One of the world’s biggest web outages should act as a “wake-up call” that internet infrastructure has become dangerously over-centralised and lacks resilience, security experts have warned.
An unexplained configuration error at a single infrastructure provider, Fastly, which handles 10% of the world’s internet traffic, was enough to render major websites and services inoperable for almost an hour on Tuesday morning.
Online businesses including Reddit, Amazon, Twitch, Spotify and Hulu were knocked offline, as was the Guardian’s website, the BBC, the New York Times, and CNN. National governments were also caught up: gov.uk was unavailable, making a host of government services inaccessible include the Covid vaccines booking site, as was the website for the White House.
The affected sites all used Fastly as a content delivery network (CDN), a service intended to provide greater reliability and performance for heavily trafficked websites.
A CDN is a global network of servers, placed so that at least one server is close enough for a fast connection wherever a user lives. Customers like the Guardian send visitors to the CDN rather than their own servers, providing the content faster and protecting the website from being overloaded in the event of a spike in traffic.
But a CDN can also serve as a single point of failure: if the network collapses, it can also block all traffic going to the websites it protects. CDNs are more efficient the larger they are, creating a concentration of power to the market.