The Blind Routing the Blind


In our last blog entry, we talked about measuring the state of routing anarchy that exists on the Internet on a per-country basis. We looked at every routed network (prefix) by country of origin and tried to answer the question: do folks do what they say and say what they do, as articulated via routing registries? Although many manage to administer their routes with care, the overall results are quite varied. And without some way of verifying routes via some authoritative source, we are left only with the current system of believing everything we’re told and hoping for the best. The dangers of such a system are demonstrated dramatically from time to time.

Although they certainly could, countries typically don’t exercise any control over the routing hygiene of the companies operating within their borders. Countries might tax those companies, filter their traffic for objectionable content, mandate the types of software or equipment they can use and even spy on them, but if a company wants to screw up routing on the global Internet, well that’s their business. As we’ve noted in the past, no driver’s license is required on the Information Superhighway, as there are essentially no rules, regulations or enforcement. So in this blog entry, we’ll apply our scoring idea to those who can easily effect change, namely, those organizations who are ultimately responsible for how traffic flows on the Internet.

At first, this exercise might seem pretty straightforward: pick your favorite company or organization, compare their stated routing policies to reality, and give them a score based on the difference. But on the Internet, nothing is ever so simple, especially when it involves any sort of attribution. Simply identifying a company’s Internet presence is complicated by mergers, buyouts, spin-offs and other aspects of modern capitalism. How can you hope to sort it all out? Well, there is only one thing you can really count on: anyone managing routing on the Internet must have one or more blocks of IP addresses (prefixes) and at least one “identifying” number, an Autonomous System Number (ASN). At some point in time, these things must have been doled out by some authority of sorts. That’s about it. The person who requested these values (essentially a bunch of integers) might be long dead as might be the original company. And the associated administrative records might no longer be accurate or even maintained, but some IP addresses and an ASN are all you need to route traffic on the Internet. Once you’ve acquired these, you are free to proudly assert your presence to humanity and thereby consume a little bit of memory in every router on the planet.

In fairness, the overwhelming number of organizations we see on the Internet have only one or a handful of prefixes. These organizations are easy to identify, as they have little to begin with and hence little to have gone stale. But large companies and old timers to the Internet are rarely so fortunate. Let’s take AT&T as one example. In the US, AT&T was the phone company for a very long time, until they were broken up by the courts and a newly formed AT&T became just a much smaller part of the original whole. This greatly diminished AT&T was ultimately acquired by SBC Communications, as was Ameritech, Bell South and others, and eventually the entire collection was renamed to simply “AT&T”.

So what does AT&T look like on the Internet today? Old hands will think of it as ASN 7018, but we can actually associate almost 100 different ASNs with this single organization, about half of which are announcing prefixes. These are registered under a variety of names such as AT&T Network Systems, AT&T Internet Services, AT&T Global Network Services and almost 40 others. We even still see names containing SBC (and no mention of AT&T) and the now extinct Rogers AT&T Wireless (AS 20453). However, AS 20453 continues to announce Rogers’ prefixes (over 70 of them) on the Internet, but AT&T is not one of their providers. So while Rogers ended their partnership with AT&T, no one updated the associated ASN registration. Talk about confusing.

The situation looks grim until you realize that there are actually three sources of (potentially imperfect) information that can be combined to help ferret out the truth:

  • registration information for ASNs and prefixes
  • current routing information
  • open source intelligence, e.g., news, press releases, Wikipedia, etc

I won’t go into the details here, but we employ all three sources appropriately in an attempt to categorically define each organization on the Internet. While registration information is often incomplete and outdated, strings like AT&T and Verizon are unlikely to appear outside of those organizations, whereas others like Internet or Inc. have essentially no informational content. Other terms can be associated because of known business relationship or brand names, such as Microsoft and Hotmail or Sprint and Nextel. But since registration information can’t be trusted, the associations that are uncovered need to be checked via routing data. This is how we discovered the Rogers AT&T Wireless problem. It just didn’t make sense that an “AT&T entity” was not routing through AT&T and a quick Internet search confirmed that Rogers AT&T Wireless did not belong to the AT&T organization.

Intelligently analyzing these different inputs, we can finally list out all the organizations on the Internet: their ASNs (if any) and associated prefixes. And once we have that, we can give them a score based on their routing hygiene, exactly as we did in our blog entry for individual countries. Despite the fact that there are only around 31,000 unique ASNs seen on the Internet at present, we manage to find around 75,000 organizations, as not everyone with a registered prefix also has an ASN. (In these cases, their provider typically handles the routing of their prefix.)

We found over 13,000 organizations who managed a perfect score of 100, although all but 218 of them had fewer than 10 prefixes. While a small number of prefixes makes their administration easier, it is not a guarantee of success. One organization with 2 prefixes scored an embarrassing 9 out of a 100 on our scale. For those with at least 10 prefixes to manage, the following scatter plot gives the distribution. As we saw with countries, the more prefixes you have, the harder it is to keep everything straight and attain a good score. And while many manage to do a very good job, the overall results are quite varied, especially when you recall that doing essentially nothing will land you around 25 on our scale, and you have to do less than nothing to rate below that. Still almost 5,000 organizations manage to score below 25.

The overall winner in this exercise was Kazakh Telecom with a perfect score of 100 for over 150 prefixes. Airtel Broadband and Telephone Services (ABTS) came within a quarter of a point of a perfect score for their couple of hundred prefixes. At the other end of the spectrum, China Enterprise Communications Ltd. (CEC), in which Tata Communications recently acquired a 50% stake, barely managed a score of 20. CEC is around one point behind our second to last place finisher, the AARP, a US non-profit organization for people over 50. Overall, it’s clear that there is a lot of room for improvement for most organizations, but if the Internet is ever going to have any measure of accountability, it is going to have to start with those who control the IP space and orchestrate global routing. Without attribution, there can be no accountability and no hope of improving upon the current situation.

The earlier version of this blog inadvertently misclassified a number of registered networks due to a software bug in a script used for displaying the data. The scoring algorithm remains unchanged.

The post The Blind Routing the Blind appeared first on Dyn Research.


About the Author

Earl leads a peerless team of data scientists who are committed to analyzing Dyn’s vast Internet Performance data resources and applying their expertise to continually improve upon Dyn’s products and services.

More Content by Earl Zmijewski
Previous Article
AfNOG Takes Byte Out of Internet
AfNOG Takes Byte Out of Internet

A couple of months ago, we discussed how a small Czech provider ended up...

Next Article
Route Hygiene: The Dirt on the Internet
Route Hygiene: The Dirt on the Internet

Since Renesys maintains large quantities of data on the Internet going back...