Minutes of the 2022-04-27 IAB Technical Discussion
Lars Eggert (IETF Chair)
Mirja Kühlewind (IAB Chair)
Warren Kumari (IESG Liaison)
Cindy Morgan (IAB Executive Administrative Manager)
Karen O’Donoghue (ISOC Liaison)
Colin Perkins (IRTF Chair)
Amy Vezza (IETF Secretariat)
Greg Wood (IETF Director of Communications and Operations)
2. Technical Discussion: Partial Internet Connectivity
John Heidemann, a principal scientist at the University of Southern California/Information Sciences Institute (USC/ISI), joined the IAB to discuss his paper with Guillermo Baltra, “What Is The Internet? (Considering Partial Connectivity).”
John Heidemann said that much depends on how one defines “the Internet” and suggested using an operational definition of “Internet” with measurable metrics.
Political pressure, such as the desire for a “sovereign network” or an Internet “off switch” can be responded to with a technical definition to illuminate the political challenges: there are technical limits to a legal “kill switch,” and because the Internet is collaborative, no single entity controls it.
Technical pressures, such as persistent unreachability from peering disputes, can be responded to by enabling measurements of reliability.
To quantify Internet reliability, outages must be definable and measurable and must understand partial connectivity.
Existing stressors linger, such as NAT, IPv4/IPv6 transition, and IP squat space.
Prior definitions of “Internet” include:
- TCP for an “internetwork” [Cerf and Khan, 1974]
- “A collection of interconnected networks is called an internet” [Postel, 1980]
- examples were ARPAnet and X.25/X.75
- “an agreement to use an evolving set of protocols, in a globally unique address space, to enable universal data delivery” [Federal Networking Council, 1995]
John Heidemann said that those are all good properties for the Internet, but they are not measurable or quantifiable.
Bottom-up corner cases of “the Internet” include:
- 1 laptop with wifi (but not connected to anything)
- it can run a webserver on a public IP
- a web browser can connect to it(self)
- 2 laptops with wifi, connecting to each other
- 3 laptops, connecting over a layer-2 802.11s mesh
- 4 laptops, connecting with AODV multi-hop routing
Corner cases in the cloud include:
- a cloud provider with a full 10/8 of private IPv4 addresses, many NAT’ed to the Internet
- a cloud provider with dozens of full /8s
- when a cloud provider has more private /8s than the public IPv4 net
- DISA, with 4 /8s of public IPv4s since 1993, is not publicly routed
- but presumably computers use those public IPs inside the U.S. DoD
- DISA, when they started routing them in Jan. 2021
- but they’re all firewalled
Corner cases related to countries include:
- a small country that disconnects from the Internet
- to prevent cheating on student exams
- because of protests and government instability
- a country with 24 IPv4 /8s and an aggressive national firewall
- a country that disconnects to proclaim “Internet sovereignty”
- (or claimed to disconnect)
- a group of countries de-peer with another to sanction non-Internet actions
Corner cases related to ISPs and measurement include:
- two Tier-1 ISPs with a peering dispute, won’t exchange routes
- (Tier-1: does only default-free routing)
- customers of those ISPs that cannot reach each other Internet
- measurements of outages
- random loss can make networks appear to be “out”
- some targets chose to firewall measurement traffic
John Heidemann suggested that the Internet be defined as the connected component of active, public IP addresses that can reach 50% of each other. More than 50% defines one, unambiguous component with no central authority or special locations. This implies there is only one Internet and no one country or organization can unilaterally claim “the Internet.”
This definition is useful for policy makers who enact laws and rulings, engineers who design and operate protocols and networks, and researchers who deign measurement systems. An operational definition of “the Internet” can guide them and help promote and open Internet, and users will benefit from those efforts.
There are three types of partial connectivity to consider:
- conceptually, when computers are off (or crashed)
- computers are on, but unreachable
- sets of computers cannot reach each other, but both sets can reach a third location
The Taitao algorithm is used to detect peninsulas (persistent, particularly connectivity). The idea is to probe a target network from several independent vantage points, and if they disagree, that means a peninsula has been detected.
The Chiloe algorithm is used to detect islands (fully disconnected parts). When a vantage point is up but can’t see most or all of the Internet, that means an island has been detected.
Currently, it is not possible for any single country or region to “take over” the Internet because no single RIR controls more than 50% of the addresses.
Jari Arkko asked whether geolocation affects reachability. John Heidemann replied that there is an algorithm to search for country-specific unreachability.
Warren Kumari said that some of the peninsula results could also show up if an IP was anycast and there is different behavior at different sites. He added that the idea that no single country can take over the Internet depends on the definition of “take over”; ARIN only controls 45% of IPv4 addresses, but they have RPKI authority over all of them. John Heidemann replied that they were using “has authority to allocate” as the definition in this case.
Mallory Knodel noted that Jed Crandall gave a related presentation on “Borders and Gateways: Measuring and Analyzing National AS Chokepoints” in the HRPC session at IETF 106.
Jiankang Yao said that without a human connection, there is no Internet. There could be one network with one million computers for humans, and another network with two million IOT devices; which can be called “the Internet”? John Heidemann replied that was a good point; his definition favors the bots because bots can be pinged and humans can’t. Trying to address how many people are attached to an IP address is one way to expand this work.
The IAB thanked John Heidemann for his presentation. John replied that people can contact him via email if they would like to continue the discussion.