photo by curiouslee on Flickr
Renesys is headed to RightsCon next week, to bring some data to the discussions around evolving Internet localization, the economics of infrastructure diversification, and the role of the private sector in strengthening and stabilizing Internet service delivery worldwide.
When we talk to our customers about Internet instability (international service providers, multinational enterprises, cloud and content providers), we hear things that suggest that the interests of digital citizens and global enterprises are (in this case, at least) strongly aligned. Outside of a few special interests, nobody profits from unstable, unreliable Internet that’s subject to arbitrary political control, throttling, and shutdowns. Disruptions in Internet service make it more expensive for our customers to reliably deliver their global services to hundreds of millions of consumers worldwide.
How resilient the Internet actually is, of course, depends on where you look. Just within the last week, bloody crises in Syria, Ukraine, and Venezuela have all created conditions under which one might expect to see Internet outages emerge — and yet, the outcomes have been very different. Syria suffered another in its sequence of near-total national outages, while Venezuela’s outages were much more limited, consisting largely of slowdowns rather than outright cutoffs. Ukraine’s Internet managed to stay almost completely intact, delivering realtime video of the Euromaidan and other protest sites to viewers around the world without interruption for weeks on end.
What explains these different Internet outcomes?
To understand why some countries’ Internet is more fragile than others, it may help to revisit the Internet structural diversity model first described in our blog from November 2012, “Could it Happen in Your Country?” Today we’ll take a look at how the world’s Internet markets have grown and diversified, and see what we can learn from the evolution of that model over the last year, looking specifically at these three conflict regions.
|Review of the modelOur model is based on direct observation of each nation’s contribution to the global Internet routing table, and creating a census of various kinds of providers within each country. We classified each of the Internet’s autonomous systems as “domestic” or “international,” based on a simple test of single-country customer concentration.|
|We then identified each country’s set of frontier service providers: the set of domestic autonomous systems that purchase international transit services directly from foreign providers.Because an Internet shutdown order must be applied across a range of frontier service providers, to first approximation, “more is better” when it comes to keeping the Internet connected within a country.|
Over time, we predict that
- diversity will increase (that is, that more and more ISPs within each country will demand direct access to international transit providers) and that
- as a result, vulnerability to Internet shutdown will decrease worldwide.
We divide the countries of the world into four tiers:
|If you have only 1 or 2 companies at your international frontier, Renesys classifies your country as being at severe risk of Internet disconnection.||Examples: Syria, Turkmenistan, Ethiopia, Uzbekistan, Myanmar, Yemen.|
|If you have fewer than 10 service providers at your international frontier, your country is probably exposed to some moderate to significant risk of Internet disconnection. Ten providers also seems to be the threshold below which one finds significant additional risks from infrastructure sharing — there may be a single cable, or a single physical-layer provider who actually owns most of the infrastructure on which the various providers offer their services.||Examples: Oman, Rwanda, Pakistan, Armenia.|
|If you have at least 10 internationally-connected service providers, but no more than 40, your risk of disconnection is fairly low. Given a determined effort, it’s plausible that the Internet could be shut down over a period of days or weeks, but it would be hard to implement and even harder to maintain that state of blackout.||Examples: Bahrain, India, Israel, Vietnam, Turkey, Mexico.|
|Finally, if you have more than 40 providers at your frontier, your country is likely to be extremely resistant to Internet disconnection. There are just too many paths into and out of the country, too many independent providers who would have to be coerced or damaged, to make a rapid countrywide shutdown plausible to execute. A government might significantly impair Internet connectivity by shutting down large providers, but there would still be a deep pool of persistent paths to the global Internet.||Examples: United States, Russia, Canada, France, Germany.|
Sanity-checking the model
|As we reported midway through 2013, the set of observed nationwide Internet outages did appear to correspond to countries we deemed to be at higher risk. There were also surprises, which revealed additional modes of single-point failure: Bangladesh (at the time, entirely reliant on a single submarine cable landing), and Lebanon (where Ogero’s retention of control over the newly-landed IMEWE cable greatly reduced the country’s existing provider diversity).|
Since then, we’ve seen additional evidence of the protective effect of national provider diversity. As we continue to tweet about nation-scale Internet outages, the “severe risk” and “moderate risk” countries continue to be overrepresented (for example, Cuba, Uzbekistan, Libya, Syria, Sierra Leone, and Central African Republic, just within the last few months).
Internet at Risk: Updates for 2014
First, some hopeful news.
- Eight countries grew their international frontier beyond 2 providers, graduating from “severe risk” to “significant risk:” Guyana, Ivory Coast, Guinea, Somalia, South Sudan, Libya, and (believe it or not) Vatican City. Libya and South Sudan, in particular, have done well to achieve this level of diversification in the wake of significant unrest (cf. tweets here and here). Somalia is similar to Afghanistan in some respects, gaining diversity because of its inherent decentralization; Somaliland gained better connectivity through Djibouti since 2012, independent of existing routes to Southern Somalia.
- Three countries escaped the “moderate risk of disconnection” category by growing beyond 9 providers: El Salvador, the Dominican Republic, and the Democratic Republic of the Congo (where Internet service has been relatively stable despite the spillover of violence from the Central African Republic).
- Five countries were able to pass the 40 provider mark, promoting themselves to the least-risky tier.
- China nearly doubled its frontier set, adding internationally-connected autonomous systems in Beijing and Shanghai, as well as in Hong Kong/Shenzhen.
- Colombia increased its frontier set by 50%, with strong growth in Bogota thanks to new transit and new foreign investment in the telecommunications industry.
- South Africa also grew by 50%, thanks to increased availability of international services from Tata, Level3, Cogent, NTT, Telecom Italia Sparkle, and PCCW.
- Finally, Greece and Croatia both enjoyed modest single-digit growth, reaching 43 frontier ASNs apiece.
Not all the movements were positive.
- Neighboring countries Azerbaijan and Iran both slipped back below 10 providers at the international frontier, putting them at more significant risk of disconnection. Ironically, in this case the appearance of an extremely attractive Internet connectivity option (the EPEG terrestrial cable) may have resulted in the concentration of Internet transit in the hands of the controlling provider, triggering a reduction in diversity similar to that experienced by Lebanon in 2012.
- Martinique, New Caledonia, and the British Virgin Islands slipped below 3 providers at the frontier. Small island nations consistently pose the greatest risk of being accidentally disconnected from the Internet, for obvious reasons that have little to do with politics.
Worldwide, the majority of countries (56% of the 234 we surveyed) were stable; that is, their frontier set changed by no more than a single provider up or down since November 2012. Of the remainder, advances outnumbered declines by more than 2:1, suggesting that the global Internet is, indeed, moving toward greater diversity.
Comparing Internet outcomes across conflict regions
In this light, we can compare the specific impacts of last week’s violence in Syria, Venezuela, and Ukraine on their national Internet stability.
- Syria remains mired in the “at severe risk of disconnection” category, with only 2 internationally-connected domestic providers: the Syrian Telecommunications Establishment (AS29386), and the revived Syrian Computer Society (AS24814). Despite the on-again, off-again backup connectivity to Turkish providers through Aleppo, the Syrian national internet continues to be exceptionally fragile, suffering periodic nationwide outages. By contrast, regional neighbors Jordan, Iraq, and Lebanon each have more than 10 providers at their international frontiers.
- Venezuela is in a much better position, with 23 internationally-connected domestic providers (in our “low risk of disconnection” tier). Venezuela could stand to have more international diversity, compared to neighbors Colombia (42) or Brazil (279). But the total number of pathways in and out of the country includes direct foreign connectivity for Venezuelan providers such as CANTV, Inter, Net Uno, Digitel, Dayco, IFX, and CENIT.
- Ukraine has a strong and diverse Internet frontier, with more than 200 domestic autonomous systems purchasing direct international transit (out of a total of more than 1,650 domestic ASNs). The roads and railways of Ukraine are densely threaded with tens of thousands of miles of fiberoptic cable, connecting their neighbors to the south and east (including Russia) with European Internet markets. The country has a well-developed set of at least eight regional Internet exchanges, as well as direct connections over diverse physical paths to the major Western European exchanges. At this level of maturity, our model predicts that the chances of a successful single-event Internet shutdown are extremely low. And indeed, throughout the many weeks of Euromaidan protests, Renesys saw little or no evidence of significant Internet impairment.
We acknowledge the limitations of such a simple model in predicting complex events such as Internet shutdowns. Many factors can contribute to making countries more fragile than they appear at the surface (for example, shared physical infrastructure under the control of a central authority, or the physical limitations of a few shared fiberoptic connections to distant countries).
It’s also clear that hidden central points of failure can also be introduced at entirely different “layers” of the networking stack, as demonstrated by China’s Great DNS Failure, which made large numbers of popular domains unreachable, while leaving the routing infrastructure intact.
If there is a general lesson to be learned, we suspect that the best way to protect the Internet from throttling, terrorism, and disconnection is simply to build more of it — more autonomous systems, more physically diverse routes, more cable systems, more Internet exchange points, more peering, more interconnection in more buildings in more cities, every year. It’s only when a region is starved for diverse access (rural communities in the United States) or starved for diverse international connectivity (incumbent-dominated economies in emerging markets) or designed for centralized monitoring and control (China’s Great Firewall) that the Internet remains fragile and subject to broad-scale interruption.
Facebook’s purchase of WhatsApp is a timely economic reminder that the primary sources of online consumer growth for the next 10 years will be found outside the English-speaking world. Enterprises are only now coming to terms with the challenges of maintaining connectivity to that global population, across an Internet whose paths can have highly variable (indeed, often mysterious) performance. One at a time, each of the countries of the world is finding its way toward a level of physical- and logical-level connectivity that will make Internet kill switches a dim memory from the Internet’s troubled youth.
About the Author
Jim Cowie is the Chief Scientist at Dyn. Previously, Jim was the founder and CTO of Renesys, the Internet Intelligence Authority, which Dyn acquired in 2014.Follow on Twitter More Content by Jim Cowie