The above graph plots global scores over time for the top 13 providers in 2009. Since the exact numeric score is not that meaningful in this context, we will not provide the scale in our graphs. Rather, we will show how the scores changed over the year and consider some of the reasons behind these changes. The first thing to note is that membership in this elite set of top global providers did not change in the last two years. The next thing to note is that within this set, there are distinct tiers, where members of each tier vie for position. These details will emerge as we enlarge the scale and break the group into three distinct clusters, namely, the top two, the middle seven, and the final four. In these expanded graphs, the changes will be more obvious and we'll make note of some of the more interesting ones.

In 2006, when Renesys first started ranking providers, Sprint (AS 1239) had a commanding lead with a global score of almost 25% more than second-place Level 3 (AS 3356). In 2009, Level 3 pulled away from largely stagnant Sprint, opening up a roughly 12% lead. In the spring of 2009, Level 3 gained nLayer (AS 4436) as a customer, which Renesys ranks as #12 in the US, thereby giving Level 3 a substantial boost in score. They also picked up KDDI (AS 2516) as a customer, the #2 ranked provider in Japan. Finally, Level 3 won increased transit from Japan's Softbank Telecom (AS 4725), Europe's Interoute Communications (AS 8928), Turkey's TTnet (AS 9121) and a wide variety of other strong regional players. In short, Level 3 is aggressively gaining Internet transit business around the globe in both established and emerging markets, while Sprint, still solidly in the #2 position, appears to be largely treading water.

Looking at the second cluster of providers, it is readily apparent that Global Crossing (AS 3549) is in firm control of the #3 spot, but their growth slowed considerably in 2009 over 2008. In 2008, Global Crossing's score increased by almost 50%, as they vaulted from #5 to #3. Their score increased 11% in 2009, leaving them safely in #3 with no clear challengers, but still a long way from the #2 position at three quarters of the size of Sprint.

Savvis (AS 3561) surged upward by over 25% in the summer, in large measure by winning Asia Netcom's (AS 10026) business. But then they fell back considerably by losing Singapore Telecom (AS 7473) and Comcast (AS 7922) in the fall, ending the year with a score of around 8% higher than at the start.

TeliaSonera (AS 1299) rose by over 20% during the year, around a quarter of the increase due to gaining Russia's Rostelecom (AS 12389) as a customer. Tata (AS 6453) entered this middle tier of providers in 2009 from the bottom tier in 2008 by consistently winning business throughout the world, including Serbia's Telekom Srbija (AS 8400), UAE's Emirates Telecommunications (AS 8966), the US's Road Runner (AS 7843) and Comcast (AS 7922), South Korea's Hanaro (AS 9318) and many others. As a result, Tata has now passed AT&T (AS 7018) to capture the #8 global ranking.

The remaining members of this tier, AT&T (AS 7018), Verizon (AS 701) and NTT (AS 2914), like Sprint in the top tier, largely treaded water in 2009.

Within the final set of providers under consideration, both Tinet (AS 3257) and China Telecom (AS 4134) showed significant spikes in score in 2009. In April, Tinet saw increased transit from Interoute (AS 8928) and, in November, they picked up Singapore Telecom (AS 7473) as a customer. China Telecom's growth was of a very different nature: they grew by routing more address space on behalf of themselves, not by entering new markets. Rounding out this final group, we see Cogent (AS 174) with slow and steady growth throughout the year, while Qwest's (AS 209) score remained essentially constant.

Finally, note that large global providers are not necessarily transit-free, sometimes called Tier 1, providers. Tinet and China Telecom, who made our rankings, are not transit-free, whereas, XO (AS 2828) and Abovenet (AS 6461), who did not make our rankings, are.

Conclusions
Internet transit is an increasingly tough business, as prices continue to collapse. The emerging markets in Asia and the Middle East with their relativity low Internet penetration and higher margins remain a bright spot. These markets still offer enormous potential and providers willing and able to service them are growing and rising in our rankings. Those that do not service these areas are being left behind. For example, the US old guard of Sprint, AT&T and Verizon are at a virtual standstill, China is growing but without diversity, and Level 3 and Tata, two companies to keep your eye on, are growing thanks to strong global diversity.

But we hasten to point out that market share does not imply profitability or even a well-run, resilient and stable network. So we would never suggest you pick your providers based on Renesys market share rankings alone. While declining market share might indicate a problem, a growing company is worth your business only if they meet your service needs and are going to be around tomorrow. Objective rankings, by their very nature, cannot be tailored for each consumer's needs, but they can contribute meaningfully to informed business decisions.

The Internet is carved up into IP blocks (called prefixes) which make management of the network easier. Each provider learns about the prefixes of other providers by passing the knowledge around (like a game of 'telephone'). Google directly advertises or provides service to approximately 190 different prefixes, so the Internet learns how to reach Google based on the relationships Google has.

When trying to reach Google, then, any inbound traffic to them needs to pass across other providers with whom Google has a BGP routing relationship. We'll look at a very obvious shift in the number of other Internet providers who started reaching Google differently during yesterday's event.

Even though Google is very well-connected to a diverse set of other networks, two of these relationships predominate. It is through these relationships that much of the Internet reaches Google. If we look at Google's primary providers, Level 3 (ASN 3356) and AT&T (ASN 7018), we see that these are very important relationships to Google, since in the case of Level 3, just under 80% of peers choose to reach Google via Level 3 for just over half of all of Google's prefixes.

During yesterday's routing instability, Google's prefixes shifted to different relationships. When automatic, this sort of change is a key feature of redundancy. Sometimes such changes are motivated from a business change. Over the course of yesterday's instability, virtually all of our peers, at one time or another, chose to reach many of Google prefixes through NTT (ASN 2914), what had been a far less important relationship.

Note that the bar chart above is showing the total percentage of Google's approximately 190 prefixes and the total percentage of peers (different vantage points on the Internet) choosing to reach Google through NTT. At no single time did the entire Internet choose to reach Google through NTT, but over the course of the event, almost everybody tried to reach Google on this path.

Before yesterday's event, NTT was not so important an inbound path to Google. In fact, NTT carried very few of Google's prefixes (only 16) and was the preferred path to Google for only 10% of our peers. During several different bursts of announcements, this relationship became a much more important inbound path to Google.

In one particular series of routing changes, which started at around 14:45 UTC, several major providers, e.g. Deutsche Telekom (ASN 3320), Teleglobe (ASN 6453), Telia (ASN 1299), and even, peculiarly, AT&T (ASN 7018) started choosing to reach Google through NTT.

While yesterday's instability was disruptive to Google users all over the Internet, we are happy to report that it's back to business as usual with one of the most robust services on the Internet.

To understand the problem, let's first provide some background. As readers of this blog will know, every organization responsible for Internet routing has two things under their control: block(s) of IP addresses (prefixes) and an identifying number, or ASN. Like IP addresses themselves, ASNs are also running out, at least the old style ones. The original Internet designers allocated only 2 bytes for storing ASNs, which means at most 65,536 of them. Since then, ASNs have been largely allocated consecutively starting at 1, with Phosworks Drift & Services getting the most recent allocation of ASN 49232. Reserved (private) ASNs are at the high end of the range, starting at 64512. So this means that at present we only have about 15 thousand 2-byte ASNs remaining unassigned.

If there weren't an alternative, the 2-byte limitation for ASNs would mean that before too much longer, there would be no new members of the Internet routing club: no new ISPs and no companies with multiple providers and direct control of their routing. Fortunately, there is an alternative available today, and that is 4-byte ASNs. RIPE has been assigning them by default since the start of 2009. But unlike IPv6, the proposed alternative to dwindling IPv4 addresses, 4-byte ASNs can seamlessly and safely co-exist with 2-byte ASNs. No complete overhaul of the Internet is required.

Returning to our story, if 4-byte ASNs are available and interoperate with 2-byte ASNs, there shouldn't be any problems with announcing them anyway we want today. Yeah right. The African Network Operators' Group (AfNOG) will soon be meeting in Cairo, Egypt, and plans to be multi-homed. They acquired the 4-byte ASN 327686, which equals 5*(2¹⁶) + 6 and hence is also written as 5.6, and planned to use it as stated here:

One of the aims of this setup is to demonstrate that 32-bit ASNs do work and people should not steer away from them, especially since the pool of 16-bit ASNs is shrinking fast. A showcase network goes a long way in this regard.

Now, AfNOG does have an IPv4 prefix, 196.200.208.0/20, and a traditional 2-byte ASN, namely 37095, at their disposal. On 30 April at 17:21:49 UTC, we started seeing the 2-byte ASN announcing this prefix, but with ridiculously long AS paths like

• 24863 37095 37095 37095 37095 37095 37095 37095 37095 37095 37095 37095

• 24863 327686 327686 327686 327686 327686 327686 327686 327686 327686 327686 37095

So what happened? Well, not everyone can afford a Cisco or Juniper router. Some folks make do with cheap Linux boxes running the free routing software called Quagga. And you guessed it! Older versions of Quagga have a buffer overflow problem, dropping the associated BGP sessions like a brick when they saw this announcement. The latest Quagga release, 0.99.11, came out on 2 October 2008. The prior version had the following gem of a comment.

  /* ASN takes 5 chars at least, plus seperator, see below.
   * If there is one differing segment type, we need an additional
   * 2 chars for segment delimiters, and the final '\0'.
   * Hopefully this is large enough to avoid hitting the realloc
   * code below for most common sequences.
   *
   * With 32bit ASNs, this range will increase, but only worth changing
   * once there are significant numbers of ASN >= 100000
   */

Looking for the positive, it was nice to see some diversity on the Internet with respect to routing. Imagine if this had been a Cisco bug? Still we found it surprising to see the number and variety of organizations running Quagga in a production environment. The following graph gives the per-country distribution of prefixes for every country with at least 10 outages due to this bug.

The lessons are obvious. If you don't check user input and don't allocate sufficient memory, bad things will ultimately happen. Every possible permutation that you can think of, and perhaps some that you can't, will eventually be tried by someone, either accidentally or on purpose. So far, we're mainly seeing the former, which is good news. Ultimately though, bugs need to be found in lab, not in the production Internet.

Although they certainly could, countries typically don't exercise any control over the routing hygiene of the companies operating within their borders. Countries might tax those companies, filter their traffic for objectionable content, mandate the types of software or equipment they can use and even spy on them, but if a company wants to screw up routing on the global Internet, well that's their business. As we've noted in the past, no driver's license is required on the Information Superhighway, as there are essentially no rules, regulations or enforcement. So in this blog entry, we'll apply our scoring idea to those who can easily effect change, namely, those organizations who are ultimately responsible for how traffic flows on the Internet.

]]> At first, this exercise might seem pretty straightforward: pick your favorite company or organization, compare their stated routing policies to reality, and give them a score based on the difference. But on the Internet, nothing is ever so simple, especially when it involves any sort of attribution. Simply identifying a company's Internet presence is complicated by mergers, buyouts, spin-offs and other aspects of modern capitalism. How can you hope to sort it all out? Well, there is only one thing you can really count on: anyone managing routing on the Internet must have one or more blocks of IP addresses (prefixes) and at least one "identifying" number, an Autonomous System Number (ASN). At some point in time, these things must have been doled out by some authority of sorts. That's about it. The person who requested these values (essentially a bunch of integers) might be long dead as might be the original company. And the associated administrative records might no longer be accurate or even maintained, but some IP addresses and an ASN are all you need to route traffic on the Internet. Once you've acquired these, you are free to proudly assert your presence to humanity and thereby consume a little bit of memory in every router on the planet.

In fairness, the overwhelming number of organizations we see on the Internet have only one or a handful of prefixes. These organizations are easy to identify, as they have little to begin with and hence little to have gone stale. But large companies and old timers to the Internet are rarely so fortunate. Let's take AT&T as one example. In the US, AT&T was the phone company for a very long time, until they were broken up by the courts and a newly formed AT&T became just a much smaller part of the original whole. This greatly diminished AT&T was ultimately acquired by SBC Communications, as was Ameritech, Bell South and others, and eventually the entire collection was renamed to simply "AT&T".

So what does AT&T look like on the Internet today? Old hands will think of it as ASN 7018, but we can actually associate almost 100 different ASNs with this single organization, about half of which are announcing prefixes. These are registered under a variety of names such as AT&T Network Systems, AT&T Internet Services, AT&T Global Network Services and almost 40 others. We even still see names containing SBC (and no mention of AT&T) and the now extinct Rogers AT&T Wireless (AS 20453). However, AS 20453 continues to announce Rogers' prefixes (over 70 of them) on the Internet, but AT&T is not one of their providers. So while Rogers ended their partnership with AT&T, no one updated the associated ASN registration. Talk about confusing.

The situation looks grim until you realize that there are actually three sources of (potentially imperfect) information that can be combined to help ferret out the truth:

• registration information for ASNs and prefixes
• current routing information
• open source intelligence, e.g., news, press releases, Wikipedia, etc

Intelligently analyzing these different inputs, we can finally list out all the organizations on the Internet: their ASNs (if any) and associated prefixes. And once we have that, we can give them a score based on their routing hygiene, exactly as we did in our blog entry for individual countries. Despite the fact that there are only around 31,000 unique ASNs seen on the Internet at present, we manage to find around 75,000 organizations, as not everyone with a registered prefix also has an ASN. (In these cases, their provider typically handles the routing of their prefix.)

We found over 13,000 organizations who managed a perfect score of 100, although all but 218 of them had fewer than 10 prefixes. While a small number of prefixes makes their administration easier, it is not a guarantee of success. One organization with 2 prefixes scored an embarrassing 9 out of a 100 on our scale. For those with at least 10 prefixes to manage, the following scatter plot gives the distribution. As we saw with countries, the more prefixes you have, the harder it is to keep everything straight and attain a good score. And while many manage to do a very good job, the overall results are quite varied, especially when you recall that doing essentially nothing will land you around 25 on our scale, and you have to do less than nothing to rate below that. Still almost 5,000 organizations manage to score below 25.

The overall winner in this exercise was Kazakh Telecom with a perfect score of 100 for over 150 prefixes. Airtel Broadband and Telephone Services (ABTS) came within a quarter of a point of a perfect score for their couple of hundred prefixes. At the other end of the spectrum, China Enterprise Communications Ltd. (CEC), in which Tata Communications recently acquired a 50% stake, barely managed a score of 20. CEC is around one point behind our second to last place finisher, the AARP, a US non-profit organization for people over 50. Overall, it's clear that there is a lot of room for improvement for most organizations, but if the Internet is ever going to have any measure of accountability, it is going to have to start with those who control the IP space and orchestrate global routing. Without attribution, there can be no accountability and no hope of improving upon the current situation.

Update: The earlier version of this blog inadvertently misclassified a number of registered networks due to a software bug in a script used for displaying the data. The scoring algorithm remains unchanged.