Facebook Outage Underscores Risks of Modern SDN Networks

On October 4, 2021, an outage took Facebook, WhatsApp, and Instagram down for six hours. This major outage is a powerful and high-profile example of the difficulties facing those tasked with managing modern network architectures. While there has been a lot of chatter about misconfiguration and DNS failures, the reality is that this outage could have more to do with Facebook's software-defined networks (SDN) and the propensity for errors organizations are exposed to when the control plane is centralized and segregated from network devices.

An early adopter of SDN, Facebook pioneered innovative methods to automate provisioning of their massive networks. Najam Admad, director of technical operations, who architected SDN for Facebook, said in 2014, "We want to deploy, manage, monitor and fix networks using software." One of their widely publicized use cases is their software-defined backbone routing. Facebook uses SDN to augment BGP route selection. They’ve employed advanced congestion and capacity analytics in order to overcome the common shortcomings of BGP. 

Facebook’s SDN controllers produce routes that then get sent to the edge routers, which are responsible for connecting to the outside world. Based on public speculation, the belief is that these SDN-controlled BGP route selection processes encountered a glitch and basically made the Facebook edge routers unreachable. This initial issue was then exacerbated by the fact that their internally hosted DNS went into hibernation mode in response to lost connections. The blog post by Facebook's Santosh Janardhan further supports this hypothesis: "During one of these routine maintenance jobs, a command was issued with the intention to assess the availability of global backbone capacity, which unintentionally took down all the connections in our backbone network, effectively disconnecting Facebook data centers globally."

This type of control-plane and data-plane disconnect is also occurring in other SDN environments. Similar malfunctions are also happening in SD-WAN scenarios. For example, operators find that, while an SD-WAN controller issues a reroute command to an edge device, the edge device ignores the command. There have also been cases in which SD-WAN controllers issue rerouting commands unnecessarily. It is becoming vital that teams in the network operations center monitor the state and the activities of controllers, so they can ensure that critical software-defined transactions are executed correctly.

The important lesson here is that as we evolve networks to be more intelligent, whether through centralizing the control plane or leveraging automation to boost efficiency, we need to make sure that suitable network observability is established. To support SDN and automation, new NetOps capabilities have to be deployed. For example, teams need to employ new operational workflows so they can validate commands using network intelligence, such as discovered topologies and historical performance and flow data. Teams can also initiate active tests that simulate traffic going to and coming from the edge router, so they can better preempt potential issues. SDN has provided many benefits, and promises more to come, but it has also introduced risks. Therefore, SDN-enabled network observability is needed to establish checks and balances. By establishing modern network observability, teams can monitor not only the networks, but the software intelligence that governs those networks.