Wikipedia Explains Today's Global Outage 153
gnujoshua writes "The Wikimedia Tech Blog has a post explaining why many users were unable to reach Wikimedia sites due to DNS resolution failure. The article states, 'Due to an overheating problem in our European data center many of our servers turned off to protect themselves. As this impacted all Wikipedia and other projects access from European users, we were forced to move all user traffic to our Florida cluster, for which we have a standard quick failover procedure in place, that changes our DNS entries. However, shortly after we did this failover switch, it turned out that this failover mechanism was now broken, causing the DNS resolution of Wikimedia sites to stop working globally. This problem was quickly resolved, but unfortunately it may take up to an hour before access is restored for everyone, due to caching effects."
Wow! (Score:1, Funny)
DNA resolution failure
Re: (Score:3)
Maybe the reverse DNA wasn't set right.
Re: (Score:2)
Re: (Score:2)
$ host download.microsoft.com
download.microsoft.com is an alias for download.microsoft.com.nsatc.net.
download.microsoft.com.nsatc.net is an alias for mscom-dlc.vo.llnwd.net.
mscom-dlc.vo.llnwd.net has address 208.111.161.113
mscom-dlc.vo.llnwd.net has address 208.111.161.89
Re: (Score:2)
No, it's pointing an MX record to a CNAME that's "forbidden." It's done all the time, but it's technically not allowed.
Re:Wow! (Score:4, Funny)
DNA resolution failure
Clearly they thought captchas were too easy to defeat.
This was terrible! (Score:1, Funny)
Because of this outage, I actually had to work this morning.
Re: (Score:1)
DNA caused outage? (Score:1)
DNA DNS? (Score:2, Funny)
I could see why the failover didn't work... They should try resolving names instead of nucleic acids. :\
Test, and Test Again (Score:4, Insightful)
However, shortly after we did this failover switch, it turned out that this failover mechanism was now broken, causing the DNS resolution of Wikimedia sites to stop working globally.
Good thing Wikimedia pays their System Administrators well enough to test their backup systems.
Re:Test, and Test Again (Score:4, Insightful)
I know people who work in the Florida DC. They do, and they are smart people. Don't assume incompetence.
Re: (Score:3, Informative)
I actually wasn't assuming incompetence, the hallmark of many SysAdmins is being understaffed, overworked and underpaid, and thus do not have the resources to properly test all backup and redundant systems.
As consultants and contractors in the area of System Administration, you get let go if anything like this was ever to happen. This is why they charge a little bit more.
Whatever happened, it failed. A good lesson for next time. Not knowing exactly the cause, but it is safe to safe there were too many eggs
More donations = More uptime (Score:3, Informative)
Wikimedia is terribly understaffed. They have about 35 employees [wikimediafoundation.org], for one of the 5th largest sites on the Internet (and that includes legal/finance/MediaWiki devs/etc. staff). Basically the site is run by a dozen guys. Compare that to any other Top 10 site, this is just crazy.
Given their limited resources (both human and financial), it is amazing that Wikipedia is down so rarely. If you want the site to be more reliable, there is something you can do: Donate to the Wikimedia Foundation [wikimediafoundation.org]
Re: (Score:2)
Wikimedia is a charity. $8M to run a top 5 website is approximately NOTHING. My suggested slogan for the last fundraiser wasn't used: "Give us money. Or the homework GETS IT."
Re: (Score:3, Informative)
Wikipedia has a fairly limited budget and has historically accepted the odd few hours of downtime now and again as the natural result of this. The number of such incidents have reduced over the years though.
Re: (Score:2)
Damn right we're going to assume incompetence! Why aren't we getting the uptime we're paying for?
Oh, wait...
Re: (Score:2)
There's nothing quite as uplifting as the complaints of someone getting something for free. Not even for ads.
Re: (Score:3, Insightful)
Wow. For someone who probably uses the service and doesn't pay for it, you're sure griping a lot.
0. For someone who is going off on a rant based on a reasoned assumption, you sure aren't setting off on the right foot by starting the unjustified assumption that the poster uses Wikipedia;
1. You don't have to pay for or be a net consumer of something in order to criticise it - all you have to do is provide a reasonable explanation for the criticism. The alternative, that only the paying consumer should have a voice, is irrational and harmful;
2. All this said, maybe the poster has donated time and/or money
Re: (Score:2)
For someone who is going off on a rant based on a reasoned assumption, you sure aren't setting off on the right foot by starting the unjustified assumption that the poster uses Wikipedia;
How is jumping to incompetence a reasoned assumption but assuming someone has used wikipedia unjustified. It's at least reasonable.
You don't have to pay for or be a net consumer of something in order to criticise it - all you have to do is provide a reasonable explanation for the criticism.
So what was the useful criticism in assuming incompetence over lack of funding?
All this said, maybe the poster has donated time and/or money to Wikipedia - you do realise it's produced by thousands of (sometimes even well-meaning) volunteers, right?
If so then according to his assumption of incompetence is he partly to blame?
So they don't, except when they do.
That's rather pedantic. I think (most) everybody knows the difference between a non-profit fundraising banner and an ad.
I know America has such a macho culture that it's considered life-destroying to receive public criticism, but it's actually useful to be told that you're incompetent when you're incompetent
Very true. I work with people you should be told so more often. However, it is equally true that thin
Re: (Score:2)
Generally there are lots of other little things you do wrong on the road to that firing.
Too bad for you. Do your job right and you tend to not get axed at the next convenient excuse.
Re: (Score:3, Insightful)
Re: (Score:2, Insightful)
Free media publicity.
Re: (Score:2)
It is actually true that downtime used to be by far our most profitable product ;-)
Re: (Score:3, Insightful)
True, and the cost was probably fairly minor, as they are not advertising based... so only the cost of any people so pissed off with the downtime that they refuse to donate :)
Re:Test, and Test Again (Score:5, Interesting)
Going by past statsitics the cost of downtime to wikipedia tends to be negative since donations rise. Not that this is something wikimedia aims to do.
Re: (Score:2)
Re: (Score:2)
I doubt this was a case of wikimedia deliberately going green. I suspect it's far more likely that they happened to be in the right place and happened to make an offer that wikimedia liked.
Run both systems live at half capacity (Score:3, Interesting)
active/passive systems are a pain in the arse. The whole concept of testing failover in an active/passive situation is wrong. Anything which relies on human beings doing this and that and that and that is a bad solution.
Just run active/active and load balancer over both sites. If one fails it's tests, you just pull it.
Re: (Score:2)
For systems that can be stateless, this is always the best approach. master-master replication with conflict resolution isn't always that easy, however, especially when you think about something like the way wikipedia edits can potentially interact. So developing a conflict resolution scheme can be extraordinarily expensive, and MySQL isn't the most stable in multi-master anyway. Thus while you're right in principle, the expense can be prohibitive.
Re: (Score:3, Informative)
Yes, I agree. But the main issue with that paradigm is that many times the expense of one of your locations (and the quality of that location) is substantially lower than the other.
Example: I run servers on the US, Brasil and Argentina. The US server has better, cheaper bandwidth than the other two. Also, since this are VoIP servers, sometimes the services I send the calls to are in the US anyway, so even if the call goes originally to Argentina's POP, I'm still forwarding it to some IP in the US anyway.
So,
Re: (Score:2)
Ping [Amsterdam wikimedia cluster]: 30ms
Ping [Florida wikimedia cluster]: 130ms
That's from London. It's obviously better if I normally access the Amsterdam site.
Re: (Score:2)
powerdns geo backend.
Which they're already using.... Which means it looks like the problem may be more related to automation of the testing of the sites and the subsequent automatic (vs manual) pulling of a site from the dns when it fails.
Rumor was.. (Score:2)
Some government pencil pusher mixed up wikileaks with wikipedia... after all the "strange tweets" from @wikileaks it sounded feasible ;)
Re: (Score:2, Informative)
Wikileaks is part of wikimedia, so it went down too (along with wikinews, wikispecies, etc.).
Wikileaks is certainly NOT part of Wikimedia. You can see such at http://wikimediafoundation.org/wiki/Our_projects
Re: (Score:2)
This is on the press coverage bingo card [davidgerard.co.uk].
Do we accept this... (Score:4, Funny)
...as proof of global warming?
Re: (Score:2)
+1 So True...
Re: (Score:2)
All I can say is, thanks for learning what's at the site, you just earned me a quarter. Have a nice day Portland.
Re: (Score:2)
Re: (Score:2)
I like that version :)
Re: (Score:1)
It came from Wikipedia so it must be true--right?
Re: (Score:2)
Re: (Score:2)
While we're on the subject of temperature, can anyone enlighten me as to the point of having a data center in Florida? Wouldn't you want hardware like this in a climate that's naturally as cool as possible?
Hate (Score:2)
Hate it when my DNA doesn't resolve.
Sorry I know its just a type-o, but its funny to me.
Re: (Score:3, Funny)
I have a problem with getting it out of the sheets.
rndc flush (Score:3, Funny)
I noticed wikipedia wasn't resolving this morning.
Flushing my "DNA" cache fixed it ;-))
rndc flush
Re: (Score:2)
I will add that this is a good thing this article was posted. It caused me to stop investigating the possibilities of somebody hacking into my "DNA". ;-))
Re: (Score:2)
That is disgusting. :D
Re: (Score:2)
Flushing my "DNA" cache fixed it ;-))
Not for everyone, since some ISPs cache DNS lookup results.
Re: (Score:2)
> Not for everyone, since some ISPs cache DNS lookup results.
It should have been obvious that you needed admin access to your own "DNA" in order for this fix to work... ;-))
Also your ISP must not intercept your "DNA" queries (redirecting deoxyribonucleic acid #53 to their own DNA)
Re: (Score:2)
Why, are you forced to use your ISP's DNS servers? here [opendns.com].
Re: (Score:2)
I prefer level3's DNS servers (4.2.2.1-4.2.2.4). I've heard rumours of them planning to block public access to them, but never heard anything more about it. Works great for me.
Re: (Score:2)
Here is the list of DNS to query when you run your own DNS, as I stated in my OP. You obviously need to run your own DNS in order to be able to flush the DNS cache as I mentioned in my OP ;-)
This list of root DNS is guaranteed to remain free for public access. These DNS only return pointers to other DNS and are the foundation of how name resolving works on the internet so you are guaranteed to get the correct data as far as it is possible to get it.
In short, no third party is required to run your own DNS.
DNA resolution failure (Score:1)
DNA resolution? (Score:3, Funny)
Whoa, why is the DNS resolving dATP.dGTP.dCTP.dATP?!?
Hour Delay (Score:5, Funny)
This problem was quickly resolved, but unfortunately it may take up to an hour before access is restored for everyone, due to caching effects.
If you don't want to wait an hour for it to update, you can open a command prompt and type "ipconfig /flushdna".
Please be warned that this may also revert you to some sort of single-celled organism.
Re:Hour Delay (Score:5, Funny)
Re: (Score:3, Funny)
I /flushdna all the time. Hasn't had any noticeable effect except clogging my toilet.
...?!
I'd recommend you see a doctor about that.
Re: (Score:2)
OK, I'm somewhat worried now. I was going to make a snarky comment on how I can't seem to find the ipconfig command on my Mac, but it *actually* has one! Mac is following Windows?!?
At least I'm still safe with not having on on my Solaris boxen...
Re: (Score:2)
I AM a single-celled organism, you insensitive clod!
And: I’m also your single-celled overlord! So bow to me!
No! Not to wipe me away with your... sponge...! Please no! Aaaaahhhh!
*wipe*
Re: (Score:2)
FTFA (Score:5, Funny)
We apologize for the inconvenience this has caused.
[Citation needed]
Oops (Score:4, Insightful)
You see guys, this is why you regularily test your backup plans and failovers. This is equivalent to building maintenance making sure the fire extinguishers aren't expired... it's basic to IT. Unfortunately, Wikipedia just reminded us that what's basic isn't always what's remembered. Someone just lost their job.
Re: (Score:3, Insightful)
Re: (Score:2)
Re: (Score:2)
This is literally true! But we swear we don't take the site down deliberately ;-)
Re: (Score:2)
Having to deal with the students who couldn't crib their report off Wikipedia an hour before it was due?
(Yes, I'm joking. But I suppose we should continue this thread with other fun things we couldn't do with Wikipedia... like make bets about something on Wikipedia - only having edited the article in your favor minutes before).
Re: (Score:3, Insightful)
For every hour? Really? With that logic they should just keep it down 24/7 then.
Only when combined with the premise that profit is a goal for them. Which it's not.
Re: (Score:2)
Since wikimedia's server admins have long since been divided into two departments known as wing and prayer they can probably avoid any job loses by blaming each other.
I disagree. (Score:2)
You build your systems to be fault tolerant. They automatically continue with half the components missing. Automatically disable those which fail the continually running tests.
Build your backup tests into daily procedures. i.e. don't copy/scp files to other locations/servers/sites, restore them to the other location. Autorestore DB backups to the staging/test/dev/reporting systems daily.
Computers are there to do stuff automatically. Getting human beings to do them is prone to failure.
Re: (Score:2)
You make some very good points in your post.
At the end of it all comes the realization that planning for crisis is complicated, and getting it right is hard. It's also something that every organization I have ever worked with has underestimated considerably. From what little information I have about this incident with Wikimedia (I noticed nothing, myself), they did considerably better than average.
But you are right: the right approach is not to prepare for contingency, but to make recovery part of the norma
Re: (Score:2, Insightful)
Someone just lost their job.
I highly doubt someone lost their job over this - and they shouldn't. There are no perfect systems out there, period. Given Wikipedia is a not for profit corporation, they very likely have limited resources and the IT staff does the best with what they have. Even with a virtual unlimited amount of resources things can still go wrong in a "Perfect Storm".
If anything, the System Administrators should be commended for their quick actions to get the site back up and running as soon as they did.
Re: (Score:2)
Come on wikipedia, fix this, but rest assured that we all love you !
Re: (Score:2)
Yea, the problem is people tend to 'regularly test' during the work day in my experience which results in the exact same event happening anyway.
It generally only happens once, either accident or during testing, and gets fixed. Unless you're going to do ALL your testing during off hours, which is really hard to define for a global operation, then any test that fails is just the same as a failure during non-test conditions.
Testing for no reason other than testing is not always the brightest of ideas, contrar
Only to Be Expected (Score:2)
Nothing to see here. Overheating was normal behavior after I updated the Pr0n article.
Re: (Score:2)
Are you Polish ? I thought the movement was abolished in 1989...
Pron:
http://en.wikipedia.org/wiki/Patriotyczny_Ruch_Odrodzenia_Narodowego [wikipedia.org]
Edited? (Score:3, Insightful)
Well, looks like all the DNA jokes are now -1 off topic
Well played /., well played.
I saw some issues with wiktionary... (Score:2)
But when I got to the wiktionary.org main page I didn't see any kind of note or warning.
Couldn't they have at least put up some kind of warning box, hopefully with a list of IP addresses underneath so that one could directly access the services when in dire need?
.
.
.
.
.
(I'm not really sure what constitutes "dire need" of wikimedia services, but I'm sure someone can come up with a list of relevant circumstances)
Re: (Score:2)
I'm not really sure what constitutes "dire need" of wikimedia services, but I'm sure someone can come up with a list of relevant circumstances
You could look up 'Dire Need' on Wiki..... oh, never mind.
Administrative problem (Score:2)
From hot to hotter (Score:2)
From the Summary:
"Due to an overheating problem in our European data center many of our servers turned off to protect themselves"
"we were forced to move all user traffic to our Florida cluster"
I think Wikipedia needs to build some data centers further north.
Deleted? (Score:5, Funny)
I thought maybe they had simply deleted Wikipedia because some admin decided nothing on there was "notable".
backup failure doesn't mean a failure to test (Score:5, Insightful)
I see lots of comments stating that this would not have happened had admins run regular tests on the failover mechanisms. That seems a poor assumption- if the system happens to fail and then an outage occurs before the next scheduled test, one may not be aware of it.
We had this problem recently where we were testing our backup generator. Normally, we cut power to the local on-campus substation, which kicks in the generator and activates a failover mechanism, rerouting power. Well, the generator came on no problem but the failover mechanism was broken, so every server in the datacenter spontaneously lost power. Had we known the failover was broken, we would have not done the regular test. However, the last test on the failover (done directly without cutting power), a mere month prior, had shown the failover mechanism was fine.
Point being, unless you are going to literally continuously test everything, there is still some probability of an unexpected double failure.
Re: (Score:2)
As you pointed out, testing can (and in my experience with data center failures is usuaully) be the cause of a failure.
The only time I've ever had an 'outage' in a data center, it was during a test cycle. While thats great that it was during a test cycle, it STILL resulted in an outage. Had the tests not been performed, no service disruption would have happened.
Testing software in a test lab ... you test continuously.
Testing a production environment ... you do it only when you have a real reason to suspec
great replies (Score:2)
Read that wrong (Score:2)
Distributed Wikipedia (Score:3, Interesting)
Speaking of Wikipedia, an idea that has long been in my mind, but that I have never sat down and worked out is distributed hosting of Wikipedia. The idea is that volunteers each contribute some resources (network capacity, storage space, RAM, and CPU cycles) to host and serve part of the content.
This way, we should be able to reduce the load on the (donation supported) Wikimedia servers, as well as increase the redundancy in the system.
Is anybody already working on this or are there perhaps even already implementations of this idea?
Re: (Score:3, Interesting)
Re:Distributed Wikipedia (Score:5, Insightful)
Its hard enough keeping a bunch of nodes that you control online and functioning properly (hence the failure) ... trying to run anything reliable when you give any control you had to other random people on the Internet is doomed to fail.
The only reason distributed computing projects like SETI@HOME and distributed.net work is because the server gives clients data to process but it doesn't need a quick response, nor does it have to trust that the data returned is actually valid ... its going to have another host check it at some point anyway to be sure. Those clients are used to weight the data so the master server only processes the most likely packets that may match and need authoritative checking.
Doing that for a web server would ... well, a complete and total waste of resources as its likely to be worse in every single way, including reliability.
content-addressed content (Score:2)
trying to run anything reliable when you give any control you had to other random people on the Internet is doomed to fail.
I've heard a talk from someone who suggested moving to content-addressing: instead of giving you a URL, I give you a sha1 hash of the page you want (and maybe an URL to tell you where to start looking). Then, you don't care from where you get your data, as long as it matches. You can grab the page from the originating host, or from a local cache, or from a bunch of different peers, or from... well, you name it. As long as you get the bits that match the hash, you're happy.
I think the idea is (1) good; (2
Re: (Score:2)
That's why a git backend is such a tempting idea. Leading to many abortive attempts to write such a thing.
Re: (Score:2)
It's really hard keeping the databases distributed. Basically, all WMF wikis are served from three large database clusters in Florida. The parallelisation is having those large DB servers feed lots and lots of Apaches (which run PHP and render the pages into HTML) and worldwide Squids for reverse proxying.
Wikileaks was mooting plans for a distributed MediaWiki backend - they have serious need for such a thing - but they haven't managed it either.
There are perennial experimental projects to put something lik
Global "Outrage"? (Score:2, Funny)
Jokes aside, how do you feel when you lost Wiki? (Score:3, Interesting)
I was rather pissed. And the only thing I was going to do is to look up a few math terms. Ended up using PlanetMath and few other sites, but when Wki came back, I check them as well as guess what: they had the most comprehensive and informative articles. That's the first outage I remember since I started using Wiki.
Re: (Score:2, Troll)
Suddenly people saw the wood from the trees, and realized there was an whole Internet out there with truth and beauty in it, where jack-booted book-burners were not only not in control, but not welcome either.
And then they broug
Re: (Score:2)
You realise of course that pretty much all of Wikipedia is multiply mirrored ... answers.com, Google cache, Bing ...
Re: (Score:2)
Just to give an idea of just how vast DNA's information storage is, the average human cell contains about as much information as most DVDs can store. So hypothetically, if you could reliably transport DNA like we do electrons on the internet, the bandwidth would be enormous (1 gram DNA can store ~10^21 bits) although lag might be a problem unless you can route these DNA packets at relativistic velocities.
Re: (Score:2)
I'm assuming that material containing large amounts of DNA gummed up a cooling fan, causing the overheating. :)
Re: (Score:2)
Nah...it points to orange.co.uk - which is a UK mobile phone company that offers the iphone.