this is an enhanced (with minutes) version of the [attachment:infrastructures-of-the-internet.txt original ReST source text of the slides ([attachment:infrastructure-of-the-internet.html HTML format])
Infrastructures of the Internet: property, power & political issues
"Networking means connecting people to people and people to information; it does not mean connecting computers to computers."
- -- Wendy D. White,
- Growing the Internet in Africa in Internet Society News, 1994, Vol. 3, No. 2, p. 28.
What's a network operator?
E.g.: gitoyen (est. 2001) independent network operator. Can't talk about server defense without talking about the network because a server is useless without being connected to the internet.
- A network operator is running one or more networks (network = "some computers interconected by a set of cables")
Most network operators are: * Internet access providers - web services, mail services, connection - usually mixed * Hosting services * ...
- All networks within the same area of responsability - a provider could have a network in france and one in germany and they form one autonomous system, the "x" network
- From outside, viewable as a single network
- Internet is INTERconnected NETworks - a network is usually pretty useless unless it is connected to the others, can be 2 networks or 5 networks, not much different. direct connections between asx asy asz autonomous networks, often made by a simple ethernet cable
How do operators decide how to interconnect?
There are two common ways, peering and transit
A common agreement can be peering. This involves:
- Two operators interconnects their networks
- Share the cost of the physical interconnection and daily maintainance
- Data go freely (as in speech and beer) in both directions
Another agreement, a contact that involves:
- An sells the interconnection to its networks and connected networks
- Charged with 95th percentile of the maximum between upload and download rates.
- In peering agreements, customers' networks are routed as well.
Gitoyen is interconnected with lots (around 130) autonomous networks.
Global end-to-end connectivity
- To be part of the Internet, you have to be able to reach every other machines - when you become a network provider you have to make connections with transit providers that have access to the "global internet" (as oppposed to the AS you are peering with, for example)
- Core routers has to know every single networks
- 191618 networks on 2006-08-13
More peering agreements is good because you don't have to route traffic through your transit providers (which costs money).
It's growing fast...
The number of networks is growing fast... (insert cool image here)
Classification of networks ("tiers")
There are different categories of networks. They have been "topoligically" seperated in 3 "thirds" (tiers).
Tier 1 netwokrs
- Tier 1 operators can reach the Internet from end to end without any transit provider.
- Thus peered with every other Tier 1 networks.
- Implicit oligarchy composed by 9 operators:
- AOL Transit Data Network (ATDN) (AS1668)
- AT&T (AS7018)
- Global Crossing (GX) (AS3549)
- Level 3 (AS3356)
- Verizon Business (AS701)
- Nippon Telegraph and Telephone Corp. (NTT) / Verio (AS2914)
- Qwest (AS209)
- SAVVIS (AS3561)
- Sprint Nextel Corporation (AS1239)
If one of those refuses to peer with another one, they stop becoming "tier 1" providers. All of them are US corporations except NTT (japanese).
To become a Tier 1 operator, you have to have peering agreements with all of those providers.
Tier 3 networks
- Only have one transit provider and no peering agreements.
- SeaCCP (riseup.net) network is Tier 3.
- Globenet can also be viewed as a Tier 3, with Gitoyen as its only transit provider.
- Your broadband connection?
Tier 2 networks
- Have one or more transit providers
- Often sells IP transit themselves
- Peer with as many "interesting" networks as possible
- Most networks operators have Tier 2 networks
- Example: Gitoyen, Cogent (which was Tier 1 but were dropped by other Tier 1 so became Tier 2)
Tier 2 providers can sell transit, based on their tier 3
or: where is the power in the internet?
- IETF (Internet Engineering Task Force) defines communication standards, but does not *enforce* them: you are free to use and define your own network protocols as long as you are using "IP" (the Internet Protocol).
- ICANN (Internet Corporation for Assigned Numbers and Names) is responsible for "numbers" and "names" assignements - you need to reserve space (e.g. IP addresses or top level domain names, see below) in the internet to take part, this makes ICANN pretty powerful
- ISOC (Internet Society, non for profit) pilots IETF and IAB - ISOC is a common body official organisation to represent these smaller organisation. Don't have much power.
- Network operators (and their administrators)
- System administrators
The network operator community is a small and friendly one (e.g. NANOG in north america, in Paris, they drink beer and if you drink beer it's easy to get peering agreements).
- Internet Protocol (IP) adresses (a "global address space": each "address" can "reach" any other "address", wherever it is). you have to reserve space in this as a network operator otherwise routing is impossible, since the address space is too big (16 billion addresses for IP, more for IPv6). so routes are by "IP blocks"
- Autonomous System Number (ASN) this is a network operator number
- "Number" allocations are delegated to five regional entities:
- ARIN for North America
- RIPE (Réseau IP Européen) NCC for Europe
- APNIC for Asia and the Pacific region
- LACNIC for Latin America and Caribbean region
- AfriNIC for Africa (created in 2005)
Those entities charge money to get IP addresses or ASN. An AS # at ARIN is 500$USD (yearly?). Those services don't really "cost" anything to provide but because of the bureaucracy, they charge ludicrous amounts of money for "small" services.
- Also known as "domain names"
- 14 "generic" top level domains (e.g. .com, .net, .info...) + 243 "country code" top level domains (e.g. .fr, .us, .ca...)
- ICANN has accredited 789 registrars.
- Becoming an ICANN accredited registrar means "big" ($70,000 of working capital)
- Regional TLDs have regional managers.
- "Thirteen" root nameservers: VeriSign, ISI, Cogent, University of Maryland, NASA, ISC, U.S. DoD NIC, U.S. Army Research Lab, Autonomica, RIPE NCC, ICANN, WIDE Project
Being a network operator?
- Independence levels:
- Basic customer or non-carrier neutral hosting: totally dependant
- Tier 3: easy to change the transit provider if you are your own AS
- Tier 2: move things transparently, but need more investment to run the network
- Resources needed to be a network operator:
- Hardware 3000 setup 1000 monthly for the colocation facility?
- Software - lots of free software available
- Humans - you have to give your real name to be in the network operator community
Cost goes down as traffic volume goes up: cost per Mbit per second (mbps) at gitoyen 40E/mbps/month. For Proxad (free.fr), it's 4E/mbps/month.
Is it worth the fuss?
- Improved independence? sometimes you become dependent of your own duties and work. you have to be always available for technical problems.
- Improved security? having more than one transit provider, or being in a neutral location, then it makes it harder to sniff traffic with more connections
- Improved fun? depends on what you find fun. i can't take holidays anymore. if i leave the internet for one week, i put the burden of taking care of the servers on someone else, and i can't really ask someone else to be always available. being part of the network operator community means getting involved with capitalists and play with the capitalist market to get better contracts
- Part of the "movement"?
- What is the structure of ICANN? For the governance part, go into the wikipedia (?) pages which are quite good. A presentation will be made about this. Problem with ICANN is that it is still dependent on the US chamber of commerce and therefore not an independent organisation.
- Are many people run gitoyen? 1 human and a half.
- How many ppl are dependent on gitoyen? Gitoyen is 6 organisations, maybe 100 servers.
- Are there any other non-profit / movement network operators? There are no other known non-profit network operators, although at least one person in the room is a Tier 2 provider.
- Our independence is inherently limited by the fact that we totally depend on structures that have the "choice of cutting the cable". Our autonomous servers are so to a certain extent. Maybe we could buy a russian satellite.
- A lot of people are working on "both sides", so we can't say that "providers are ennemies" OR Corporations evil even if good people work for them
- We also have to look at our own organisations are setup so that we are not vulnerable (if we have only one person for 100 servers).
- Wireless mesh networks can be an alternative to the internet. But wireless networks would or could also become part of the internet.
- What about routing packets by radio between cities
- Most of the time, network corps only have a few operators working for them because they are paranoid, and this is running pretty well.
- Is it worth the time for the limited numbers of techs? Their time may be missing in other parts of the network, but if we want to have a way of getting an insite into how we run the internet, and develop decentralised structures to do this job. So choosing to spend time doing this can be a positive use of time.
- Having network providers in squats is possible from this
- Don't have the time to have 24hr router support, but we need to learn the knowledge for when we do have the numbers of people
- Every server, not just network operators, needs the resources of 24hr time - maybe it's working out already?
- It's not just network operators. Generally computers are tools that cannot be appropriated by all people easily, we need to find ways to make this power and knowledge to distribute it so more people can be involved it. As admins we should address this to make it more than the lonely geek behind keyboard. Admin culture, new Sys Admin culture, involve others.
- The knowledge should be thought about, what power goes with it? How big is the gap between the decisions politicans or bosses and those who actually run the network. The knowledge that comes with technology lets us change things. Standards that are decided differently from different bodies on the Internet than in other industries. If there are people with this power who are not "decision makers" we should work with them.
- Is there a collective in the process of becoming an autonomous system AS? There are two(?) and more on the way? A discussion to be had this evening. In Germany 400 euros a month to upstream providers to be AS.
- If the internet has a crisis will be economic where the "10 people in france" don't turn up for work because they get laid off their jobs or they stay home in order to feed their families.
Paris location 10 network operators if they acted together they wouldn't be any more internet in France - that is the power of network operators - these people are not decision makers