Habrahabr visiting Alexander Lyamin, QRATOR


    The full version of the video is available at the end of the publication and via the link.

    It was only the middle of a hot Moscow July, which is about to come to an end. Having agreed with Alexander about the recording, we were all a little worried - never before had anyone in Habrahabr tried to conduct a substantive dialogue with a well-known technical specialist in the video. We were not both sure about the dialogue, primarily because, both Alexandra, we had never met before in person. However, our small film crew arrived at their destination, somewhere between Begova and Polezhaevskaya.

    The hero of today's story and dialogue was born in the city of Noginsk, Moscow Region. As he told us, his whole family was on his mother’s side from this region - on Klyazma the village was several centuries ago.

    But my mother was carried away by the romance of the north and moved to the city of Murmansk - this is the largest city in the Arctic Circle. There Alexander spent his childhood. Father was a sailor, mother was an accountant.

    There were two key starting points in the life of today's hero. The first is when at 10 he saw the Robotron K 1820, a German computer: “I was very surprised that you can draw on TV. I was wondering what it is, how you can program, what is the operating system. It so happened that my family was not very rich ... "

    Sasha did not have his own computer - he was engaged in a programming circle in the regional Palace of Pioneers. I went to the Olympics in programming, as well as in many other natural science subjects.

    But, he boasts, one of the first in the city to have a modem - they presented the old-old terminal DEC VT-220. So he became acquainted with the world of networks.

    The second such wow moment was when Alexander realized that he could talk with a person who is generally in the other hemisphere. This prompted him to become addicted to networks - X.25, IP. He became a network engineer.

    The first place of work of Alexander was the company Incom (X.25 network). There he worked just one summer, and then got a job at ComStar, where he built the first ISDN-ku in Russia. At that time (1996) it was believed that a speed of 128 kilobits on the Internet was very cool.

    At the same time he was engaged in consultations, participated in the creation of a dial-up pool in Cityline, the largest company of its kind at that time in Moscow. A little bit of satellite Internet. And in 1998, at the height of the crisis, Alexander was invited to work at Moscow State University. According to him, this was a significant loss of money, but at that time no one had a better network than at Moscow State University. Therefore, our hero, without a doubt, went there and worked until 2012.

    Naturally, living on a university salary is difficult. At the same time, as already mentioned, Sasha was engaged in consultations, worked in the team of Hans Reiser, who made the ReiserFS file system. And at that moment I felt that in order to deal with networks, you also need to deal with the operating systems that live in these networks.

    Then he worked in one-time projects, but there were several large ones among them. We can note his cooperation with Igor Matsanyuk (IT-Territory), where Alexander turned out to be a consultant and worked part-time. It was an interesting story: “I came to visit my friend who worked there. We sat and discussed some technical problems in their office in the kitchen. A man comes in and says: "You work for me." I am surprised and say: “No, I’m basically doing fine ...” He says: "I do not care, you work for me." So I met Igor Matsanyuk. ”

    At some point, the hero of our story decided that you can try to adapt web toys to enter the world market. By the time Zynga first appeared in Russia, the company Alexander worked for already had 4 games that earned more than $ 1 million a year, and the technological stack was worked out: “Without false embarrassment, I can say: the idea that you can play not from a native client, appeared in Russia. ”

    In 2007, Alexander left IT-Territory to create his own consulting company. He worked in this format for exactly two months: “My first customer from the product search engine offered to become a partner and technical director. This was a short period of interest in search algorithms and product search. Well, since 2008 I have been working on Qrator and traffic filtering systems. ”

    It is the history of Qrator and the technical details of protection against DDoS that this material is dedicated to, in combination - the first video made by the Habra team.



    - When and for what reason was the idea born that grew into Qrator? What was the beginning?

    Let's start from the moment before Qrator. I have advised people and organizations on how to build distributed network applications. And in 2008, it so happened that the project I was engaged in (it was a product search) was not sold by Microsoft.

    From my previous experience I know that a crisis is always a time when you can do what is interesting to you - for the soul. Because all the same, doing big business at this moment is not a good idea. In 2008, we decided to study the DDoS problems, because by that time I already had some base, experience. Before that, I regularly encountered this problem, I wanted to study it fundamentally. Therefore, I came to my leadership at Moscow State University and said: “Look, there is such a thing Electronic government. And this means that the critical infrastructure is on the Internet. ”

    If you can’t see the mail, this is one story. If you can’t turn to the tax office with your problem, this is a completely different story. Government resources in this sense are extremely bad. And I demonstrated it. I had a Nokia 900 handheld and a self-written code in C. Directly by GPRS connection I went to a test site that my friend made and disabled it in a few seconds. Management agreed.

    I brought my equipment to the university, the team was university. The university provided network infrastructure, for which many thanks to them. The original plan was to develop approaches to solve the problem. Following the university was to receive federal funding and deal with the topic professionally. That was the beginning.

    - And at what moment did the isolation of Qrator happen? Speaking in legal language, at what point did you register LLC, realizing that this is the future business? Is it the same year 2008?

    Not. I can even name the date - it was June 22, 2010. We took an attack on the university network that exceeded the capabilities of the network backbone. And the university authorities said: “This is all very interesting ... but it is good that this happened on June 22, because the educational process is over, the holidays. And in the semester period we cannot afford this, so we need to do something with the project: either find funding, or close it. ”

    It was a turning point. I realized that something needs to be done with this. And plus everything - an interesting factor: network performance was not enough. It was impossible to transfer equipment from the university network without federal funding, so I invested my own accumulated funds in building a distributed one. At the first stage there were three sites - all of them were in Russia. As early as September 1, 2010, we launched these sites into operation.

    - How general is the mathematical and algorithm-intensive task - protection against DDoS? I spoke with specialists in various fields in order to better understand this. And in general, I hear that there is supposedly no non-trivial task: it is a matter of protocols, points in a distributed network, channel width and so on. What can you say about this?

    I will smile and comment on this as follows. I have a slide that “walks” over almost all the presentations, in which we try to formulate how we classify DDoS attacks. These are 4 levels:
    1. transport;
    2. TCP / IP level;
    3. level of network infrastructure;
    4. application level.
    Let's start from the very first level. Channel overflow is the easiest and most trivial way to attack and defend. It would seem that just having this band is enough. As a counterexample (because this is a trivial task), I will cite the following situation, this is a real story. The customer is located in a large Russian data center. The data center declares that it has 600 gigabits. This is true: a set of 600 gigabit physical interfaces. But in fact, this is not one thing, they are discrete interfaces over which traffic is distributed according to some algorithms. What control this algorithms?

    These are low-level mechanics such as LACP and high-level routing types, for example, BGP. And here, as usual, the devil is in the details: the most important inter-operator joints at this center are the busiest. Therefore, there was enough attack, slightly exceeding 30 gigabits per second, in order to make our customer and all other resources in this data center inaccessible to most audiences.

    I like to give an example: an attack on a strip is like a punch in the face. It hurts, immediately noticeable. But it’s worth the “spray” fist, and this is not so noticeable. There will be no knockdown. But how exactly to distribute traffic is not such a trivial task.

    Inside the network, where you control your joints, where you control the mechanics of sowing in physics, everything is simple. If we reach the level of backbone inter-operator connectivity (the same BGP protocol - Border Gateway Protocol), in its current implementation it looks more like a black box that has only one control method, and it works in a completely non-obvious way.

    Why? Because this is the design of the BGP protocol. I will try to explain simply. BGP is a standard distance-vector protocol, it would seem. But in fact, it reflects in itself not so much the network topology as the material relations between network participants. The so-called local pref is the synthetic metric that operators use to make more money corny (which is natural for any business). Local pref has higher priority than your only control method. Accordingly, if you do not know what you are doing, you have no chance to build a network that can be balanced and correctly spray large volumes of traffic.

    We perfectly understood this back in 2008, so we had an extremely interesting machine, which we called among ourselves the "Asimov Radar." The machine is no less than the next Internet model, which models network connectivity at the inter-operator level. Roughly speaking, she is able to solve the problem of predicting the path of traffic from anywhere on the Internet to anywhere on the Internet. And this allows us to build our network not empirically, as most telecom operators are doing now, but using mathematical modeling. We know exactly where we need to put the next point on the map so that it is effective both from a technical point of view and from a business point of view.

    This is only the first., the most basic level. Further, if you move up - the TCP / IP state machine. The state machine is outdated, the development of which used an informal approach, empirically designed. Even the very famous Nagl algorithm — growing linearly, falling exponentially in transmission speed — was also output at the tip of the pen, purely empirically. It seemed to him that it would be good, and it was good for a long time. The state machine is outdated, with a bunch of vulnerabilities that can also be exploited. Therefore, we re-invented TCP / IP for ourselves. Our version is the most resistant to various types of network attacks.

    Next level- network infrastructure. Network infrastructure is the intelligence that decides how the packet is processed and routed. This includes routing protocols and the equipment itself. It can also be attacked, because both the routing algorithm and the routing caching algorithm can, in turn, be subjected to a denial of service attack or can be subjected to a normal attack with the substitution of authentic information. This, too, can lead to a sad ending, denial of service for end users.

    If you can send a packet to network equipment that needs to receive it and process it somehow, you can probably find a special case that will force this equipment to spend all its free processor time processing your data. This is the most promising technique for conducting DDoS attacks in the next few years. In addition to simply disabling network equipment, you can also expose routing tables to unauthorized use, that is, change them in an unintended way.

    And here we look again ... BGP, version 4, was invented in the decade before last. Outdated, extremely vulnerable. It was obvious to us back in 2008. But, unfortunately, unlike the previous level, it is impossible to rewrite this protocol here, because, having rewritten only our part, we will change and ensure the stability of only our network (which, in fact, we did). But the rest of the Internet is beyond our control. We can either monitor it for malicious influence (which we do for all our customers using the same Qrator.Radar), or change it (which we also do now).

    There is the only way that I personally was wildly afraid and continue to be afraid. Because if you want to make a new Internet standard, you have only one way: you have to write a draft of this standard, go with it to the IETF (Internet Engineering Task Force) and convince the IETF, your org. group, all telecom operators and engineers who work in it, that you are doing the right thing, which a) solves the problem, b) does it effectively. And this is the journey we are in now.

    The standard that we are working with now is the simplest and smallest idea of ​​those that are in our heads at the moment. Because even with trivial ideas, especially for beginners (and we are new to IT, despite many years of experience), it can be very difficult. I think that as soon as we get some kind of feedback (any: positive or negative, for example, the output of another competing offer), it will be good for us. Because it was important for us to brew this mess, to identify, there are problems here, we need to solve them, and ultimately make BGP safer. It doesn’t matter if this happens with our ideas or the ideas of a competing team.

    A competing team is more than worthy. These are people who work at NIST, the American Institute of Standards and Time. They also have ideas, they are not bad - they are just different.

    And the last level , the highest, is the application level. As a rule, at the moment, most of the applications that exist on the network are HTTP-based, which we are used to calling “Web”. There are also very interesting issues. But this is not only the Web.

    And here I will give a story that makes it easy to understand the scale of the problem.

    In 2008, I had a very simple and clear idea: what is the difference between a robot and a non-robot? Captcha is a very rude tool. In the Soviet Union, robots solve captcha much better than humans. It annoys me personally, and it can be easily bypassed, and in an automatic format. The fact that such methods of passage of captcha arise, was evident back in 2008.

    Therefore, as the main one, I chose a simple idea: robots see a web page
    differently than people. When you open a webpage,
    1. you need time to process its contents;
    2. you react quite definitely in an emotional way to its design;
    3. you perform some actions with this application.
    I collected data on those web applications that were available to me, and the hypothesis was confirmed: people behave quite predictably.

    If you imagine a website as a vertex-oriented graph, circular, huge, where each page is a graph node, each element is a petal, and put two quantities in the transitions (time to make the transition, and the probability of transition), then You will find that people behave predictably. They are clearly different from bots. Moreover, no matter what. Even if you write a robot that makes random transitions, or some other transitions. This will differ from a person precisely because it is based on a simple idea: robots see a web page differently than humans. We used this approach as the very first algorithm for detecting anomalies and stopping them.

    Why it is so easy to talk about it ... If you imagine a modern website (these are hundreds of thousands of web pages), build a map for each user, get a volume of data that is now impossible to fit into commercially available amounts of memory.

    Naturally, we somehow learned to collapse this graph, without losing significant data. That was in 2008. Since then, we have a separate team of mathematicians - 4 people who are involved specifically in the algorithm for detecting anomalies and isolating anomalous traffic.

    I can already proudly say that the algorithm that I just talked about in retrospect seems extremely primitive and inefficient. Fortunately, my math team is probably the worst for me.

    Everything is simple with the strip, it would seem: as soon as you learn how to spray an attack, it ceases to present significant complexity for you, because, as a rule, in these attacks all the necessary data on the basis of which you can make a decision on the traffic (good or bad) ) are contained in the body of one package. This class of attacks is the most trivial if you have solved the problem of how to correctly spray traffic. But in order to correctly spray it, we had to build an Internet model.

    In my opinion, the task is extremely interesting ... By the way, you can get acquainted with this model of the Internet. At some point, the person who is involved in the PR of our company said: "Sasha, your company should have a blog." I thought and said: “You know, we can write a blog in principle ... But there is such a thing: either you write a blog or you write a code. I like the second, because we are few and need to write code. So let’s come up with something. Now we have a model of the Internet, let’s make it in the form of a blog. ”

    And so we did what can now be found on the site radar.qrator.net. This is, in principle, an Internet model.

    The bulk of our programmers are not web programmers. We have few web programmers - until the last week there were three, now there are four. Resources are extremely limited, there is a constant struggle for them, but, nevertheless, we have identified some of the people and put this model in the public domain.

    Then it was, by the way, very interesting. The first feedback I received about her was a feedback from my Renesys colleagues who said: “Alexander, how do you see your company: as a scientific laboratory of a large American company or as an independent one?” To which I laughed and said: "Guys, this is not even our product, we do not earn money on this."

    Each level has its own mathematical challenges. The task may seem simple only at first glance. I have met many colleagues who believe that it is worth learning how to quickly process packages, and the DDoS problem has been solved for you. Not really.

    - We talked about ways to protect, because you are doing this, and it's cool. What are the most common attack methods today? What threats do your products, in particular, protect websites, applications, data centers?

    The botnet was the most popular tool for conducting an attack 5 years ago. In my classification, this is the first level. That is, your main task is to learn how to spray traffic around the perimeter of your network. Once you have learned this gesture, repelling such attacks is not difficult, because, as I said, there is enough data in one packet to repulse the attacks at the transport level. No complex models need to be built for effective counteraction.

    But even the trend that we are now observing is already in the past. It has declined since the beginning of 2016. This is because attacks that exceed hundreds of gigabits create problems not only for the victims, but also for everyone around them, including telecom operators. Telecommunications operators, having been very worried about this problem, began to stop services in their networks that could be used to carry out attacks.

    We have a classic picture: the final resource, the amount of which is decreasing every day, and the growing demand for it are script kiddies that use its technique to conduct an attack. Now the number of attacks is growing, their maximum amplitude is falling.

    In my opinion, there is a trend reversal right now, and this is recently illustrated by the recent successful attack on Blizzard. And this despite the fact that Blizzard believed that they had a super-preparedness Blizzard, in turn, covered AT&T. The attack was carried out using what journalists now call the Internet of Things (IoT). This is, in fact, a “hodgepodge” of small devices with holey firmware that the attacking party gathered into a fist and carried out a successful attack. So, trends are constantly changing.

    - What kind of mindset should a person have in order for him to be interested in doing this? What kind of people do this for you? As far as I understand, your work is strongly tied to a hardware-software complex. Which people are critical to you so that everything works well?

    I can only say that we are an engineering company. For us, engineers and mathematicians are important. And even better if a person combines both. The minimum requirement is that a person should not be afraid of math. If you are not afraid of math, this is already good.

    I can distinguish several groups that work for us:

    1. Mathematicians solve the problems of clustering, data analysis. Often you have to do something in real time or close to real time.

    2. Low-level programming and FPGA programming. These are engineers who can write efficient code quickly and efficiently. We, as a rule, take root with people with experience in sports programming.

    3. A team that writes what we call infrastructure. This, in fact, is the Qrator engine. The pragmatic, deutsch-engineering approach is important here, with an understanding of what we will do next with this code. Modular infrastructures are able to look in terms of the development of their code not in “tomorrow”, but also in “the day after tomorrow”.

    Unlike many other solutions, we stand inline. We process the traffic of our customers constantly, every second. If we have problems somewhere, customers will certainly feel it and this will result, ultimately, in losses. Therefore, the requirements for architecture, code quality and infrastructure, of course, space. That is, operating a Qrator is akin to flying in space: nothing should fail. If any of the modules fails, the system, as a rule, automatically diagnoses it and takes it out of service. At least that is what we are striving for. This is the infrastructure.

    4. There is also a group of network mathematicians who design and build a Radar model. In fact, this is such an internal product, in which we are the only customer, because it is these people who say where and when the next point on the globe will light up, where we will launch the next traffic cleaning center.

    5. I have already said that we have very few web programmers. Now there are four of them - this is a full-fledged department. And all this mathematics, “bells” and “whistles” do not make sense if you cannot present it in its final form to the user. Just look at the same Radar or Qrator, where the amount of data that you need to present to the user is more than 6 TB of metadata per day. They can and should be presented in the form of a user interface so that the end person with the most different levels of technological training can perceive it. Or connectivity graphs in the same Radar - not the easiest visualization.

    By the way, literally next month we will have another iterative release. Most of it is a new visualization method. I hope that this time we still took this task, but took only the fourth attempt. This is not an easy task.

    6. The operation group is our interface to all organizations: partners, telecom operators, and customers. These are the people who are likely to experience the most stress, who operate in 24/7 format, sometimes solving the most difficult tasks of Troubleshoot. Therefore, usually people who come to the position of NOC engineer are somewhat surprised at the level of tasks that we give them at the interview. You need to understand that this is a troubleshoot of not only our own network, but also the environment, all that equipment zoo that can actually be met at customers' enterprises.

    - As far as I understand, in general for a telecom operator and, in particular, for a data center that allows you to rent equipment for providing services to consumers, this service was not usual from the very beginning. She appeared in their pool because there was a problem that someone else was solving efficiently. How do you even exist between these two lights?

    On the one hand, they are your partner, at the points of which you work and interact on the sites. On the other hand, they are your market competitors who have more opportunities to sell their services to their own consumers. But their services are generally more expensive, because they use third-party box solutions without deep understanding, buying them or licensing them. How do you think this landscape looks, and how effectively do you manage to combine these two roles?

    Hosting and telecommunication companies for us in the current state of affairs are definitely partners. We simply do not consider them as competitors. And, as I have already said, the problem itself is dynamic in the field of play. Let's look at the situation in retrospect ...

    Here comes the DDoS problem, the effective SYN-flood mechanics aimed at the TCP / IP stack. How did the industry react? Bernstein invented SYN cookies. You can enable them directly on the host and effectively solve the problem. The speeds of SYN flood increased. Regular servers have ceased to cope. There were box solutions that stood in the rack to the customer. And to the box that blinks bulbs (Firewall), a DDoS-mitigation box was added. This also solved the problem, but only for some period.

    The speeds and packet rate of attacks continued to grow, and the channel that came to the data center or to the customer’s counter stopped working. The market reacted to this as follows: devices, services, equipment migrated to the network of telecom operators. The service provider was telecommunications operators whose network, as a rule (we do not take into account such giants as Google or Yandex), is more powerful than customer networks.

    This is the state of affairs when we, as you say, are both partners and competitors with telecom operators. This is a retrospective.

    Attack speeds continued to grow, and over the past decade they have grown by an order, or even orders. For example, we can say that the attack that was carried out on our site at the university barely exceeded 14 Gbps. At the moment, we regularly encounter attacks that exceed 100 Gbit, 140 Gbit, 300 Gbit.

    Recently, our Encapsule colleagues provided data on attacks in excess of 500 Gbps. In principle, in my opinion, it becomes economically unprofitable for telecom operators to build networks capable of withstanding such attacks. The logic of network development of a telecom operator looks like this: “I have customers (for example, in the city of Odintsovo). I’ll stretch the fiber there. ” There are more customers, the core of the network reaches there, and from there the rays of the next access-level come out. The telecom operator always reaches for its customer base and is necessarily building a trunk. It is very expensive.

    How does Qrator develop? It puts points where it is possible to intercept spurious traffic as early as possible. Like the take-off of a ballistic missile: at the time of dispersal, we intercepted it, stopped the attack traffic in the region where it comes from. Thus, we create less load on the network infrastructure and can get better prices from operators in the region. Because, coming to the region, we say: “Dear telecom operators, we love to keep our traffic locally even more than you. It's not a joke. Traffic originating in the region will remain in the region. ” And this applies not only to attack traffic, but also legitimate traffic.

    The logic of network development is diametrically opposite, so we have no intersections.

    From a business perspective, our network development costs are significantly lower than the costs of any telecom operator. And her work efficiency is higher.

    - How many points of presence do you have today? What are your plans by the end of 2016?

    In any business, the main thing is not to split your forehead. The point should justify itself and be located optimally. We have colleagues who are chasing the number of these points around the world. You need to clearly understand that this is no more than marketing. In fact, having fewer points, we have comparable network coverage. Operating costs are significantly lower.

    In the same Radar, you can make a request about Qrator and see all our points of presence by telecom operators, by geography: San Jose, Dallas, Eschborn, Amsterdam, Stockholm, Russia, Kazakhstan, Hong Kong. We plan to open points of presence in Tokyo and Singapore by the end of the year. Without them, unfortunately, our presence in Southeast Asia is not complete. Next year, we will probably look towards South America.

    - How well is this market growing today?

    The market is growing. The market is growing dynamically. We have grown over the past five years, despite the crisis, at least 100% per year. But this year we felt that the Russian market is nearing completion. It was a predictable event. Therefore, we began expansion. We try to move west and tune east.

    - About the attack on the Russian media in 2011 ... How did you participate in this story? What was your place in it? I could be wrong, but it seems to me that then many people widely heard about you ...

    I probably would not say that 2011 was a turning point in terms of business. When we started, we made all the mistakes that could be. In particular, the traditional mistake of any startup is to re-evaluate the market. I thought the market was already formed. We started with plans aimed at the mass market, and just missed.

    Then they got over, reoriented to the middle segment, because the company was very young: there was no name, no administrative resources, or any connections. And we also did not have resources for PR and marketing. During the first four years of the company’s life, the budget for marketing and PR consistently amounted to zero.

    In 2011, an interesting event happened, which caused a lot of noise in the press, but the business, in fact, was not much affected. These were the parliamentary elections in Russia. In principle, we understood that the society is going to the elections in a rather “heated” state, there will be disturbances and speeches.

    We live in an information society. The ability to block the dissemination of any information, even temporarily, when a society passes through its critical points, can affect the result.

    Elections are a great example, so we prepared for them. We understood that something would happen. A month before the election, our weekends were canceled, 24-hour duty was organized. But everything went extremely calmly, everything was quiet. And on election day, I decided that it was all over, and went with my family to the theater. In the first 15 minutes my phone starts ringing. I pick it up and understand that for me there the theater ended today and started elsewhere. I picked up a laptop and ran to the nearest Starbucks.

    24 hours later, we gathered in our filtration network everything that the Russian media can be called independent.

    In my opinion, journalists are a very dense, united community: they found out about us (how it works, who needs to call), just talking to each other.

    We worked perfectly. We were technically ready for this event. Everything was quite predictable: I would not have given any highlights.

    It is interesting that at the same moment a man came to us who introduced himself as a correspondent for The Wall Street Journal. He asked me very tedious questions for two hours. At first I did not believe it, I thought it was some kind of industrial intelligence. When the article did not come out next week, I forgot about it. But a week later a note came out about us. I have a paper version of this newspaper somewhere at home.

    Friends called me and said: "Sasha, congratulations, great jeans." To which I was surprised and said: "I do not have that kind of money to buy a journalist in the Wall Street Journal."

    But this story had almost no consequences for the business.

    - A question about competitors. How many such companies? Where they are? How do you assess your position in the market for protection against DDoS?

    I believe that we managed to take a confident position in Russia. Forbes recently released its TOP-50 rating of Russian Internet companies. Seven of them are our customers. In my opinion, this is such a figure that speaks.

    In Russia, of course, there is competition. We started six months later than the Kaspersky Lab service. This is more than a strong player. We had and have to tear their market share out with their teeth and claws.

    We also sense the presence of Rostelecom. It traditionally serves government customers. But, having the finished equipment, infrastructure, it successfully provides them to commercial customers. Telecom operators have an advantage - the customer is already connected to the telecom operator.

    In addition, there are a huge number of startups.

    The situation has not changed for seven years for sure. One or two companies that enter the market with DDoS protection services start in Russia in a year.

    Therefore, we can’t rest on our laurels. But we dearly love the Russian market, understandable. Here we can sell well, but it is finite. And we felt its boundaries this year. That is why we have begun international expansion.

    - And international competitors?

    The situation in Russia is similar to the international situation, only in miniature. There are traditionally several classes of products: as I said about evolution, at first the box stood at the customer’s desk, then it stood at the operator’s, then clouds appeared.

    Boxed solutions are traditionally Arbor and Radware, and also Chinese NSfocus. There are a bunch of small players, but this is the top three.

    There are operators who provide services on the basis of their boxes: this is almost any major operator - Deutsche Telecom, TI (Telecom Italia) and so on. There are specialist companies that use someone else’s technology stack and someone else’s solutions - Prolexic and Akamai.

    And there is a new wave of companies that provide cloud services. Unlike previous generations, they themselves develop their own technological stack. Abroad is CloudFlare and Incapsula. In Russia, we are Kaspersky. In Asia, you can also call such an interesting player as NexusGuard.

    - Maybe you want to summarize something, referring to the entire audience of Habrahabr? What would you say to those guys who graduated or study at universities, or are finishing the last classes of the school?

    A generation before me flew into space, reached the moon. The results of my generation look like the results of losers. We have built a substantial piece of the Russian Internet. I also took part in this from the very start. But the Internet is currently broken (as I would describe its condition). It is very easy to break it, it can be easily manipulated by anyone, whether it is a criminal, a separate state or a political bloc.

    In my opinion, from the point of view of the evolution of mankind, the situation is absolutely unacceptable. The Internet is the new media, our collective mind. And I really do not want us all to go crazy. Therefore, it must be urgently repaired. The sooner, the better.

    When they say to me: “Now, I just graduated from the university, what can I do?”

    I have a great example. This is our intern, Zhenya Bogomazov, who is still studying at Moscow State University. He came to us as a trainee for the summer, and now he is the author of a substantial part of the draft draft BGP protocol that we are trying to conduct through the IETF.

    This illustrates that, having nothing but university education, but having an inquiring mind and interest, you can come and make the Internet better today.

    In fact, there are many questions. We are talking about BGP, because for me today it is one of the most important issues. I am not allowed to sleep peacefully when, in response to the threat, we put a dash in the mitigation line, but we cannot neutralize the threat without changing the protocol.

    In addition to routing, there are also such layers as the transport layer, authorization and authentication - all this also requires significant work. Unfortunately, most of the large businesses that exist on the Internet (Google or Microsoft) are somewhat reassured: "It works - don’t touch it."

    But if you conduct a thoughtful analysis of possible promising threats, it turns out that the Internet is broken and easy to manipulate, which is regularly done by many people and organizations. This situation needs to be fixed: the Internet should become a safe playing field for all participants with clear and symmetrical rules.

    Full version:

    Also popular now: