Recently in Governance Category

{Updated; see below for lists of countries for easier reference, and a special offer for WCIT attendees. —jim}

How hard is it to disconnect a country from the Internet, really?

That's the number one question we've received about our analysis of the Egyptian and Syrian Internet blackouts, and it's a reasonable question. If the Internet is so famously resilient, designed to survive wars and calamities, how can it fail so abruptly and completely at the national level?

The key to the Internet's survival is the Internet's decentralization — and it's not uniform across the world. In some countries, international access to data and telecommunications services is heavily regulated. There may be only one or two companies who hold official licenses to carry voice and Internet traffic to and from the outside world, and they are required by law to mediate access for everyone else.

Under those circumstances, it's almost trivial for a government to issue an order that would take down the Internet. Make a few phone calls, or turn off power in a couple of central facilities, and you've (legally) disconnected the domestic Internet from the global Internet. Of course, this level of centralization also makes it much harder for the government to defend the nation's Internet infrastructure against a determined opponent, who knows they can do a lot of damage by hitting just a few targets.

This has been an exciting month for those of us who study the Internet's infrastructure and think about ways to keep it running (and growing). Did I say exciting? Maybe "exhausting" would be more accurate. From China, to Iran, to the US Congress, everyone seems to be wondering how best to control the Internet and bring it in line with local law.

And then came the latest iteration of the WikiLeaks drama.

Remember when the telephone company came to your house to hook up your phone and gave you a new phone number? This new number was how your friends and family were going to contact you. You counted on the telephone company to ensure that someone hadn't already been issued that number, because if they had, various problems would ensue. What would happen when your mom tried to call your number if it was also assigned to someone else? Could you directly call the other party to work out the problem? Well, in the BGP realm, something similar has been happening with autonomous system numbers (ASNs).

Organizations need an ASN to run BGP and route on the Internet. They are each assigned globally unique ASN(s) by their local Regional Internet Registry (RIR), who get them from IANA. A few weeks ago, the NANOG folks noticed that AS1712 had been registered by two different organizations (in France and Texas) that were both using the number to announce their separate network prefixes. ARIN issued a statement conveying that they were aware of the problem and were working to resolve it. We took a look at the data and found that AS1712 isn't the only dually-assigned ASN out there. In fact, even a root server didn't escape unscathed.

Seventy-five years ago today, on May 29th, 1934, Egyptian private radio stations fell silent, as the government shut them down in favor of a state monopoly on broadcast communication. Egyptian radio "hackers" (as we would style them today) had, over the course of about fifteen years, developed a burgeoning network of unofficial radio stations. They offered listeners an unfiltered, continuous mix of news, gossip, and live entertainment from low-powered transmitters located in private houses and businesses throughout Cairo.

It couldn't last. After two days of official radio silence, on May 31st, official state-sponsored radio stations (run by the Marconi company under special contract) began transmitting a clean slate of government-sanctioned programming, and the brief era of grass-roots Egyptian radio was over.

When we wrote about the issues surrounding the management of the L root, four questions came to mind immediately, which we will review here as way of a concluding blog on this topic. We also presented this work and our questions at NANOG 43 and OARC 2008 DNS-Operators Workshop. Unfortunately, we don't have many answers and welcome clarification from anyone in the know. The questions are

• Why wasn't ICANN using their own IP space?
• Why the change after 10 years?
• Why wasn't the old space simply given to ICANN?
• Why all the bogus L root servers?

We will summarize what we know about these issues.

IPv6 is dead, and I think pretty much everyone already knows it. I gave a presentation about IPv6 at TelecomNEXT in Las Vegas last week (full presentation archived here) entitled "Realities of IPv6 as the Future Network Layer". I regard it as a largely straightforward presentation of the facts: IPv6 is used by virtually no one, is not seeing significant adoption and has lost in the marketplace of new ideas. Since we will, in fact, run out of IPv4 address space eventually, and since IPv6 is obviously not the solution that people want for this problem, let's start working on a better one right away. Of course, the presentation contains juicy quotes like:

• "The market has spoken: IPv6 is the wrong technology at the wrong time and most organizations will profit from simply ignoring it"
• "NAT and IPv6 are both evil, but IPv6 is the more dangerous of the two."
• "IPv6 was designed with no migration strategy from the real Internet."

This perspective has been making a lot of people angry, since it implies (or rather, bluntly states) that those who have made significant investments in IPv6 have wasted their money, since we will obviously have to replace it with something else. I think that this conclusion is painfully obvious, but I guess lots of people are still deluding themselves. So who will win and who will lose in the ultimate failure of IPv6?