间。 另外,必须注意,由于大多数路由事件都是由于配置错误而发生的,因此最大的威胁是每个人回到办公室并开始进行更改以适应不断变化的现实的那一刻。
国家互联网网段可靠性变化 (National Internet Segments Reliability Changes)
We are 4 months before the release of our annual National Internet Segments Reliability Report. If you don’t know what that is — take a look at the 2019 version.
我们距离年度国家互联网细分市场可靠性报告的发布还有4个月的时间。 如果您不知道那是什么,请查看2019版本 。
We want to outline a little teaser about how the global reliability changed during those three months with short bullet points that we would elaborate on in the comprehensive research in August, as usual.
我们希望概述一下这三个月期间全球可靠性的变化,并像往常一样在8月份的综合研究中详细说明这些要点。
- Brazil and Argentina significantly improved their positions in the top-20 of most reliable internet segments; 巴西和阿根廷大大提高了它们在最可靠的互联网细分市场的前20名中的位置;
- Japan and the United States also showed an overall rating growth, although not that significant as the two South American countries; 日本和美国也显示总体评级增长,尽管不如两个南美国家重要。
- Maybe this is due to the fact that Level3 is still the most important Autonomous System in the United States. At the same time, the critical ASes in the other three countries: Brazil, Argentina and Japan, changed in comparison to 2019. 可能是由于Level3仍然是美国最重要的自治系统。 同时,与2019年相比,其他三个国家(巴西,阿根廷和日本)的关键AS发生了变化。
It is also interesting to add, that according to the same IX statistics and some additional data, like Google statistics, we could say that the pandemic slightly sped up the IPv6 adoption — a fact The Register also noticed at the end of March.
还要添加有趣的一点是,根据相同的IX统计数据和一些其他数据(例如Google统计数据),我们可以说该大流行稍微加速了IPv6的采用-这在三月底也被 Register 注意到 。
— Recommendations:
—建议:
-
Slides by Job Snijders from NTT with recommendations for network operation during pandemics;
NTT的Job Snijders的幻灯片,其中包含大流行期间网络运行的建议;
回顾一下java8的变化