Does the Internet Have an Off Switch?
Can a country ever successfully disconnect from the Internet? Russian authorities are about to launch an interesting experiment. In response to a law passed by the Russian parliament in December 2018 to ensure the independence of the Russian Internet (Runet), authorities have organized a planned disconnection from the global Internet sometime before April 1st 2019, as reported by ZDNet and Wired. It is unclear when exactly this will happen, and for how long, but the goal of this experiment appears to be to test the feasibility of such an operation and to suggest policy modifications to the authorities.
Why Is Russia So Worried?
The Internet is a powerful medium because it’s a densely connected global network where information and digital services flow freely. However, it has its roots in the US government, which oversaw the governance structure during its early days. Consequently, many critical resources that power the Internet are controlled by US-based organizations and subject to US jurisdiction, including some of the world’s largest ISPs, DNS providers and public cloud providers. This is likely enough to make Russian authorities nervous. They are also likely concerned about the growing influence and power of the tech giants like Facebook, Microsoft and Google, which are all based in the US. It’s unclear whether Russia sees this as a strategic weakness, or if this is more about containing the economic might of US tech giants within the Russian digital economy.
What Would This Take?
Disconnecting from the Internet is not an easy task. There are complex dependencies underscoring the seamless operation of the Internet. One of the first components of infrastructure you need to think about is the Domain Name System (DNS). This is a mission-critical global service that is provided by multiple DNS registrars. While the actual resolvers are located in many cities around the globe, they all mirror a common global database that constitutes the directory for the Internet. If Russia isolates itself from the Internet, this whole system would need to be replicated within the boundaries of Russia. Apparently, Russia already has a plan in place for this, which has been tested previously. So this portion of the experiment might actually be feasible.
There are many points of interconnection between Russian ISPs and ISPs in many other countries. Some of these are peering relationships, which means that traffic going to other countries may also flow through Russia. Some of these will solely carry traffic destined to remain within Russia. There are two approaches they could take to “disconnect” Russia from the global Internet. One would be to logically switch off all Internet circuits going in & out of the country. This is a massive undertaking requiring major, coordinated changes across every ISP, big & small, within Russia. If this is not done in a coordinated manner, the Internet will divert traffic to the remaining available circuits that failed to switch off, almostl certainly overloading those paths through the Internet and crippling the ISPs along the path.
The other approach could be to filter BGP route announcements accepted and announced by Russian ISPs. This would create a fragmented view of the Internet, but could potentially allow transit traffic to continue flowing through Russia to other countries. However, as experience has shown us (ex. Outage impacting Google), this is very risky. BGP changes are difficult to coordinate and one minor misconfiguration can wreak havoc.
There are also contractual issues in play here. Peering agreements require ISPs to interconnect at certain locations around the world. Violation of these agreements could cause ISPs to suspend their peering relationships at multiple locations around the world thus expanding the blast radius way past just Russia.
The more complex issue is the global software ecosystem which is increasingly delivered over the cloud. This not only includes consumer apps such as Gmail and Facebook, but also includes business-grade applications like Office 365, Box, Salesforce etc. These applications rely on a complex mesh of back-end services that are difficult to localize in their entirety. Back in 2015, Russia passed a law requiring all software-as-a-service providers to maintain a local copy of all data pertaining to Russian citizens. Few complied with this somewhat impractical requirement, and there weren’t any repercussions.
Can This Really Happen?
Russia is densely integrated into the global Internet and digital ecosystem. A broad set of critical components of the Russian economy, from financial services to enterprise SaaS applications all depend heavily on interconnections to services outside of Russia. Isolating Russia from the Internet would almost certainly disrupt all of these services causing a non-trivial economic impact.
Furthermore, while it may be feasible to replicate critical services like DNS within the national borders, replicating the public cloud and SaaS/API services in the country is a near impossible task. This would require the cooperation of all the tech giants as well as hundreds of smaller software service providers.
Lastly, interrupting all the transit and peering relationships between ISPs in and out of Russia is no trivial task and would require massive coordination at a scale that the Internet has never seen before. Also, this is not guaranteed to completely isolate the Internet. Mobile hotspots and international roaming agreements would create backdoors between Russian users and the global Internet via mobile networks.
What About China?
We have written extensively before about the Great Firewall of China, the only successful attempt to create a national Internet. This has been feasible due to two main reasons. Two state-run monopolies control all telecommunications (wired and wireless) within China. When China decided to censor the Internet, the state-run telecom companies willingly complied. They have built the largest traffic filtering infrastructure on the planet which funnels all traffic in and out of the country through a few choke points. This comes at a great expense and impairs the performance of any applications hosted outside the country. China enacted this policy in the very early days of the Internet, which allowed the entire ecosystem to evolve organically with the great firewall firmly in place. Russia, on the other hand, evolved its Internet in a way that was very much integrated with other European and global Internet services. Those roots are firmly intertwined and will be very difficult to separate.
So What Happens Next?
At ThousandEyes, we have a birds-eye view of the global Internet, including vantage points within Russia. We are actively monitoring the reachability to not only our vantage points, but also critical Russian services in order to understand how such an exercise might play out, if at all. Given the interconnectedness of the Internet, we are not sure that this exercise will happen, or be successful, but we can certainly watch and report on it.
Learn more about ThousandEyes:
This article was originally posted here: https://blog.thousandeyes.com/