This study explains how the failure of one Autonomous System (AS) affects the global connectivity of a particular region, especially when it comes to the country's largest Internet Service Provider (ISP). The connectivity of the Internet at the network level is due to the interaction between autonomous systems. As the number of alternative routes between ASs increases, fault tolerance develops and the stability of the Internet in a given country increases. However, some paths become more important than others, and having as many alternative paths as possible ends up being the only way to ensure system reliability (in the AS sense).
The global connectivity of any AS, whether it is a minor ISP or an international giant with millions of service consumers, depends on the quantity and quality of its paths to Tier-1 providers. As a rule, Tier-1 means an international company offering a global IP transit service and connection to other Tier-1 operators. However, there is no obligation within this elite club to maintain such a relationship. Only the market can motivate such companies to unconditionally connect with each other, providing a high quality of service. Is this enough incentive? We will answer this question below in the section on IPv6 connectivity.
If an ISP loses even one of its own Tier-1 connections, it will most likely be unavailable in some parts of the world.
Measuring Internet Reliability
Imagine an AS is experiencing significant network degradation. We are looking for an answer to the following question: "What percentage of ASs in this region can lose connection with Tier-1 operators, thereby losing global availability"?
Research methodologyWhy simulate such a situation? Strictly speaking, when BGP and the world of inter-domain routing were in the design stage, the creators assumed that each non-transit AS would have at least two upstream providers (upstream) to guarantee fault tolerance in case one of them fell. However, in reality, everything is completely different - more than 45% of ISPs have only one connection with transit upstream. A set of unconventional relationships between transit ISPs further reduces overall reliability. So, are transit ISPs falling? The answer is yes, and it happens quite often. The right question in this case is: “When will a particular ISP experience connectivity degradation?”. If such problems seem remote to someone, it is worth remembering Murphy's law: "Everything that can go wrong, will go wrong."
To simulate this scenario, we apply the same model for the third year in a row. In the same year, we did not just repeat the previous calculations - we significantly expanded the area of research. The following steps were taken to assess the reliability of AS:
- For every AS in the world, we obtain all alternative paths to Tier-1 operators using the AS relationship model that serves as the core of the Qrator.Radar product;
- Using the IPIP geodatabase, we mapped each IP address of each AS to its corresponding country;
- For each AS, we calculated the share of its address space corresponding to the selected region. This helped filter out situations where an ISP might have a presence at an exchange point in a particular country, but not in a region as a whole. An illustrative example is Hong Kong, where hundreds of members of the largest Asian Internet exchange HKIX exchange traffic, having zero presence in the Hong Kong Internet segment;
- Having obtained clear results for an AS in a region, we evaluate the impact of a possible failure of this AS on other ASs and the countries in which they are present;
- In the end, for each country, we found the specific AS that affected the largest percentage of other ASs in that region. Foreign ASs are not considered.
IPv4 Reliability
Below you can see the top 20 countries in terms of resiliency in the event of a single AS failure. In practice, this means that the country has good internet connectivity, and the percentage reflects the proportion of ASs that will lose global connectivity if the largest AS fails.
Brief facts:
- The US dropped 11 places from 7th to 18th;
- Bangladesh is out of the top 20;
- Ukraine moved up 8 positions to 4th place;
- Austria dropped out of the top 20;
- Two countries return to the top 20: Italy and Luxembourg after leaving in 2017 and 2018 respectively.
There are interesting movements in the sustainability ranking every year. Last year we wrote that the overall performance of the top 20 countries has not changed much since 2017. It is worth noting that year after year we have seen a positive global trend towards improved reliability and overall availability. To illustrate this thesis, we will compare the 4-year average and median changes in the overall IPv4 resilience rating across all 233 countries.
The number of countries that managed to reduce their dependence on a single AS to less than 10% (which is a sign of high resiliency) increased by 5 compared to last year, reaching 2019 national segments as of September 35.
Thus, as the most significant trend observed over the period of our study, we identify a significant increase in the resilience of networks worldwide, both in IPv4 and IPv6.
IPv6 fault tolerance
We have been repeating for several years that the mistaken assumption that IPv6 works the same way as IPv4 is a major structural problem in the IPv6 development and implementation process.
Last year we wrote about peer-to-peer wars that persist not only in IPv6, but also in IPv4, where Cogent and Hurricane Electric do not interact with each other. This year, we were surprised to find that another pair of last year's "rivals" - Deutsche Telekom and Verizon US successfully established IPv6 peering in May 2019. You won't find any mention of it, but the move is huge - two major Tier-1 providers have ended their quarrel and are finally peering through a protocol that we all want much more active development.
To ensure full connectivity and the highest reliability, paths to Tier-1 require operators to be present at all times. We also calculated the percentage of ASs in the country that have only partial IPv6 connectivity due to peering wars. Here are the results:
A year later, IPv4 remains significantly more reliable than IPv6. The average reliability and stability scores for IPv4 in 2019 are 62,924%, and 54,53% for IPv6. IPv6 still has a high proportion of countries with poor global availability—that is, a high percentage of partial connectivity.
Compared to last year, we saw significant improvement in the three major countries, especially in the partial connectivity dimension. Last year, Venezuela had 33%, China 65% and the UAE 25%. While Venezuela and China have significantly improved their own connections, solving the serious problems of partially interconnected networks, the UAE has remained without positive dynamics in this area.
Broadband and PTR Recordings
Echoing the question we've been asking ourselves since last year, "Is it true that the top provider in a country always contributes more to regional reliability than any other provider, or any other?", we developed an additional metric for further study. Perhaps the most significant (in terms of customer base) ISP in a given area will not necessarily be the autonomous system that will become the most important in providing global connectivity.
Last year, we determined that the most accurate measure of a provider's actual value could be based on an analysis of PTR records. They are typically used for reverse DNS lookups: an associated hostname or domain name can be identified using an IP address.
This means that PTR can allow the measurement of specific equipment in an individual operator's address space. Since we already know the largest ASs for each country in the world, we could count the PTR records in the networks of these providers, determining their share of all PTR records in the region. It's worth disclaiming right away: we ONLY counted PTR records and did not calculate the ratio of IP addresses without PTR records to IP addresses with PTR records.
So, from now on, we are only talking about IP addresses with PTR records present. Creating them is not a general rule, so some providers write PTRs and others don't.
We have shown how many of these IP addresses with the specified PTR records will be disconnected from/together with the largest (by PTR) autonomous system in the specified country. The figure reflects the percentage of all PTR-enabled IP addresses in the region.
Let's compare the 20 most trusted countries from the IPv4 ranking in 2019 with the PTR ranking:
It is obvious that the approach considering PTR records gives completely different results. In most cases, not only the central AS in the region changes, but the percentage of instability for the specified AS is completely different. In all reliable, from the point of view of global availability, regions, the number of PTR-enabled IP addresses that will be disconnected due to the fall of AS is ten times higher.
This may mean that the leading national ISP always owns the end users. So we have to assume that this percentage represents the portion of the ISP's user and customer base that will be taken down (in case failover to an alternative provider is not possible) in the event of a failure. From this point of view, the countries no longer seem as reliable as they look in terms of transit. We leave it up to the reader to draw conclusions from a comparison of the top 20 IPv4 with PTR rating values.
Details of changes in individual countries
As usual in this section, we start from a very special position in AS174 - Cogent. Last year we highlighted its impact in Europe, where AS174 is identified as critical for 5 of the top 20 countries in the IPv4 resilience ranking. This year, Cogent maintains its presence in the top 20 in terms of reliability, however, with some changes - in particular in Belgium and Spain, AS174 has been replaced as the most critical AS. In 2019, for Belgium it became AS6848 - Telenet, and for Spain - AS12430 - Vodafone.
Now, let's take a closer look at the two countries with historically good resiliency that made the most significant changes over the past year: Ukraine and the United States of America.
First, Ukraine has dramatically improved its own position in the IPv4 ranking. For details, we turned to Max Tuliev, board member of the Ukrainian Internet Association for details on what has happened in his country over the past 12 months:
“The most significant change we see in Ukraine is the drop in the cost of data transit. This allows most profitable internet companies to acquire multiple upstream connections outside of our borders. Hurricane Electric is especially active in the market, offering "international transit" without a direct contract because they don't remove prefixes from exchanges - they just announce a customer cone at local traffic exchanges.
The main AS for Ukraine has changed from AS1299 Telia to AS3255 UARNET. Mr. Tuliev explained that, being a former educational network, now UARNET has become an active transit, especially in Western Ukraine.
Now let's move to another part of the Earth - in the USA.
Our main question is quite simple - what are the details of the 11-position drop in US resilience?
In 2018, the US ranked 7th in the rankings with 4,04% of the country potentially losing global availability if AS209 fails. Our 2018 report gives some insight into what changed in the United States a year ago:
“But the big news is exactly what happened in the United States. For two consecutive years - 2016 and 2017 - we have identified AS174, Cogent, as decisive in this market. This is no longer the case - in 2018, AS 209 CenturyLink replaced it, sending the United States up three spots to #7 in the IPv4 rankings.”
The 2019 results show the United States in 18th place with a resilience score that has dropped to 6,83% — a change of more than 2,5%, which is usually enough to fall out of the top 20 IPv4 resiliency rankings.
We contacted Hurricane Electric founder Mike Leber for his commentary on this situation:
“This is a natural change as the global Internet continues to grow. The IT infrastructure in every country is growing and modernizing to support an information economy that is constantly changing and evolving. Productivity improves customer experience and revenue. The locality of the IT infrastructure improves productivity. These are macrotechno-economic forces.”
It is always interesting to analyze what is happening in the largest economy in the world, especially when we see such a significant drop in the reliability rating. As a reminder, last year we celebrated the replacement of the AS174 Cogent by the AS209 CenturyLink in the United States. This year, CenturyLink lost its position as the country's critical AS to another autonomous system, AS3356, owned by Level3. This is not surprising since the two companies have effectively represented the same entity since the 2017 takeover. From now on, the CenturyLink connectivity is completely dependent on the Level3 connectivity. It can be concluded that the overall decrease in reliability is due to an incident that occurred on the Level3/CenturyLink network at the end of 2018, when 4 unidentified network packets interrupted the Internet for several hours, over a large area of the United States. This event definitely affected the ability of CenturyLink/Level3 to provide transit to the largest players in the country, some of which may have switched to other transit providers or simply diversified their communication channels and upstream connections. However, despite all of the above, Level3 remains the most important connectivity provider for the US, the shutdown of which could result in a lack of global reach for up to 7% of local autonomous systems that rely on this transit.
Italy returned to the top 20 in 17th place with the same AS12874 Fastweb, which is probably the result of a significant improvement in the quality and number of paths to this provider. After all, together with him in 2017, Italy dropped to 21st place, leaving the top 20.
In 2019, Singapore, which entered the top 20 ranking only last year, but immediately moved to 5th place, again received a new critical ASN. Last year we tried to explain the changes in the regions of Southeast Asia. This year, Singapore's critical AS has changed from last year's AS3758 SingNet to AS4657 Starnet. With this change, the region lost only one position, dropping to 6th place in the rankings in 2019.
China made a notable jump from 113th in 2018 to 78th in 2019, with a change of around 5% in IPv4 resilience under our methodology. In IPv6, China's partial connectivity has dropped from 65,93% last year to just over 20% this year. The main ASN in IPv6 has changed from China Mobile's AS9808 in 2018 to AS4134 in 2019. In IPv4, China Telecom's AS4134 has been critical for years.
In IPv6, however, the Chinese segment of the Internet dropped 20 places in the 2019 sustainability rating, from 10% last year to 23,5% in 2019.
Probably, all this indicates only one simple thing - China Telecom is actively improving its infrastructure, remaining the main communication network for China with the external Internet.
With the rise of cybersecurity risks and, in fact, the constant flow of news about attacks on Internet infrastructure, it is time for all governments, private and public companies, but first of all, ordinary users to carefully evaluate their own positions. The risks associated with the connectivity of regions must be studied carefully and honestly, analyzing the true levels of reliability. Even low volatility ratings can cause real availability problems in the event of a massive attack on a large, nationwide, mission-critical service provider, say DNS. Do not forget also that the outside world will be disconnected from services and data located inside the region in the event of a complete loss of connectivity.
Our research clearly shows that competitive ISP and carrier markets eventually evolve to become much more stable and risk-tolerant within and even beyond a given region. Without a competitive market, the failure of a single AS can and will result in a loss of network connectivity for a significant proportion of users in a country or wider region.
Source: habr.com