nanog mailing list archives
Unusually High traffic from Akamai/Oracle - public-yum.oracle.com
From: James Stahr <stahr () mailbag com>
Date: Wed, 09 May 2018 14:48:54 -0500
Hi,Since I'm not a customer of either organization, I'm reaching out to NANOG for a contact and perhaps others may also be experiencing similar symptoms over the past 3-4 weeks. The situation appears to be that customers of ours have Oracle Linux and when they attempt to download updates, their traffic goes through the roof for hours on end. While researching this phenomenon, I found this discussion which coincides with the traffic I've seen, however there is no mention of excessive traffic resulting from this "corruption" nor have their been any additional reports:
https://community.oracle.com/thread/4138810Currently, I have two customer environments which are hitting about ~2Gb/s when normally their traffic levels are nearly zero. At first I thought it was an isolated incident but then we observed the same issue with another customer. All of this traffic is coming from 23.35.204.188:80, which belongs to Akamai. Since that's somewhat of a dead end, we examined the hosts which are requesting the data from Akamai and found that they are all Oracle Linux boxes and it's a yum process on Oracle Linux which appears to be repeatedly downloading the same content for hours on end:
[root@xyzzy noc]# netstat -plutan | grep :80tcp 0 0 172.16.122.112:14272 23.35.204.188:80 ESTABLISHED 58880/python
[root@xyzzy noc]# ps auxww | grep pythonroot 41015 0.0 0.3 401940 52044 ? S Apr30 0:02 /usr/bin/python2 /usr/share/system-config-lvm/system-config-lvm.py root 58880 59.7 1.0 479680 164140 ? R 18:24 27:18 /usr/bin/python /usr/share/PackageKit/helpers/yum/yumBackend.py get-updates none
I can only assume that the data being downloaded is corrupt as this multiple hour download does not consume any disk space and because the file(s) are repeatedly downloaded, the logic behind the yum routines are also at fault for 1TB of
I don't expect anyone at Akamai to reach out to me since they are simply the middle man here, but I'm hoping that someone at Oracle will because the cost to Oracle for Akamai to deliver this junk traffic is not zero and I have a hard time seeing how this issue is isolated to our network. I'd also be interested to hear from anyone else who has been seeing traffic spikes from public-yum.oracle.com.
-James Stahr
Current thread:
- Unusually High traffic from Akamai/Oracle - public-yum.oracle.com James Stahr (May 09)
- Re: Unusually High traffic from Akamai/Oracle - public-yum.oracle.com Colin Johnston (May 10)
- Re: Unusually High traffic from Akamai/Oracle - public-yum.oracle.com Jonathan Roach (May 11)