Tuesday, May 06, 2008

Load-balancing in action: did Richard Warman and 90sAREover really have the same IP?

Below and to the right is an excerpt from the Freedomsite's logs, truncated on three sides to make it easier to read. (You can see an untruncated version here on p. 35.)

Richard Warman, 90sAREover, CoolsThe top two entries (both with "POST") are related to the notorious Cools message: the first confirming the spelling of "nigger"; the second submitting the nasty message that is at the center of the present controversy. The bottom-most is the last entry for 90sAREover in the logs (or at least those that have been released).

The point to note is that 90sAREover did not have just one IP during his brief visit to the freedomsite message board, but two: 66.185.84.204 and 66.185.84.200, and in the space of three minutes he switches from one to the other at least four times.

I say "at least" four times here because it is important to remember that we are only seeing a portion of what was going on. These two IPs are both Roger's web-caching proxies -- their host names are (respectively) wc09- and wc04.mtnk.rnc.net.cable.rogers.com, showing the tell-tale wc (which abbreviates web-cache) -- and since they are caches there will have been traffic between them and 90sAREover's computer that is not forwarded to the visited site.

Richard Warman, Cools, 90sAREoverWhat does all this mean? The switching between these two web-caches is another example of load-balancing, a practice by which Rogers shifted traffic among its 42 web-caches to deliver the most efficient service to its subscribers. An attempt to sort out how all of this worked resulted in the string ball to the right (explained here), which traced shifts between proxy-IPs that can be identified in the years 2002-5. Each string in the ball is an example of a load-balancing shift.

This load-balancing provides another wrinkle in argument of identifying 90sAREover. It seems that Rogers' subscribers had what might be called a "home" proxy, which functioned as their default web-cache, and that they would rerouted to a another proxy only when needed, especially (one assumes) at peak hours. But when he made the racist Cools-post, was 90sAREover's "home" proxy 66.185.84.204 and 66.185.84.200 a temporary IP to which he was shifted through load-balancing? Or was his home proxy 66.185.84.200? Or might his "home" have been one of the other web-caches in the series, with the traffic rerouted into 200 and 204?

1 comment:

Mike said...

Oh man buckets...keep it up, you are killing here.

Nicely done.

Now, back to instilling Critical Path...