Habrahabr visiting Alexander Lyamina, QRATOR

The full version of the video is available at the end of the publication and the link.

It was only the middle of a hot Moscow July, which is about to come to an end. Having agreed with Alexander about the recording, we were all a little worried - never had anyone in Habrahabr tried to conduct a substantive dialogue with a well-known technical expert on video. Nor were we both confident in the course of the dialogue - first of all because, both Alexandra, we had never met personally before. However, our small film crew arrived at their destination, somewhere between Begovaya and Polezhaevskaya.

The hero of today's story and dialogue was born in the city of Noginsk, Moscow Region. As he told us, his entire family was on his mother's line from this region - the village was several centuries ago in Klyazma.
')
But my mother was fascinated by the romance of the north and moved to the city of Murmansk - it is the largest city in the Arctic Circle. There, Alexander and spent his childhood. Father was a sailor, mother - an accountant.

There were two key starting points in the life of today's hero. The first is when, at 10, he saw the Robotron K 1820, a German computer: “I was very surprised that you could draw on TV. I wondered what it is, how to program what the operating system is. It so happened that my family was not very rich ... ".

Sasha didn’t have his own computer - he worked in the programming circle, in the regional Palace of Pioneers. I went to the Olympiad on programming, as well as in many other natural sciences subjects.

But, he boasts, one of the first in the city has a modem - donated the old-old terminal DEC VT-220. So he became acquainted with the world of networking.

The second such wow-moment was when Alexander realized that he could talk to a person who was generally in the other hemisphere. This prompted him to hobby networks - X.25, IP. He became a network engineer.

The first place of work for Alexander was Inkom's company (X.25 network). There he worked literally one summer, and then he got a job at ComStar, where he built the first ISDN in Russia. At that time (1996) it was believed that a speed of 128 kilobits on the Internet is very cool.

At the same time he was engaged in consultations, participated in the creation of dial-up pool in Cityline - the largest company of this kind and at that time in Moscow. A little work on satellite Internet. And in 1998, at the height of the crisis, Alexandra was invited to work at Moscow State University. According to him, it was a significant loss of money, but at that time no one had a better network than at Moscow State University. Therefore, our hero, without a doubt, went there and worked until 2012.

Naturally, living on a university salary is difficult. In parallel, as already mentioned, Sasha was engaged in consultations, worked in the team of Hans Riser, who made the ReiserFS file system. And at that moment I felt that in order to engage in networks, one must also deal with the operating systems that live in these networks.

Then he worked in one-time projects, but there were several large ones among them. It may be noted his cooperation with Igor Matsanyuk (IT-Territory), where Alexander turned out to be a consultant and worked part-time. It was an interesting story: “I came to visit my friend who worked there. We sat and discussed some technical problems in their office in the kitchen. A man comes in and says, "You work for me." I am surprised and I say: “No, I'm basically all good ...”. He says: "I don't care, you work for me." So I met Igor Matsanyuk. ”

At some point, the hero of our story decided that it was possible to try to adapt the web-based toys for output to the world market. By the time when Zynga only appeared in Russia, the company in which Alexander worked had already had 4 games that earned more than $ 1 million a year, and the technological stack was worked out: not from a native client, appeared in Russia ".

In 2007, Alexander left the IT-Territory to create his own consulting company. I worked in this format for exactly two months: “My first customer from the search engine for goods offered to become a partner and technical director. It was a short period of fascination with search algorithms and product search. Well, since 2008 I have been doing Qrator and traffic filtering systems. ”

It is the history of the emergence of Qrator and the technical details of DDoS protection that this material is devoted to, in combination - the first video made by the Habra team.

- When and for what reason was the idea born that developed into Qrator? What was the beginning?

Let's start from the moment before Qrator. I advised people and organizations on how to build distributed network applications. And in 2008, it turned out that the project I was working on (it was a product search) was not sold to Microsoft.

From my previous experience I know that a crisis is always a time when you can do what is interesting for you - for the soul. Because anyway, big business to do at this moment is not exactly a good idea. In 2008, we decided to study DDoS issues, because by that time I had already accumulated some base, had experience. Before that, this problem was encountered regularly, I wanted to study it fundamentally. Therefore, I came to my leadership at Moscow State University and said: “Look, there is such a thing E-government. And this means that the critical infrastructure goes to the Internet. ”

If you can not see the mail - this is one story. If you can’t go to the tax office with your problem, that’s another story. Government resources in this sense are extremely bad. And I demonstrated it. I had a Nokia 900 handheld and I had a self-written code on C. I used a GPRS connection to go to a test site that my friend had made and put it out of order in a few seconds. The management agreed.

I brought my equipment to the university, the team was university. The university provided the network infrastructure, for which they are very grateful. The original plan was to develop approaches to solve the problem. Following the university was to receive federal funding and deal with the topic professionally. That was the beginning.

- And at what point was the separation Qrator? If to speak a legal language, at what point did you register an LLC, having understood that this is a future business? All the same 2008?

Not. I can even give a date - it was June 22, 2010. We took on the university network attack, which exceeded the capabilities of the network backbone. And the university authorities said: “This is all very interesting ... but it’s good that it happened on June 22 because the educational process is over, holidays. And in the semester period we cannot afford it, so we need to do something with the project: either to find funding, or to close it. ”

It was a turning point. I realized that with this you need to do something. And plus to everything - an interesting factor: network performance was not enough. It was impossible to transfer the equipment from the university network without federal funding, so I invested my own accumulated funds into building distributed. At the first stage there were three sites - all of them were in Russia. Already on September 1, 2010, we launched these sites.

- To what extent is the mathematics-intensive and algorithm-intensive task at all - protection against DDoS? I talked with specialists of various profiles in order to understand it more deeply. And in general, I hear that there is supposedly no non-trivial task: there is a question of protocols, points in a distributed network, channel width, and so on. What can you say about this?

I'll smile here and comment on it as follows. I have a slide that “walks” on almost all presentations, in which we try to formulate how we classify DDoS attacks. These are 4 levels:

1. transport;
2. TCP / IP level;
3. network infrastructure level;
4. application level.

Let's start with the very first level. Channel overflow is the easiest and most trivial way to attack and defend. It would seem that just enough to have this band. As a counterexample (because this is a trivial task) I will give the following situation, this is a real story. The customer is located in a large Russian data center. The data center declares that it has 600 gigabits. This is true: a set of physical interfaces with a capacity of 600 gigabits. But in reality, this is not something single, it is discrete interfaces, through which traffic is distributed according to some algorithms. What controls this algorithms?

These are low-level LACP-type mechanics and high-level routing types, for example, BGP. And here, as usual, the devil is in the details: the most important inter-operator joints at this center are the busiest. Therefore, the attack, which is slightly more than 30 gigabits per second, was enough to make our customer and all other resources in this data center inaccessible to the majority of the audience.

I like to give such an example: an attack on a strip is like a punch in the face. It hurts, palpable right away. But it is worth fist "spray", and it is not so noticeable. There will be no knockdown. But how to distribute traffic is not a trivial task.

Inside the network, where you control your joints, where you control the mechanics of sowing in physics, everything is simple. If we go to the level of inter-operator backbone connectivity (the same BGP protocol - Border Gateway Protocol), in its current implementation it looks more like a black box that has only one control method, and it works in absolutely no obvious way.

Why? Because the design of the BGP protocol is so arranged. I will try to explain simply. BGP - the standard distance-vector protocol, it would seem. But in reality, it reflects not only the network topology, but the material relations between the network participants. The so-called local pref is the synthetic metric that operators use to make more money tritely (which is natural for any business). Local pref has a higher priority than your only control method. Accordingly, if you do not know what you are doing, you have no chance to build a network that can balance and intelligently spray large volumes of traffic.

We understood this perfectly well in 2008, so we had a very interesting machine, which we called each other “Azimov’s radar”. The machine is no less than the next model of the Internet, which models the interconnection network connectivity. Roughly speaking, it is able to solve the problem of predicting the traffic path from anywhere on the Internet to any point on the Internet. And this allows us to build our network not empirically, as most telecom operators are doing now, but using mathematical modeling. We know exactly where we need to put the next point on the map so that it is effective both from a technical point of view and from a business point of view.

This is only the first , most basic level. Further, if you move up, - the TCP / IP state machine. The state machine is outdated, the development of which used an informal approach, designed empirically. Even the very famous Nugal algorithm — we grow linearly, fall exponentially in transmission speed — was also derived at the tip of the pen, purely empirically. I thought it would be so good, and it was good for a long time. The state machine is outdated, having a bunch of vulnerabilities that can also be exploited. Therefore, we re-invented TCP / IP for ourselves. Our version is most resistant to various types of network attacks.

The next level is the network infrastructure. Network infrastructure is the intelligence that decides how the packet is processed and directed. This includes routing protocols and the hardware itself. It can also be attacked, because both the routing algorithm and the routing caching algorithm can, in turn, be subjected to a denial of service attack, or subjected to a conventional attack with the substitution of authentic information. This can also lead to a sad ending, a denial of service for end users.

If you can send a packet to the network equipment that needs to accept it and somehow process it, for sure you can find a special case that will cause this equipment to spend all the free processor time to process your data. This is the most promising technology for conducting DDoS attacks in the next few years. In addition to simply disabling network equipment, you can also expose routing tables to unauthorized effects, that is, change them in an unintended way.

And here we look again ... The BGP protocol, version 4, was invented the year before last. Outdated, extremely vulnerable. It was obvious to us in 2008. But, unfortunately, unlike the previous level, it is impossible to rewrite this protocol here, because by rewriting only our part, we will change and ensure the stability only of our network (which we, in fact, did). But the rest of the Internet is beyond our control. We can either monitor it for malicious influence (which we do for all our customers using the same Qrator.Radar), or change it (which we are also doing now).

Here is the only way that I personally was terribly afraid and continue to be afraid. Because if you want to make a new Internet standard, you have only one way: you have to write a draft of this standard, go with it to the IETF (Internet Engineering Task Force) and convince the IETF, your org. group, all telecom operators and engineers who work in it, that you are doing the right thing, which a) solves the problem, b) does it efficiently. And this is the journey in which we are now.

The standard with which we are working now is the simplest and smallest idea that we have in our heads at the moment. Because even with trivial ideas, especially for beginners (and we are beginners in IT, despite many years of experience), it can be very difficult. I think that as soon as we receive any feedback (any: positive or negative, for example, the output of another competing proposal), for us it will be good. Because it was important for us to make this porridge, to designate, there are problems here, we need to solve them, and ultimately make BGP safer. It doesn’t matter whether this happens through our ideas or the ideas of a competing team.

The rival team is more than worthy. These are people who work at NIST, the American Institute of Standards and Time. They also have ideas, they are not bad - they are just different.

And the last level , the topmost one, is the application level. As a rule, at the moment most of the applications that exist on the network are HTTP-based, what we used to call “Web”. There is also a very interesting perspective. But this is not only the Web.

And here I will give a story that makes it easy to understand the scale of the problem.

In 2008, I had a very simple and clear idea: how does a robot differ from a non-robot? Captcha is a very rough tool. In the Soviet Union, robots solve captcha much better than humans. She annoys me personally, and you can easily get around it, and in automatic format. The fact that such methods of passage of captcha arise, it was obvious in 2008.

Therefore, I chose a simple idea as the main one: robots see a web page
other than people. When you open a web page,

1. you need time to process its contents;
2. you react quite definitely in an emotional way to its design;
3. You perform some actions with this application.

I collected data on those web applications that were available to me, and the hypothesis was confirmed: people behave quite predictably.

If you imagine a website as a vertex-oriented graph, cyclical, huge, where each page is a graph node, each element is a petal, and put two values ​​into the transitions (time to make the transition, and the probability of transition), you will find that people behave predictably. They are clearly different from bots. And, no matter what. Even if you write a robot that makes random transitions, or some other transitions. It will be different from a person exactly because it is based on a simple idea: robots see a web page differently than people. We used this approach as the very first algorithm for detecting anomalies and stopping them.

Why it is so easy to talk about it ... If you imagine a modern website (these are hundreds of thousands of web pages), build a map for each user, get a volume of data that is now impossible to fit into commercially available amounts of memory.

Naturally, we once learned how to collapse this graph without losing significant data. That was in 2008. Since then, we have a separate team of mathematicians - 4 people who deal specifically with the algorithms for detecting anomalies and isolating abnormal traffic.

I can already say with pride that the algorithm that I have just talked about in retrospect seems to be extremely primitive and inefficient. Fortunately, in our team with math, I have probably the worst of them all.

With a strip, everything is simple, it would seem: as soon as you learned how to spray an attack, it ceases to be a significant difficulty for you, because, as a rule, these attacks contain all the necessary data on which you can decide on traffic (good or bad) ) contained in the body of one package. This class of attacks is the most trivial if you have solved the problem of how to competently spray traffic. But in order to properly spray it, we had to build a model of the Internet.

In my opinion, the task is extremely interesting ... By the way, you can get acquainted with this model of the Internet. At some point, a person who is engaged in PR of our company said: “Sasha, your company should have a blog”. I thought and said: “You know, in principle, we can write a blog ... But there is such a thing: either you write a blog, or you write code. The second is dearer to me, because we are few and need to write code. So let us think of something. Here we have a model of the Internet, let's do it in the form of a blog. ”

And so we did what can now be found on the site radar.qrator.net. This is, in principle, a model of the Internet.

The bulk of our programmers are not web programmers. We have a few web programmers - until last week there were three, now it's four. Resources are extremely limited, there is a constant struggle for them, but, nevertheless, we have allocated some of the people and laid out this model for free access.

Then it was, by the way, very interesting. The first feedback I received about her was feedback from colleagues from Renesys, who clarified: “Alexander, how do you see your company: as a scientific-laboratory of a large American company or as independent?”. To which I laughed and said: "Guys, this is not even our product, we do not earn money from it."

Each level has its own mathematical challenges. The task may seem simple only at first glance. I have met many colleagues who believe that it is worth learning how to quickly process packages, and the DDoS problem is solved for you. Not really.

- We talked about the ways of protection, because you are doing this, and it's great. And what methods of attack are most common today? What threats do your products, in particular, protect websites, applications, data centers from?

The botnet was the most popular tool for conducting an attack 5 years ago. By my classification, this is the first level. That is, your main task is to learn how to spray traffic around the perimeter of your network. Once you have learned this gesture, the reflection of such attacks is not difficult, because, as I said, there is enough data in one package to repel an attack at the transport level. No complicated models are needed to effectively counter.

But even the trend that we are now seeing is already in the past. It has declined since the beginning of 2016. This is explained by the fact that attacks that exceed hundreds of gigabits create problems not only for victims, but also for all those around them, including telecom operators. Telecommunications operators, having become preoccupied with this problem, have begun to stop such services in their networks that can be used to conduct attacks.

We have a classic picture: the final resource, the amount of which is decreasing every day, and the growing demand for it is a script kiddie, who use his technique to launch an attack. Now the number of attacks is growing, their maximum amplitude falls.

In my opinion, there is a trend reversal right now, and a recent successful attack on Blizzard illustrates this perfectly. And this is despite the fact that Blizzard believed that they were super-ready Blizzard, in turn, covered AT & T. The attack was carried out using what journalists now call the Internet of Things (IoT). This is, in fact, the “hodgepodge” of small devices with leaky firmware that the attacker put into a fist and conducted a successful attack. So, trends are constantly changing.

- What kind of mindset should a person be so that he would be interested in doing this? What kind of people do this with you? As far as I understand, your work is strongly tied to the software and hardware complex. What kind of people are critically important to you so that everything works well?

I can only say that we are an engineering company. For us, engineers and mathematicians are important. Better yet, if a person combines in himself both. The minimum requirement - a person should not be afraid of mathematics. If you are not afraid of mathematics, this is already a good thing.

I can identify several groups that work for us:

1. Mathematicians solve problems of clustering, data analysis. Often you have to do something in real time or close to real time.

2. Low-level programming and programming of FPGA (FPGA). These are engineers who can write effective code quickly and efficiently. Usually, people with experience in sports programming take root.

3. A team that writes what we call infrastructure. This, strictly speaking, is the Qrator engine. Here the approach is pragmatic, deutsch-engineering with an understanding of what we will do with this code further. Modular infrastructures are able to look in terms of the development of their code not in the “tomorrow”, but also in the “day after tomorrow”.

Unlike many other solutions, we are inline. We process the traffic of our customers constantly, every second. If somewhere we have problems, customers will certainly feel it and this will result, ultimately, in losses. Therefore, the requirements for architecture, code quality and infrastructure are, of course, space. That is, to operate Qrator'om - this is akin to flying in space: nothing should refuse. If any of the modules fail, the system, as a rule, automatically diagnoses it and takes it out of service. At least we are committed to this. This is infrastructure.

4. There is also a group of network mathematicians who develop and build a model of Radar. In fact, this is such an internal product for which we are the only customer, because it is these people who say where and when the next point on the globe will light up, where we will launch the next traffic clearing center.

5. I have already said that we have very few web programmers. Now there are four of them - this is a full-fledged department. And all this math, "bells" and "whistles" does not make sense if you can not present it in the final form to the user. Just look at the same Radar or Qrator, where the amount of data to be presented to the user is more than 6 TB of metadata per day. They can and should be presented in the form of a user interface so that the final person with the most different level of technological preparation can perceive it. Or the connectivity graphs in the same Radar are not the simplest visualization.

By the way, next month we will have another iterative release. Most of it is a new visualization method. I hope that this time we still took this task, but took it only on the fourth attempt. This is not an easy task.

6. The operation group is our interface to all organizations: to partners, telecom operators, and customers. These are the people who are most likely to experience stress in the 24/7 format, sometimes solving the most difficult tasks of troubleshooting. Therefore, usually people coming to the position of NOC engineer are somewhat surprised by the level of tasks that we give them during the interview. You need to understand that this is not just troubling for our own network, but also for the environment, all that zoo equipment that can really meet in the enterprise with customers.

- As far as I understand, in general, for the telecom operator and, in particular, for the data center, which allows you to rent equipment for providing services to the consumer, this service was not usual initially. , , - . ?

, – , . , – , . , , . , , , ?

For the current state of affairs, hosting and telecommunication companies are definitely partners. We simply do not consider them as competitors. And, as I have already said, the problematic itself is dynamic in the field of the game. Let's look at the situation in retrospect ...

Here is the problem of DDoS, there was an effective SYN-flood mechanic aimed at the TCP / IP stack. How did the industry react? Bernstein created the SYN cookies. They can be enabled directly on the host and effectively solve the problem. SYN-flood speeds increased. Ordinary servers no longer cope. There were box solutions that stood up in the rack to the customer. And to the box that blinks with lights (Firewall), a DDoS-mitigation box has been added. This also solved the problem, but only for a certain period.

Speeds, packet rate attacks continued to grow, and the channel that came to the data center or to the customer’s rack ceased to cope. The market reacted to this as follows: devices, services, equipment migrated to the network of telecom operators. Service providers have become telecom operators, whose network, as a rule (we do not take into account such giants as Google or Yandex), is more powerful than customer networks.

This is the state of affairs when we, as you say, are both partners and competitors with telecom operators. This is a retrospective.

Attack speeds continued to grow, and over the past decade they have grown by an order of magnitude, or even orders. For example, we can say that the attack that was made on our site at the university, barely exceeded 14 Gbps per second. At the moment we are regularly faced with attacks that exceed 100 Gbps, 140 Gbps, 300 Gbps.

Recently, our colleagues from Incapsula provided data on attacks exceeding 500 Gbps. In principle, in my opinion, it becomes economically unprofitable for telecom operators to build networks capable of withstanding such attacks. The logic of the development of a carrier network looks like this: “I have customers (for example, in the city of Odintsovo). I will stretch the fiber there. ” There are more customers, the core of the network goes there, and from there the rays of the next access-level come out. The telecom operator always reaches for its customer base and always builds the backbone. It is very expensive.

How does Qrator develop? It puts points where it is possible to intercept parasitic traffic as soon as possible. Like the take-off of a ballistic missile: at the time of acceleration we intercepted it, stopped the attack traffic in the region from which it originates. Thus, we create less load on the network infrastructure and can get better prices from operators in the region. Because, when we come to the region, we say: “Dear telecom operators, we love keeping our traffic locally even more than you. It is not joke. Traffic originating in the region will remain in the region. ” And this concerns not only attack traffic, but also legitimate traffic.

The logic of network development is diametrically opposite, so we have no intersections.

From a business point of view, our network development costs are significantly lower than the costs of any telecom operator. And the efficiency of its work is higher.

- How many points of presence do you have today? What are your plans for the end of 2016?

In any case, the main thing - do not hurt his forehead. The point should justify itself and be located optimally. We have colleagues who are chasing the number of these points around the world. You need to clearly understand that this is nothing more than marketing. In fact, having fewer points, we have a comparable network coverage. Operating costs are significantly lower.

In the same Radar you can make a request about Qrator and see all our points of presence by telecom operators, by geography: San Jose, Dallas, Eschborn, Amsterdam, Stockholm, Russia, Kazakhstan, Hong Kong. The plans - before the end of the year, it is necessary to open points of presence in Tokyo and Singapore. Without them, unfortunately, our presence in Southeast Asia is not complete. Next year, we will probably look in the direction of South America.

- How well is this market growing today?

The market is growing. The market is growing dynamically. We have grown in the past five years, despite the crisis, at least 100% per year. But this year we felt that the Russian market is nearing completion. It was a predictable event. Therefore, we began expansion. We are trying to move to the West and tune in to the East.

- About the attack on the Russian media in 2011 ... How did you take part in this story? What was your place in it? I may be wrong, but it seems to me that many people heard about you then ...

I probably would not have said that 2011 was a turning point in business terms. When we started, we made all the mistakes that we could. In particular, the traditional mistake of any startup is the revaluation of the market. I thought that the market was already formed. We started with plans aimed at the mass market, and just missed.

Then they reassembled, reoriented to the middle segment, because the company was very young: there was no name, no administrative resources, no connections. Yes, and resources for PR and marketing, we also did not have. During the first four years of the company's life, the budget for marketing and public relations was stably zero.

In 2011, an interesting event happened, which caused a lot of noise in the press, but in fact the business didn’t have much effect. These were parliamentary elections in Russia. In principle, we understood that the society goes to elections in a rather “heated” state, there will be outrage and speeches.

We live in an information society. The ability to block the distribution of any information, even if only temporarily, when society passes through its critical points, can affect the outcome.

Elections are a great example, so we prepared for them. We understood that something would happen. A month before the election, we had the weekend canceled, 24-hour duty was organized. But everything went extremely calm, it was all quiet. And on election day, I decided that everything was over, and went with my family to the theater. In the first 15 minutes my phone starts ringing. I raise it and I understand that for me today the theater ended there and started in another place. I took the laptop and ran to the nearest Starbucks.

Twenty-four hours later, we collected in our filtering network everything that the Russian media could call them called independent.

In my opinion, journalists are a very dense, united community: they learned about us (how it works, who needs to call) just by talking to each other.

We worked perfectly. We were technically ready for this event. Everything was quite predictable: I would not bring any highlights.

It is interesting that at the same time a person came to us, who introduced himself as a correspondent for The Wall Street Journal. He asked me very caustic questions for two hours. At first I did not believe it, I thought it was some kind of industrial intelligence. When the article did not come out next week, I forgot about it. But a week later a note came out about us. I have a paper version of this newspaper somewhere at home.

Friends called me and said: “Sasha, congratulations, great jeans”. To which I was surprised and said: "I do not have that kind of money to buy a journalist in the Wall Street Journal."

But this story for business had almost no consequences.

— . ? ? DDoS?

I believe that we have managed to take a confident position in Russia. Recently, Forbes released its rating of TOP-50 Russian Internet companies. Seven of them are our customers. In my opinion, this is such a figure, speaking.

In Russia, of course, there is competition. We started half a year later than the Kaspersky Lab service. This is more than a strong player. We had and have to tear out our market share from them with our claws and teeth.

We also sense the presence of Rostelecom. It traditionally serves government customers. But, having ready equipment, infrastructure, successfully provides them to commercial customers. Telecom operators have an advantage - the customer is already connected to the telecom operator.

In addition, there are a huge number of startups.

The situation does not change for seven years exactly. In Russia, one or two companies start this year, entering the market with DDoS protection services.

Therefore, we can not rest on our laurels. But we love our Russian market, understandable. Here we are able to sell well, but it is finite. And we felt its borders this year. That is why we started the international expansion.

- And international competitors?

The situation in Russia is similar to the international situation, only in miniature. There are traditionally several classes of products: as I have already said about evolution, first the box was in front of the customer, then she stood by the operator, then clouds appeared.

Box solutions are traditionally Arbor and Radware, and also Chinese NSfocus. There are a lot of small players, but this is the top three.

There are operators who provide a service on the basis of their boxes: this is practically any large operator - Deutsche Telecom, TI (Telecom Italia), and so on. There are professional companies that use someone else's technological stack and other people's solutions, Prolexic and Akamai.

And there is a new wave of companies that provide cloud services. Unlike previous generations, they themselves develop their technological stack. Abroad - this CloudFlare and Incapsula. In Russia, we are Kaspersky. In Asia, you can still call such an interesting player as NexusGuard.

- Maybe you want to take some result, referring to the entire audience Habrahabr? What would you say to those guys who graduated or are studying at universities, or graduating from the last classes of the school?

A generation flew into space with me, got to the moon. The results of my generation look like the results of losers. We have built a significant piece of the Russian Internet. I also took part in this from the very start. But the Internet is currently broken (as I would describe its state). It is very easy to break it, they can easily be manipulated by anyone, be it a criminal, a separate state or a political bloc.

In my opinion, from the point of view of the evolution of mankind, the situation is absolutely unacceptable. The Internet is a new media, our collective mind. And I really do not want us all to go crazy. Therefore, it must be urgently repaired. The sooner, the better.

When they say to me: "Here, I just graduated from the university, what can I do?"

I have a great example. This is our intern, Zhenya Bogomazov, who is still studying at Moscow State University. He came to us as a trainee for the summer, and now he is the author of a significant part of the draft change of the BGP protocol, which we are now trying to conduct through the IETF.

This illustrates the fact that, with nothing more than a university education, but with an inquiring mind and interest, you can come and make the Internet better today.

There are actually a lot of questions. We are talking about BGP, because for me today is one of the most important issues. The situation when the answer in the mitigation line we put a dash prevents me from sleeping, but the threat cannot be neutralized without changing the protocol.

In addition to routing, there are still layers such as the transport layer, authorization, and authentication — all this also requires substantial work. Unfortunately, the majority of large businesses that exist on the Internet (Google or Microsoft), somewhat calmed down: "It works - do not touch."

But if you conduct a thoughtful analysis of possible future threats, it turns out that the Internet is broken and easy to manipulate, which many people and organizations regularly do. This situation needs to be corrected: the Internet should become a safe playing field for all participants with clear and symmetrical rules.

Full version: