The Unholy Trinity of Internet Outages
Description
A two-panel meme from the Harry Potter film series. The top panel shows Professor McGonagall looking sternly with the subtitle, 'Why is it, when something happens, it is always you three?'. The bottom panel shows the main characters Hermione Granger, Ron Weasley, and Harry Potter looking sheepish. Each character is labeled with a common culprit for major internet and system failures: Hermione is 'BGP' (Border Gateway Protocol), Ron is 'DNS' (Domain Name System), and Harry is 'CVE' (Common Vulnerabilities and Exposures). The meme humorously equates the frequent involvement of the movie trio in magical troubles to the high frequency with which BGP misconfigurations, DNS failures, and security vulnerabilities are the root causes of widespread technical incidents. This resonates with any senior engineer who has been through a major outage investigation
Comments
7Comment deleted
It's always DNS, a BGP misconfiguration, or a zero-day CVE. The only mystery is which one gets to be the scapegoat in the post-mortem this time
Post-mortem summary: BGP announced the wrong /0, DNS obediently cached the lie, CVE handed it an exploit, and our SLA evaporated faster than the incident channel filled with “@here”
After 20 years in tech, I've learned that every major outage postmortem eventually leads to one of the unholy trinity: BGP route leaks taking down half the internet, DNS cache poisoning because someone forgot DNSSEC, or that CVE from 2017 you swore you'd patch 'next sprint.' The real magic at Hogwarts was keeping all three stable simultaneously
Every SRE knows this trio intimately: BGP decides to reroute half the internet through someone's basement, DNS forgets how to resolve anything at 3 AM, and CVE drops a critical zero-day right before your vacation. It's never the elegant microservice architecture or the carefully crafted Kubernetes manifests - it's always these three foundational protocols reminding you that the internet is held together with duct tape and prayer. The real kicker? Your monitoring catches it 20 minutes after Twitter does
Sev-0 bingo: a BGP route leak, a DNS TTL set to “forever,” or a CVE with a logo - most postmortems just permute those three
Incident triage heuristic: global outage -> BGP; regional-only -> DNS; if the CISO joins the call, it’s a CVE - and the RCA quietly blames a stale TTL and anycast misroute
Post-mortem ritual: 'Was it BGP? DNS? Nah, CVE zero-day' - rinse, repeat, never the app