0

We are currently having issues with the internet speed at work.

We asked for a global report to our ISP in order to understand what was happening, and in their report (in the "conversation report" part more precisely), we have (for IN and OUT) a lot of connections with some EC2 amazonAWS servers (HTTPS connections).

We are not working with Amazon servers. The only thing I could imagine is that each employee's computer has a Dropbox client installed and connected/sync to a pro Dropbox account owned by the company (to share files between coleagues).

I know that, at some point, Dropbox had their servers hosted in Amazon Datacenters, but I though they had now their own datacenter. Maybe are they still using some EC2 AmazonAWS servers ?

My question here is : Is it possible that these connections from and to EC2 amazonAWS servers are caused by / relied to Dropbox ?

David Makogon
  • 2,768
  • 1
  • 20
  • 29
Julqas
  • 121
  • 1
  • 7
  • http://www.wired.com/2016/03/epic-story-dropboxs-exodus-amazon-cloud-empire/ indicates Dropbox has moved off Amazon's systems. – ceejayoz Jun 17 '16 at 14:04
  • That said, half the internet is hosted on Amazon these days. Can your ISP give you specific AWS IPs it's seeing the high traffic to? Maybe you can figure out who's using them. – ceejayoz Jun 17 '16 at 14:05
  • ISP gave us the local IPs that were used, but report was made a month ago, and local IPs are in DHCP, so they are not available anymore. But we have more or less 15 computers with Dropbox client installed on, and in the report we have 12 different local IPs that was connected at some point to EC2 AmazonAWS servers.. – Julqas Jun 17 '16 at 14:12
  • No, I mean the IPs of the EC2 servers they're connecting to. – ceejayoz Jun 17 '16 at 14:12
  • We have each IP & reverse of the EC2 servers we were connected to in the report too. Reverse like "ec2-52-29-92-3.eu-central-1.compute.amazonaws.com (linked to ip 52.29.92.3), and so on. – Julqas Jun 17 '16 at 14:15
  • An idea how to figure out who's using a specific EC2 server ? I don't have a clue about that ! – Julqas Jun 17 '16 at 14:15
  • You'd have to access the IPs and see if something's hosted on it. More than that would require Amazon's help. – ceejayoz Jun 17 '16 at 14:16

2 Answers2

2

The connections you see could simply be web pages employees are surfing that are run from or supported off of AWS or an employee is connecting to their own AWS servers. I have seen a lot where people want to learn about AWS and they do not limit their learning to off company work hours or the company's IT department hasn't met some need of theirs and they have moved development off premise and are expensing it by other means. I had a VP once expensing $24K in AWS services. The question for yourself should be, based on your ISP report is that traffic significant enough to be apart of the problem?

There are a variety of reasons why your internet connection could be slow having nothing to do with traffic specifically on your connection in/out of your company. Some questions for yourself that may provide answers to your problem What is the size of your network pipe and do you have guaranteed QOS. Without the guaranteed QOS then the ISPs own network could be significantly oversubscribed causing you problems. Does your ISP provider provide the point to point connection from your company to their data centers or do they use other companies shared network to get to you? Again is they do not provide the full pathway that at any point they are using any ISP or vendors network or transfer points that could cause problems to your connection

Mathew Parker
  • 21
  • 2
  • Thanks for your answer. We are 15 employees here, but only 4 techs guys. When looking local IPs that were connected or received connections from these EC2 servers, we have 11 or 12 different local IPs, like if nearly everyone in the company was accessing to these servers. It's for this reason I though about Dropbox because it's the only thing we all have in common on our computers. – Julqas Jun 17 '16 at 14:34
  • We unfortunatly a small pipe of 8MB for internet. From the graphs, connections to EC2 servers take 33% of these 8MB during the day, with peaks to 90% sometimes (24.92GB of data IN, 1,47GB of data OUT in one day of work). When there isn't anyone connected (tested at 2 or 3AM), we have the full speed available. – Julqas Jun 17 '16 at 14:36
  • When I look all data coming IN the network in one day, ordered by Trafic DESC, 95/100 are from EC2 servers. So I really think it's the problem here.. but not knowing how to be sure. – Julqas Jun 17 '16 at 14:42
0

It would not surprise me at all if this is Dropbox.

You have to stay awake long enough (not easy when reading most of what qualifies as cloud-related "news") to find this nugget in the article @ceejayoz linked to:

Despite those accidents and everything else, Dropbox made its deadline. And it dropped those contracts with Amazon. The company continues to use the Amazon cloud in Europe—just because the business is growing in a less predictable way in Europe

Aha.

Now, couple this with my own experience with the Dropbox client's unacceptably aggressive behavior on my network in the US, and I it's a strong candidate for suspicion.

With a 100 Mbit/sec pipe serving essentially nothing but desktops, I've never had to choke traffic, before, but I had to implement a "drop" rate-limiting policy on my 100 Mbit/sec Internet pipe, restricting Dropbox's known IP ranges down to a more reasonable level on inbound traffic. The day this disruptive traffic level first surfaced, a few weeks ago, the traffic was so intense that not only was the 100 Mbit/sec pipe almost unusable, it even got the upstream ISP's attention... and I never hear from them. Since I last reset the counters about 5 weeks ago, I've logged over 250GB inbound from the Dropbox IP space, and it's a constant drone all day long.

No wonder they needed to cut costs.

It is easy enough, for you, to identify the actual cause of the traffic -- identify a machine inside that's responsible for one or more of these connections, and then find the program running on that machine that has a socket open to the destination. Unfortunately, you will have a more difficult time than I did trying to restrict the traffic, because if they are still operating in the cloud, those IP addresses are not going to be in contiguous blocks, and other sites, will be impaired for you, if you try to restrict traffic by IP addresses.

The client software may have settings to control the behavior, but frankly, their software behaved so badly that I wasn't curious enough to care. I choked it. Problem solved.

Michael - sqlbot
  • 22,658
  • 2
  • 63
  • 86