• Skip to primary navigation
  • Skip to main content
  • Skip to footer

Cisco Umbrella

Enterprise network security

  • Contact Sales
  • Login
    • Umbrella Login
    • Cloudlock Login
  • Search
Search
  • Why Us
    • Why Cisco Umbrella
      • Why Try Umbrella
      • Why DNS Security
      • Why Umbrella SASE
      • Our Customers
      • Customer Stories
      • Why Cisco Security
    • Fast Reliable Cloud
      • Global Cloud Architecture
      • Cloud Network Status
      • Global Cloud Network Activity
    • Unmatched Intelligence
      • A New Approach to Cybersecurity
      • Interactive Intelligence
      • Cyber Attack Prevention
      • Umbrella and Cisco Talos Threat Intelligence
    • Extensive Integrations
      • IT Security Integrations
      • Hardware Integrations
      • Meraki Integration
      • Cisco Security for Chromebook
  • Products
    • Cisco Umbrella Products
      • Cisco Umbrella Cloud Security Service
      • Recursive DNS Services
      • Cisco Umbrella SIG
      • Umbrella Investigate
      • What’s New
    • Product Packages
      • Cisco Umbrella and Cisco Secure Access Packages
      • – DNS Security Essentials Package
      • – DNS Security Advantage Package
      • – SIG Essentials Package
      • – SIG Advantage Package
      • Umbrella Support Packages
      • Cisco Umbrella for Government Packages
    • Functionality
      • DNS-Layer Security
      • Secure Web Gateway
      • Cloud Access Security Broker (CASB)
      • Cloud Data Loss Prevention (DLP)
      • Cloud-Delivered Firewall
      • Cloud Malware Protection
      • Remote Browser Isolation (RBI)
    • Man on a laptop with headphones on. He is attending a Cisco Umbrella Live Demo
  • Solutions
    • SASE & SSE Solutions
      • Your SSE journey with Cisco
      • Cisco Umbrella SASE
      • Secure Access Service Edge (SASE)
      • What is SASE
    • Functionality Solutions
      • Web Content Filtering
      • Secure Direct Internet Access
      • Shadow IT Discovery & App Blocking
      • Fast Incident Response
      • Unified Threat Management
      • Protect Mobile Users
      • Securing Remote and Roaming Users
      • Umbrella and Duo Layered Protection
    • Network Solutions
      • Guest Wi-Fi Security
      • SD-WAN Security
      • Off-Network Endpoint Security
    • Industry Solutions
      • Government and Public Sector Cybersecurity
      • Financial Services Security
        • – FTC Safeguards Rule Compliance 2023
      • Cybersecurity for Manufacturing
      • Higher Education Security
      • K-12 Schools Security
      • Healthcare, Retail and Hospitality Security
      • Enterprise Cloud Security
      • Small Business Cybersecurity
  • Resources
    • Content Library
      • Top Resources
      • Research Reports
      • Case Studies
      • Videos
      • Datasheets
      • eBooks
      • Solution Briefs
      • Cybersecurity Webinars
    • International Documents
      • Deutsch/German
      • Español/Spanish
      • Français/French
      • Italiano/Italian
      • 日本語/Japanese
    • Security Definitions
      • What is DNS Security
      • What is a Secure Web Gateway
      • What is a Cloud Access Security Broker (CASB)
      • What is Security Service Edge (SSE)
      • What is Secure Access Service Edge (SASE)
      • Cyber Threat Categories and Definitions
    • For Customers
      • Support
      • Customer Success Webinars
      • Free Trial Quick Start Guide
      • Free Trial Help and Tips
  • Trends & Threats
    • Market Trends
      • Generative AI Cybersecurity Risks and Rewards
      • Hybrid Workforce
      • Rise of Remote Workers
      • Secure Internet Gateway (SIG)
    • Security Threats
      • How to Stop Phishing Attacks
      • Malware Detection and Protection
      • Ransomware is on the Rise
      • Cryptomining Malware Protection
      • Cybersecurity Threat Landscape
      • Global Cyber Threat Intelligence
    •  
    • Woman connecting confidently to any device anywhere
  • Partners
    • Channel Partners
      • Partner Program
      • Become a Partner
    • Service Providers
      • Secure Connectivity
      • Managed Security for MSSPs
      • Managed IT for MSPs
    •  
    • Person looking down at laptop. They are connecting and working securely
  • Blog
    • News & Product Posts
      • Latest Posts
      • Products & Services
      • Customer Focus
      • Feature Spotlight
    • Cybersecurity Posts
      • Security
      • Threats
      • Cybersecurity Threat Spotlight
      • Research
    •  
    • Register for a webinar - with illustration of connecting securely to the cloud
  • Contact Us
  • Umbrella Login
  • Cloudlock Login
  • Free Trial
Clearing search keywords
Spotlight

Cisco Umbrella Customers Up and Running Despite Major Transit Provider Disruption

Author avatar of Chandrodaya PrasadChandrodaya Prasad
Updated — February 28, 2023 • 4 minute read
View blog >

In today’s always-on, work from anywhere world, connectivity and performance are everything. The network is the foundation of getting work done. When the network experiences performance issues, businesses — their customers, partners, and employees — all suffer. A dropped video call can prevent a sale from moving through. An error message when loading a small business storefront web page can negatively impact the customer experience and the business brand image. Whatever the industry, connectivity is a crucial component of success.

On October 14, 2021, one of our main transit providers suffered a severe network issue, which impaired its transatlantic connectivity across the globe. Although the transit provider disruption lasted approximately 12 hours, Cisco Umbrella customers experienced virtually no interruption. Just a few minutes after the problem started, Umbrella’s systems automatically mitigated the internal data packet loss by rerouting traffic over different providers to avoid trouble spots. After that, our automation allowed us to completely remove that transit provider from the path between our customers and our Umbrella security services.

Umbrella’s cloud-native architecture was built for moments like this. Here’s how we mitigated disaster for our customers and kept them from experiencing significant downtime, disruption, and data loss.

Mitigating Outages With Cisco Umbrella’s Self-Healing, Highly Automated Architecture

We noticed the transit provider outage on our monitoring systems right away. Over two dozen Cisco Umbrella data centers (and other internet service providers (ISPs) with whom we partner) were using that transit provider to connect to the internet. Immediately, almost all sites started seeing full data packet loss and were not reaching their intended destinations.

But almost just as quickly, after that initial spike, the data packet loss levels across the Umbrella global cloud architecture dropped to normal levels.

How?

Sophisticated automation, built and run by expert engineers, saved the day. We designed the system to have complete visibility into all the combinations available to route internal traffic. When it detects that the current one is no longer the best (either in terms of packet loss or latency), it picks another combination of ISPs and changes the routing accordingly. This agile and flexible architecture enables us to continuously deliver new capabilities seamlessly to our customers, without business downtime, even in the face of connectivity crises across interconnected transit providers, ISPs, content delivery networks, and more.

Designing Solutions to Keep Network Performance Disruptions From Turning Into Disasters

Even though the connectivity and network performance problems with the transit provider remained unresolved for 12 more hours, customer traffic pointed to the Cisco Umbrella IP address got right back on track. This occurred because our engineering teams have developed a variety of tools to ensure extraordinary resilience and performance, and two of them are pivotal to keeping our customers up and running.

For most cases, when a transit provider or other ISP has a disruption or network performance issue, we automatically reroute traffic away from any of the affected sites. An automated system (dubbed the “Transit Terminator”) detects the issue and shuts the Border Gateway Protocol (BGP) session down automatically. This is ideal for a scenario where the disruptions are confined to a relatively contained number of site locations.

However, for scenarios like this one, where a very large number of Umbrella sites are impacted by a transit provider or other ISP problem, the Transit Terminator can lead to site overload and data degradation on the remaining Umbrella sites, so it’s not the best long-term solution. For wide-scale disruptions like this, we built a different tool, the “ISP global shutdown tool.” In this case, we needed to completely remove the faulty provider from our Umbrella customers’ paths. To do this, we needed to shut down the BGP sessions exactly at the same time on all the sites where the transit provider was present. By doing this, the entire network for that provider would lose all the direct routes towards our IP prefixes at the same time, and the traffic would get spread across all Umbrella sites, without overloading any specific one.

Building an automated tool to handle this exact circumstance saved time, manpower, and errors. Most importantly, it prevented our Umbrella customers from directly experiencing network performance issues related to the transit provider meltdown. Within minutes of the event, the on-call engineer diagnosed the scope of the issue and used the ISP global shutdown tool to select the specific transit provider network for which we needed to stop all sessions. The traffic through that ISP went to zero immediately, keeping traffic flowing through the Umbrella network on providers that were up and operational.

Cisco Umbrella’s battle-hardened architecture is built and run by an experienced team with decades of experience spanning security, networking, cloud-native architecture, threat research, data science, and more. We applaud their dedication and determination to prevent chaos for our customers.

Want to Learn More? 

We have resources aplenty discussing how Cisco’s global cloud architecture delivers network resiliency and reliability. We’ve also written an article that outlines another instance where Cisco Umbrella protected customers from outages.

We also provide a deep dive into our engineers’ analysis of mitigating the disruption — with all the technical details — that you can access after a quick registration.

And if you’re ready to see what Cisco Umbrella can do for your organization? Sign up for a free 14-day trial today!

Start a free trial today

Block more threats, speed incident response, and improve internet performance.

Get your Free Trial

Although the transit provider disruption lasted approximately 12 hours, Cisco Umbrella customers experienced virtually no interruption...Umbrella’s cloud-native architecture was built for moments like this.

Post this quote

Additional Resources

  • Ebook: Cloud Security Comparison Guide
  • Signup for a free trial

Suggested Blogs

  • Where Do I Start With SASE Evaluations? Gartner® Report September 10, 2024 3 minute read
  • Cisco Umbrella: A Leader in the GigaOm Radar for DNS Security June 26, 2024 3 minute read
  • The Perfect Blend: Qdoba’s SASE Transformation May 30, 2023 2 minute read

Share this blog

FacebookTweetLinkedIn
Subscribe to the Cisco Umbrella blog Subscribe

Follow Us

Facebook X LinkedIn Youtube

Footer Sections

What we make

  • Cloud Security Service
  • DNS-Layer Network Security
  • Secure Web Gateway
  • Security Packages

Who we are

  • Global Cloud Architecture
  • Cloud Network Status
  • Cloud Network Activity
  • OpenDNS is now Umbrella
  • Cisco Umbrella Blog

Learn more

  • Webinars
  • Careers
  • Support
  • Cisco Umbrella Live Demo
  • Contact Sales
Umbrella by Cisco
208.67.222.222+208.67.220.220
2620:119:35::35+2620:119:53::53
Sign up for a Free Trial
  • Cisco Online Privacy Statement
  • Terms of Service
  • Sitemap

© 2025 Cisco Umbrella