Last week I wrote about how redundancy of systems is an important part of Akamai's security at Planetary Scale. This post focuses on another way we keep Internet traffic flowing smoothly in the face of attempted attacks: network and data mapping.
Mapping isn't a security technique in itself. Every big network can be mapped out. But there is certainly a huge security benefit to it. In Akamai's case, we've mapped out every server deployed around the globe. If one goes down for any reason, we can quickly reroute traffic to other servers because we know exactly where everything is.
In my research, I've found some good writing on how Akamai maps the Internet. One example is a blog post called "Intelligent User Mapping in the Cloud," written by Eugene Zhang, a senior enterprise architect with Akamai's Professional Services organization. The other is a report called "How Akamai Maps the Net: An Industry Perspective," written by George Economou.
Economou wrote in his 2010 paper:
The dynamic nature of Akamai's scalable and flexible distributed systems design relies heavily on, and benefits greatly from, the rigorous efforts invested in network mapping. Akamai's notion of network mapping is relatively broad, and is crafted into several specific methods for real-time service operation or longterm data analysis. Akamai's network presence and access to traffic provides a very unique vantage point to understand the Internet and how it is operating; these examples provide a sampling of how Akamai takes advantage of this information for very specific purposes. Whatever shapes the Internet morphs into in the future, you can bet that Akamai will be present and will have new ways of mapping it.
Doing so seems complex when you consider the size of the operation. As of 2010, he noted, we had over 60,000 servers deployed in about 1,400 data centers on about 900 networks worldwide. Geographically, these data centers were in about 650 cities in 76 countries around the world.
I look at this as a case study in the concept of safety in numbers. If you walk around dangerous neighborhoods in a big city by yourself, you're going to be defenseless against attackers waiting around the corner. If you have other people with you, you become a much tougher target and are more likely to be left alone.
In the case of the Internet, there's safety in numbers for the technology deployed to route traffic. If we only had a few servers deployed in a couple countries, it would be much easier to do serious damage to the flow of Internet traffic. But our technology is so spread out and numerous that the traffic is unstoppable.
That's especially the case because of our mapping process. If one guy goes down in a fight, we know exactly where the reinforcements are and can deploy then quickly.