Kentik - Network Observability
More episodes
Telemetry Now  |  Season 2 - Episode 7  |  July 3, 2024

How the Internet Society Helps Maintain an Open Internet with Andrew Sullivan

Play now

Hosts Phil Gervasi and Doug Madory talk with Andrew Sullivan, President of the Internet Society, about the crucial role of the Internet Society in maintaining an open and accessible internet for all. They dive into Andrew's extensive background with the IETF, the Internet Architecture Board, and his work with major networking vendors. Learn about the technical and policy challenges in keeping the internet globally connected and secure, the impact of government regulations, and the importance of ensuring that the internet remains a force for good in society.


The development of the Internet was much more than the technical aspect of getting more speed and better connections and inventing new routing protocols.

And, yeah, that that's all foundational stuff, of course. But it's also meant thinking about how to understand and, to some extent, how to manage this huge global system of systems that no one organization or government owns.

And so over the years, there have been key people who have focused on the direction and the changes happening with the Internet and understanding what that means for society and what it could mean for future generations.

Now our guest today is Andrew Sullivan, who's worked extensively with the IETF, the Internet Architecture Board, several of the world's largest networking vendors, and now is the president of the Internet Society. He's someone with extensive technical knowledge, but today, also working with folks to understand policy, implications of new technology, and how all of that affects actual human beings around the world. My name is Philip Gervasi, and this is Telemetry Now.

Andrew, thank you so much for joining us today. I really had the pleasure of getting to know you through listening to your podcast, reading some of your work online, the transcript from, what was it, APNIC, I think?

Oh, to Apricot, excuse me, a while back. So, it's a pleasure to get to see you and talk to you in person, virtually, so to speak. Now before we get started, I would like for our audience's sake and for my own sake, would you give us a little bit about of a little bit about your professional background, work with the IETF, the IAB, and now with the Internet Society?

Sure. So I, I'm, you know, president and CEO of the Internet Society now.

Prior to this, I worked at, a company called Dyn, which was purchased by a company you've probably heard of called Oracle.

And, while I was there, I was the chair of the Internet architecture board.

This was the time when, there was a a change to the way the, the the root zone of the Internet was managed. There was this contract with the Department of Commerce in the United States that had them in the middle of those changes, and that was expiring.

And, it was going to end. This was at the end of the Obama administration.

And, you know, so there was a lot of, drama around that, very much inside baseball kinda thing. Like, you know, a a bunch of Internet governance nerds were really excited about it, and literally nobody else in the world noticed, which is pretty much what you want in, you know, the governance of infrastructure. Right? The people who are really concerned, they get really excited. Everybody else, it's a none event.

And the reason I was the chair of the Internet architecture board, and I was I was on the board for a few years, was because I worked, in standards at the Internet engineering task force, the IETF.

So so that was something that I I worked on, particularly in the area of the domain name system, which is, you know, how you translate the names that we're familiar with online into the numbers that the computers actually use to talk to one another.

You know, so this is, again, this is, like, plumbing of the Internet, things that, you know, most people probably don't notice, or, you know, they notice if it if it breaks. That's when you really notice it. But apart from that, you know, most people don't notice it. But, actually, the way the Internet works is all of these things sort of, you know, layered together underneath the hood, all working together to make make the Internet that we see and and experience.

Great. And, of course, returning is no stranger to the podcast, Doug Madory. Doug, a brief introduction of yourself to our audience.

Sure. I'm the director of Internet analysis at Kentik, and, I have a connection with our our guest, Andrew Sullivan. He and I, we're both at Dine.

We overlapped our time there, I guess, going up through the Oracle acquisition.

Great. Now I would like to return to you, Andrew. And, it sounds like, from your explanation of your background that you are a nerd, and we are like minded in that sense. You have a lot of technical background there. But you also worked, it sounds like very much at the layer eight and layer nine, area with, other human beings and not necessarily with packets going across a wire. Is that right?

Yeah. I think that's right. That, at a certain point, particularly at the Internet architecture board and then here at the Internet society, you know, you you, I don't know, age out of being a a packet nerd and you become an Internet politician.

And, that's, you know, sort of the the the role in in many cases is to, try to look after, the policies that drive the way the Internet evolves.

Right. And that makes sense, which I assume was a good transition for you over the course of those most more recent years into your role now as the president of the Internet Society. So on that, can you explain a little bit about, well, I guess your role, but what the Internet Society does as a a whole and what the mission is of that organization?

Sure. So so the Internet Society is a little over thirty years old.

And, you know, we have a slogan. We like to say the Internet is for everyone.

And, this is, you know, this is really our goal is to make sure that everybody has access to this marvelous tool, that the tool itself is, you know, is is healthy and robust. We think of the the Internet as sort of a global technical infrastructure, but also a resource to enrich people's lives and a force for good in society. We wanna make sure that all of those things are true. So, you know, we work to make sure that the Internet is open and globally connected, secure and trustworthy. And and that's the that's the way that the Internet Society works.

We do this, in a a way that's a little bit like the Internet in that we have, you know, the the this the main charitable organization, the Internet Society, is is incorporated in the United States, but we have chapters, around the world, you know, who are sort of local, exemplars of, of the way the Internet society conceives of the Internet, and they work, you know, for the same vision, within their local context. And, you know, that that's gonna be different from place to place just like, different networks are designed in different ways, but they all make up the Internet when they work together.

So the Internet Society is ultimately cross border. It's international. It's a global reach organization, and it sounds like you are, interested in things pertaining to, technology for sure, to the geopolitical state of how the Internet functions and and its framework. But all in the under the umbrella of keeping the Internet, open and and free for everyone to use. Is that right?


I I mean, one of the critical things about the Internet Mhmm.

Maybe two of them, is it it it's built up of all of these other networks. Right? It's it's a kind of emergent property of other networks rather than a single thing. We talk about it as though it's a single thing.

You know, the Internet is doing this or that or the next thing. But, you know, it just like the traffic on the road, if you went outside and you divided the traffic in half, you wouldn't have two traffics. You just have traffic. And that's what the Internet is like.

Like. Right? It's made up of all of these other networks that are participating to make the Internet happen. And because of that nature, and and and by the way, that happens voluntarily.

The the the networks do it, you know, because they want they get something out of it.

So because of that, it there isn't really any boss of the Internet. There's no central point in the Internet where you can say, okay. Well, we're gonna, you know, make it go this way or that way because there's no central decision maker because it's all of the various networks implementing all of the pieces themselves. And that's very different from other kinds of networks, other ways of building networks. You know? The phone system didn't work that way. It was very much a centrally designed you know, the central office is a critical architectural feature of the phone system in a way that it is simply not for the Internet.

Right. Yeah. The Internet being a global network of networks built largely on trust relationships and, BGP adjacencies that you hope are trustworthy and secure.

Now, Doug, please feel free to jump in at any time, again, because of your, experience working with Andrew, but also as your, I'm gonna say this, your nickname, the man who sees the Internet, you're no stranger to kind of the global ongoings of what's happening on the Internet as a whole.

So I I think, in my mind, I file, Andrew, and the, people that are very good at talking about the big picture of, the whole endeavor of the Internet. And, and I I think people like me, it'd be you as well, Phil, who work in the space, you know, can't help but reflect on how the whole thing has evolved through time and will continue to evolve going into the future. So, I'd be curious. Andrew and I spoke, a few weeks ago and, and I yeah. I'd love to hear his, take on this of just, you know, that that evolution of, like, you know, the I I would I would, you know, in a very simplistic way, say the initial version of the Internet was, you know, every device can reach everything, can receive connections, they're all kinda equal connections to the Internet.

And, yeah. And we've kinda we've evolved to a point now that end to end connectivity is, sometimes not not as common. We've got a lot of people who communicate to the Internet, like, the more recent additions to the Internet of people who access, Internet connectivity do so through a handset that's media through a mobile Gervasi. And, and it's a different Gervasi. But I think, you know, I think of it I look at it from an anthropological standpoint, you know, without you know, passing judgment, just, like, oh, it's kinda changed. And I don't know that any of those people are that disappointed, but they, it's yeah, it's, I don't know. Andrew, do you have any comments on that?

I was just like, I I think it is.

I I think I think it's I think it's on track. I do think that, you know, part of this is, was just the reality of the network address translator. Right? We were running out of I p v four addresses.

We came up with this, idea for the network address translation where you could use a private range in your in your network, and then that would connect to some kind of public range. It was out on the public Internet, and that allowed many people to you reuse those same addresses, but the the the, you know, the internal, the internal addresses. But the the challenge under those circumstances, of course, is that you lose this end to end connectivity because you lose you know, there's a break there. And we've done a bunch of, work to try to make this seem like you've got end to end connectivity across these translators, but it, you know, it is a problem.

You in expanding that, like, there's a there's also the concept of just a walled garden kind of thing. It's another, you know, adjacent, similar concern, to just a strictly end to end connectivity?

Right. So so, I mean, there I mean, one thing, of course, is that there are definitely people who prefer that model.


Who who really want you to live inside their little enclave.

And and and that has, you know, that has technical consequences, but it also has political consequences.

The there's a similar, sort of issue, though, in that many of the people who are interested in the Internet in its early development were, of course, developers of the Internet. So, you know, like a lot of technologies, when they get going, you know, when they start to take off, it's the enthusiasts who are involved with it. And those enthusiasts are frequently the people who are working on the technology itself.

That is much less true today. Right? I mean, we're we're no longer in the era where everybody is expected to hack their own TCP stack, and that's just not a thing.

But that's a, you know, that's a very different, network. And and so people want a a network that, you know, sort of, quote, just works. And frequently, they're willing to give up, you know, some of the more, interesting and, advanced uses of of the Internet. You know, if you have a true end to end model, they're willing to give those up in favor of sort of ease of use.

And you see this actually particularly with Internet of things devices where, you know, we, the people who were interested in the development of that stuff, we all wanted, like, local controllers in a spot. And then, you know, you you sort of had that controlling the the network access and all the rest of it. And you had just have these sensors and actuators, and they're kinda dumb, and they don't really talk to the Internet. But when you actually buy these things in the in the store, most of the time, what you end up buying is a thing that's really a web service, and all of your devices are talking to this web service that is up on the Internet.

And, you know, you you better not have your Internet go your Internet connectivity go out because then you can't turn your lights off, but on or on, whatever you wanna do. But, you know, that's that's the sort of way that this works because it's so much easier to, you know, to build this thing that is just like, oh, well, we'll do it all on the server side, and we don't need these local controllers, and we don't need people who are confused about hardware to, you know, be understanding, oh, this is a an actuator to better not have access to the Internet because it's very stupid.

And that's that's the kind of thing that over time, I think, you know, the the actual uses, the commercial uses, have tended to put pressure away from the end to end model and and much more towards this kinda consumer, you know, service.

I mean, it does make sense though because from an operational standpoint, from an architectural standpoint, from an ROI on just racking and stacking gear and then running this stuff, You you want ease of use, because, you know, man, you mentioned, you know, if you don't have your IoT devices talking to whatever server, the lights don't get turned on and turned off. And that's true. I get it. And there are a lot of, I guess, mundane things that we use the Internet for, but there's a lot of mission critical things.

It's it's, it's been a debate, I think, less so now, but I remember getting into networking fifteen years ago. And it was a debate is is access to the Internet the Internet itself a commodity like my local water municipality, or something like that, considering that at first, it was a, not a diversion, but it was something that was an access to entertainment like TV. Although TV provides information. So that's not a great analogy.

But then over time, we now use the Internet, perhaps, as for most people, their primary source of information, primary source of education and and access to information that's necessary for their lives. So I think, that that makes sense that there was that change as well. I don't know if that's for the for for the good or for the bad necessarily, but I do understand the the logical reasoning for that change in the paradigm of how we access the Internet.

Does that make sense?

Totally. I I mean, you're right that, you know, we could debate the merits of whether this is a good idea. And I, you know, I can see arguments in either direction. I mean, the the the obvious problem with giving up the end to end model Mhmm. Is if you have a, like, you know, a hundred million devices that are all talking to this central point, then that central point becomes a giant target, in a way that, you know, a very distributed system, is not. And and we've seen that that vulnerability sort of express itself over and over again on the Internet, particularly as you get these sort of, you know, too big to fail kind of companies that are running very large infrastructure.

Yeah. Like cloud cloud organizations, the web scale organizations that we all rely on for sure. What do you think caused that shift, though? I've I kind of alluded to my idea that it's just because it became more of a the Internet rather became more of a commodity than just something that we use for, you know, social media. But what do you think caused that shift?

Well, some of it is economics. I mean, you know, you you you need to you need to get big.

And getting big is easier on the Internet if you specialize in one thing and then do it really well for a lot of people.

So that's, you know, that's that's one reason. Another reason actually is that the Internet turns out to be hard.

Like, you know, doing a good job with, any one piece of, a piece of the infrastructure in particular online is is a complicated problem, and it requires a lot of expertise and so on. And, you're only gonna have so many people who, you know, who have the who have this expertise. And, also, you're only gonna have so many companies who can really afford to do this. You know? If if everybody's running their own DNS, you know, every mom and pop shop, you know, corner store and the all the universities and everything like that Mhmm. None of them has the really the capacity to hire people who can do the who who can build the protocols.

Whereas if you have a company that is working in DNS or in BGP or in, you know, the the HTTPS or any of the protocols, you you you you get a certain scale where suddenly it becomes worth it to have that kind of expertise on staff.

But the challenge with that you know? So so that's that's a positive thing. You it keeps people employed, but, also, it it means that you've got this these real experts in the in the system able to put their, you know, their brains to work on the problems that are happening in a real operation shop.

On the other hand, it it then you know, like, the just the realities of of business and paying people and so forth mean that there's gonna be a smaller number of those, of those companies. And and this is the story of concentration and consolidation on the Internet over and over again. You know, I I I hear people, for instance, being very concerned about AWS's prominent place Mhmm. In a lot of things.

On the other hand, you know, you can rent by the hour today facilities from AWS that were like, nobody in the whole world could have built twenty years ago. And that's a, you know, that's a that's a real innovation. That's a thing that we got out of, out of that power. And I I think it's important to remember that, you know, this cuts both ways.

It does. And the scale, I think we can look at it in a couple different ways as well. Of course, the scale of the back end infrastructure, and we're talking about cloud providers and web scale companies that are providing a Gervasi, and also the scale of of of the the sheer number of folks that are now able to access the Internet.

Sometimes, yes, for nefarious purposes, but a lot of the time for very good reason to get information to connect with other people. I I just, was talking to an acquaintance yesterday, literally yesterday, who just came back from several different places that he, was visiting for work, and one of which was in Southeast Asia. And he just made the comment that many of the folks that he met weren't able to afford a computer, but they all had mobile devices, and everybody had many different apps they were using on their phone. And, and that was everyone.

That was everyone. So if you just multiply that out, the hundreds of millions and billions of people in the world, you know, the the scale of of of of the access to the Internet requires and necessitates that back end, whether we like a huge cloud provider or not, but it necessitates that highly robust back end, and the resources to build it in order to provide that access to them. So, this is this is on a global scale, though. We're not talking about the United States or Canada or name the country.

We're talking about global scale. So I I'm very curious about your, role in working with that layer nine, the political layer, and what you see as the role of government, especially when we're talking about nation states that might have conflicting interests. So how does that work, as far as your role in the Internet society, but, of course, your opinion as well?

So, I mean, we we're definitely in the era. You know, the Internet society has just published its, its twenty thirty strategic plan. And and one of the things about it is that it it there's quite a lot of focus in it on on these kind of human elements in defending the Internet against these various kinds of incursions.

And that's because it's just become a big target. Right? When when I I'm sure when any of us on, you know, in in this, in this podcast connected to the Internet the first time. If you if you asked anybody who who didn't have a connection, you know, do you want a connection to the Internet? That that would have been like, you know, either what's the Internet or else they would have said yes. Those were sort of the two options. There are people now, weirdly, they go on Twitter to express it, but or x, whatever we call that.

There are people now who think that the Internet was a bad idea and that it should be shut down and that it should be closed and that, you know, you should prevent people. I I I just saw that the, surgeon general in the United States is apparently recommending, warning labels for, for social media platforms.


You know, like cigarettes. And and I think, you know, that that's a that's a sort of it's a not very helpful analogy. Right? Because, you know, they're like, there isn't a thing that the cigarettes are gonna do for you that, like, make your health better, but there definitely are things that people use social media for that make their lives better. And I think that, you know, we we we need to pay attention to that. But the way the discourse has moved has been to this very kind of, you know, oh, the Internet is this evil demon that is coming to ruin our lives.

And you see that happening over and over again. We see the incursion, not just of governments, like, sort of coming in, but all of them coming in at once and coming in frequently in inconsistent ways.

In the United States, it even happens at the state level where we have the individual states, you know, attempting to to, you know, ban, TikTok at the border, however that would work. And, you know, this is a a very weird like, if you, you know, if you went back in time and told somebody in nineteen ninety five, yeah. Yeah. Up there in the future, they're gonna start trying to control that, like, street by street. You just, like it it would have been an insane idea.


And yet that is the kind of proposal that people are making now.

I I guess I see, that that's that's also a role for, the Internet Society, right, Andrew? I mean, that's that's my understanding is when when those, discussions come up in, the public space, then the inner society can, from a technical standpoint, offer, a point of view that hopefully base helps attempts to base, any, you know, pending legislation in some technical reality. Is that correct, Andrew?

Yes. That that is one of the things that we do, and we've published a toolkit to try to help people, you know, work through some of these things themselves. But most of the time, like, we find that, you know, it's it's useful for us or maybe some of our chapters or whatever to intervene in these events to try to get people the information that they need in order to in order to make for good policy. And and it's very difficult, often to convince people of this because, you know, in if you think like, one of the things that I've noticed, recently is when I think about some of the conversations that are going on about the Internet and how we're gonna regulate it, they feel very familiar. Like, there are a lot of things that are going on now that, like, I remember them from nineteen ninety five.

How are we back here? Well, the reason we're back here is because the, you know, the idea didn't go away, but the people aged out. And in ninety five, the, you know, when the when the network was first becoming publicly available because remember, the the memorandum or the, the acceptable use policy that, that the, NSFNET had restricted commercial traffic over the NSFNET backbone, and that came off in nineteen ninety five. And so the the Internet suddenly went from, like, just a research project into something that you could use commercially.

But because it was commercializing at that time rapidly, you know, legislators and and regulators and so on took the opportunity to say, okay. Well, like, probably this is a new technology. We need to consult with some people who know about it and all the rest of it. But the people who are making those policies today, you know, because most policy and and most of these kind of laws and everything are written by young people. You know, the the legislatures are really old, but the the assistants in there, you know, the the the, legislative assistants in the in the offices are very frequently quite young.

So most of them have never been without the Internet. They don't know they can break it.

And and we've seen this over and over again where, like, you know, there's just a sort of fundamental mistake in the theory of how the Internet works that is underlying, you know, a a piece of legislation or whatever. And, you know, if that were you know, if this mistake were true, then the legislation would be perfectly good, and it's just just unfortunate that, like, that isn't how the Internet works at all. And so the legislation comes along, and it it you know, it's fundamentally at odds with how the technology works.

And and then it you know, and then the legislation never meets its goal either. And we've seen this happen more than once.

I'm in Canada, and, you know, there was this online news act that came in, for instance, that the government of Canada brought in. And, like, anybody who knew anything about the Internet knew that Facebook was just gonna turn off news links in Canada. That's what they were gonna do.

It was the only sensible thing for them to do from a compliance point of view. And so that was obvious to all of us, and it was completely not obvious to the people who are who are advocates of this of this law. And that's, you know, that's one example, but it's an example that we see over and over again in Internet policy where, you know, you've got this fundamental mistake underlying the, underlying the way that this the the legislation's supposed to work, and then everybody's surprised that the legislation doesn't work.

Right now, at this moment, we have the, in the United States, we have the FCC has gotten involved in trying to maybe, I don't know, if legislator or, you know, create rules around routing security. So that's one of my areas.

And I, you know, I think directionally, I'm I think we're probably all on the same page, and, and hopefully, there's no unintended consequences. But this is an area where, I don't know. I I actually maybe you have an opinion on this too, but in you know, I've been I've been reporting over the last couple of years of just, you know, the adoption of specifically RPI ROV is kind of the technology of the day that we're trying to push. There's a more gonna be additional measures to improve the the areas that that doesn't address in the coming future. But right now, we've actually made a lot of great strides in, in adoption. And, what those of us in the expert community have been trying to communicate to the government is that, you know, it can you can have you can make progress here without, having a, a legal requirement. You know, if the US government wants to create ROAS and reject invalids, that's that would be great if they, you know, deployed RPKI ROV.

But, yeah, it's it does I think a lot of us have, some concern around unintended consequences or how this, also just overstating the benefit. Like, the routing security is just a huge topic and, ROV deals with some of the easier, problem, types and addresses it well, but, some of these harder things are gonna require other stuff down the road. And I feel like we're gonna come back to it, and people are like, well, didn't we do the routing security thing? Like, well, we gotta do another thing because there's, the last one doesn't doesn't cover all the bases. We kinda over, overstated some of the, the benefits, or that it would, you know, completely re solve the problems.

But I I guess, you know, I think this all of this discussion, you know, with the government's getting involved in the Internet is a product of the Internet obviously becoming central to modern life and our economies.

And that's something that, again, that was probably gonna be a natural outcome of, you know, going back to the initial inception of the Internet being this borderless, thing, that those days are long gone. You know, we've left that area a while back and, I've made the comment to Phil or he repeated about the I'm not the only person who said this, like, this Westphalian, this this treaty of Westphalian as that's kinda maybe perhaps incorrectly, characterized as the moment that, you know, western powers decided that every stitch of land belongs to one country or another. And now we've got, you know, every every bit of the Internet is gonna, fall under the jurisdiction of some country who's gonna attempt to impose their their rules, imperfectly as it may be, and that's kind of, where we find ourselves now, and that's probably not gonna change anytime in the, near future.

Well, I mean, that that's it's true that the governments are gonna are are you know, governments are gonna govern. And I think we have to recognize that governments do have a responsibility to their populations to, you know, look after them.

At the same time, you know, you can't there seems to be this idea, and I've noticed this over and over again with code generally with, you know, computer code. There's this idea that, like, it's sort of infinitely plastic because we made it. But that isn't actually how technologies work. Right? I mean, technologies make facts. And having made those facts, they've changed the world. And now you've got the world has changed in this way, and now you wanna do something about it.

And and so what I see is a little bit challenging in some of the some of the attempts to, you know, to impose some of these regulations is that the, the attempts are actually at odds with the way the Internet works. And a good example is exactly this border stuff. So, you know, we see a lot of efforts to, you know, demand that, data be in a country, whatever that would mean, and, you know, sort of so called data localization or data nationalization. And and there's a lot of that kind of stuff.

Sometimes you get people saying, you know, I don't want the I don't want the traffic to leave the country. Like, what does that mean? Right? In in like, that was that's a perfectly reasonable thing to think about if you believe that you can trace all the wires, which, of course, you used to be able to do in the phone system.

But we haven't been able to do that in the phone system or on the Internet forever. Like, it's just a long time since that was the case. And data localization is actually harmful. Right?

You you think, oh, we're gonna keep this data under the right, under the right place, but, of course, you then lose the the, advantages of geographic dispersion of, of the storage of the data so that, you know, if something really bad happens in one locality, you don't you you haven't lost the data. It's it's somewhere else.

And that's a thing that the Internet brought us, that cheap and easy and, you know, disposable, data sort of connectivity.

That's a real advantage of the Internet. And we're, like, trying to legislate it out of existence partly because, you know, we've got these other concerns. They're legitimate concerns. Right? I mean, the the concerns that people have about privacy are legitimate concerns. And the reason we've got those things is because we've got certain companies that and certain governments that don't respect that privacy.

But the solution to that, of course, is not to break the Internet. The solution to that is to regulate the behavior of the of the people who are misbehaving themselves. And I think that, you know, we're a little loathed to do that frequently partly because the legal structures that we're working within are not really well designed to regulate, you know, corporate behavior.

And so instead, we're gonna, you know, we're gonna break the Internet in a little bit, you know, to to try to discourage this. And this is, you know, this is a little bit like trying to, you know, solve the problem of street racing by, like, you know, making all the cars have, like, slightly flat tires, so that they, you know, they can't really they can't really be stable.

Yeah. On the data sovereignty, I know there was a a a great paper, a number of years ago. It kinda went through the and some of the downsides of this is having like I say, you're in a, you're in an authoritarian country, and you would like to have your stuff saved by Google, let's just say.

And the chance of, Google, they might they might generate some ads based on the content you're saving there, but they're less interested in your political activities.

Whereas if you're forced to host this locally, it's under you know, can be accessed by through legal intercept by the local, authoritarian government, then data sovereignty isn't helping that person out very much and maybe helping the, survival of that government perhaps.

But, yeah. And then you mentioned, like, just the the economies of scale of, cloud providers could probably secure something better than, the local mom and pop, cloud hosting provider. And there's a there's a a variety of there's an argument to be made there, against that, but I you can you can see where it comes from.

Yeah. I guess maybe, shifting onto, you know, like, just exploring this, you know, these these risks looking into the future that we exist we live with them now of, these pathologies, ranging from, you know, just either censorship or full out, you know, Internet shutdowns. These are things nowadays happen on a regular basis. I've I've kinda written that the, the big shutdown of, the Internet in Egypt during the Arab Spring was kind of like a have a watershed moment that kinda ushered us into this era that we live in today of countries shutting down the Internet, on a, you know, somebody there's some shutdown somewhere almost every week. And, yeah, and then, like, you combating these things, it's it's a, it's another, you know, seemingly intractable problem. It's very hard to get a bad government to stop doing a bad thing, from the outside.

Well, I mean, you know, there are going to be governments, who just don't care, that they're, you know, having negative consequences for their economy or for the, you know, political and social life of the nation. I mean, there are there are such governments in the world.

But a lot of the time, the governments are pursuing these, these, these policies out of a, a sense of, you know, a positive sense of, of of duty to their populations.

So they're trying to protect people, and they say, well you know, or or they're trying to protect a system. Like, for instance, every time every time you hear about a shutdown because of an exam, it's right? What they're really trying to protect is the answer key.

And they, you know, they don't wanna give up on the system of, like, one answer key for everybody using the same exam. But, you know, we've known for, well, as as long as the, as long as standardized testing has been around that you really need to have, you know, multiple versions of the test or you're gonna have a you're gonna have a cheating problem.

So so, you know, some of those things are are actually well meaning. And, you know, what you really have to do is is kind of educate people and say, like, you know, these are the disadvantages you're you're you're getting. You know, we have these cases where, you know, legitimately very bad information, for instance, is online somehow.

And, you you know, it's, terrorist content or, like, you know, really horrible stuff with decapitating people and so forth. And, you know, you do want to you you wanna say, okay. Well, we wanna prevent that from circulating because it has these negative social consequences.

But the danger, of course, if you do this with a shutdown, or you do this with various kinds of orders, is that you catch all kinds of other people who weren't looking for that at all. Right? So every time, you know, the mobile network is ordered shut down in some geography because there's some sort of terrorism event going on there. They're trying to suppress the the the content.

The the the other thing that happens, of course, is everybody who's trying to get away from this terrorist event by using their Google Maps suddenly doesn't have a doesn't have that either. And the first responders don't have the most reliable and cheapest, network technology we've ever had to improve communications under, under different, difficult circumstances. So I like, it, you know, it really does have these negative consequences, to undertake those those sort of shutdowns, and that's to say nothing of the economic consequences. So, you know, I'm very pleased actually that we came up with this net cost, tool at the Internet Society to try to measure, like, you know, what are the real consequences of these shutdowns.

And they're much they're much more systemic than you would think, but in but, especially, they're much more long lasting than I think a lot of people think. But what happens you know, people think of the shutdown as, like, you know, it's like the light switch. You turn it off, you turn it back on, the light comes back on. But in fact, on the Internet, when you turn it off, there are a bunch of people who are running services in that network who are suddenly like, oh, now I can't maintain my service in there.

So the first thing that happens when the network comes back on is they remove all the services because they don't want them, you know, they don't want them living inside a network where they can't maintain that service, in the future. And so this actually makes your network worse over time. You sort of gradually make it less capable.

And that's, that's one of the things that really, you know, I find tragic in watching what's going on in Russia where, you know, the the government has been pursuing this, sovereign RU net for more than a decade now, probably two decades now. But this has been you know, they're they're always trying to make sure that they can do shutdowns and that they can, you know, cut it off from the western Internet, whatever that would mean.

And and what's terrible about this is that the the sort of immediate post Soviet networks were built in a very Internet like way. You know? On the Internet, we build things with high redundancy, and we build them out of cheap garbage. Right? So we we just ship a lot of garbage boxes and we just have twenty of them and then everything will be fine.

And that's been, you know, the the technique. Now it's not very efficient, but it actually produces pretty high efficiency, overall because you don't have to have these very, very complicated, highly perfect, network devices that you had to have it, for instance, in the phone system. So Russia was built that way. The the Russian networks were all built that way.

They were very, very robust despite the fact that a lot of the time, this was with, you know, not especially good equipment and so on. Well, now what's happening, of course, is that the government, through orders, is gradually shutting this down, and what you get is a more fragile network than it used to be. That when, you know, when something goes wrong, things happen, in in Russian networks that didn't used to you know, you used to be able to detect them, but you'd see, oh, there's a little flap here and this other network picked it up. And now, because, you know, it's gotta be like the the officially approved of, network operators.

You know, if they all have a bad day because they were having, I don't know, some kind of group think, and so the the design isn't that great, Then you have, you know, outages that happen, sort of, you know, as an aside to those kinds of developments. And I think that's a real shame. I I think it's it's terrible to watch Russia doing it.

Andrew, I have another question. I'm curious of your your involvement on this issue. Kind of the flip side of the Internet shutdown is, it's gone by different names, but sometimes it's referred to as server side sanction, stuff Mhmm. Where, now we're talking about US cloud companies blocking, communications from countries that are sanctioned.

So typically, it's Iran, Cuba, North Korea, thing countries that show up and there's low you know, usually, like, a common list of less than ten countries. Right. And, and we have a lot of US companies, that just wholesale block, traffic from these, countries. And in in a what I believe to be, I'm not a lawyer, but, it's a over compliance with sanctions.

I don't think that's like, there's there is a, a prohibition of accepting money. There's a that that that's well, I think, understood, but the packets, just not even accepting a packet seems, an over compliance.

Do do you have any, involvement in that issue, or or did the Internet Society ever get involved in that kind of stuff?

Yes. I mean, we we talk about these things, and, you know, it's primarily because all of these sorts of special case, treatments of networks that are participating in the Internet are a kind of network damage. Right? They they they look to a router like somebody is in the way. And what the router is gonna do, because routers are gonna route, what they're gonna do is they're gonna send the traffic around this problem.

And so, like, while these kinds of things can be effective in that, you know, yeah, you're complying with the with the with laws. I, again, I tend to agree with you Very often, some of these full, like, just block, kind of things are, over compliance.

There isn't actually a requirement to do that. But the other thing about it is it doesn't do the damage to the people you want. The the sanction isn't actually having the effect that you want in that case because the governments in those places frequently have the the resources to be able to, like, you know, reflect their, requests through some other third country that can be neutral or whatever. So it's actually only the citizens of the country who are suddenly you know, now they're now they're disconnected. We saw this quite dramatically at the beginning of the of the Russian invasion of, invasion of Ukraine, where there was a lot of call to, like, you know, shut down Russian networks.

And, you know, I I remember looking at these things. It's like, well, you're not gonna actually do anything against the military networks. The military, they they've got lots of ways to to talk to the rest of the world. They're gonna go around it.

You're the only people you're really gonna affect are people, like, trying to find out the news about their sun at the front.

And that's, like, that's a terrible thing to shut off access to those people. You know? Because they're the only hope that you've got for kind of political pressure within that country to change the policy involving involving the war.

There isn't anybody else who's gonna, you know, put that pressure on. And so if you're gonna deny that that population the benefits of being able to connect to, you know, get the kinds of information that you can get over the Internet, I, you know, I think you're doing damage, even to your own political goals.

Yeah. Andrew, before, I wanna make sure I get asked this question before we run out of time. But, so you and I back, we were both at at Dyn, back in, October, twenty sixteen when there was a pretty big DDoS attack, against us. So to set the stage and I had a, you know, a little bit of a background in the in this, because I this was this was the Mariah attack.

Mirai was like the new, botnet that was using IoT devices to launch attacks. The prior month, I had, worked with the security blogger Brian Krebs, and he and I had, put out, yeah, some research and then he got hit. He was one of the first to get hit with the Marai botnet and then a month later, dying got got whacked.

And I, you know, I I think you did a great job in those days and the days following of just, like, putting that, you know, trying to get our heads around the size of this new threat to the Internet. And, I wonder if you could comment on, you know, there's been a with the legacy of that, and where we stand today. You know, what's, why is that still an important event?

Well, one reason it's still an important event is because it was sort of, you know, the beginning of, the sort of never ending escalation of denial of service attacks, which is just getting bigger all the time.

And, you know, so you've got a a sort of, arms race between the attackers and the providers of network services.

And what that necessarily means, of course, is that the providers of network services have to get bigger and bigger and bigger to, you know, to absorb these attacks, and have to get better at, you know, sort of detecting them so you can shut them down and so on.

And what this, what this creates is a is a network where, I I think I use one of those, like, you know, from a ride. You know, you you must be this tall to, to operate network services.

And and the challenge, of course, is that, like, that height requirement keeps getting taller because, you know, you can't just you can't just, like, invent something in your garage and put it up on the Internet because it's, you know, it's gonna be taken down in seconds if you're if if you don't have the the necessary protections. And all of that costs money.

You know, so the the the thing about the Internet in its early development was how easy it was to deploy things on it. And now it's still relatively easy to deploy, but it it requires, you know, considerably more sophistication than it once did. So that's one issue. It it's this sort of, you know, that you get more concentration. You get these sort of larger companies that have to do these things, and everybody has to use them. Part of the reason the dying attack was as effective as it was, was because we had a lot of customers and a lot of, you know, important media customers. People were looking at those websites.

Well, you know, if if it was if it was more like the network of the, you know, early nineteen nineties, everybody would have been running their own DNS. And so, like, you know, the Mirai botnet would have attacked, like, this one DNS server, but it wouldn't have mattered that much because it's a small number of sites that would have been affected. So that's the, you know, that's the, sort of trade off that we're we're we're getting there because we, yeah, we have these companies with really excellent provision, and they've got capabilities that nobody could afford to do on their own. On the other hand, you've got a big player that becomes, sort of vulnerable.

The other thing about it, though, you know, just reflecting on the the way the Internet of things devices, were deployed in this.

The you know, many of us sort of thought, oh, well, this will be the moment, you know, sort of like the Windows virus problem was for the home gateway. Right? But, like, it'll it'll just cause network providers to, like, insist that some of this stuff gets better.

And none of that happened.

Right? The the the security on a lot of stuff that's shipping now is just absolute garbage.

And, you know, things that we've known for years you shouldn't do, are still being shipped, you know, by default. There are places, however, where, those things are getting illegal. So so what's interesting is and and I I recall wording about this, in fact, around that time as well, that, you know, it was it was the it was the, unsafe at any speed sort of moment where you'd get these, you'd you'd get this call for regulatory reaction to the Internet because of these dangers that are happening, to it. And, you know, you have to be careful what you wish for in those cases. You know, regulations in the automotive sector have made cars much safer and in some cases have made them quite a bit more fuel efficient. But they've also perverted the the market, you know, with people sort of playing at the edges of these regulations to try to, like, cause their thing to be a truck instead or other kinds of stuff like that in order to evade the the the, mark, the the regulation.

And we will see you know, we see similar things happening on the Internet where people are sort of playing games at the at the margins of, you know, regulatory, response. And we'll I think we'll continue to see that, and that makes for a much more fragile network environment because, you know, you've got all these special cases that get built in whenever you do that kind of stuff.

On that note, I think it is time to wrap up. So thank you for asking that question, Doug, and, Andrew, of course, for the response.

So, as we do end, I I'd like to turn it back to you both gentlemen. Andrew, if folks have a question for you, a comment, or if they'd like to learn more about the Internet Society, how can they find you online?

Well, I'm easy to find online. I'm sullivan at isoc dot org. I I'm also, Anvil Walrus Den on, I still call it Twitter, but whatever we call it today.

And, you know, I'm I I sort of, hang around that way. The Internet Society is at internet society dot org, you know, and our website is there. The Internet Society does have individual membership, and it's free. You can join us and, you know, be part of the movement to, to make sure that the Internet is for everyone. We are, however, a charity in the United tax receipt. So, you know, you know, consider us at your, at your next, giving moment.

Thank you. Thank you. And, Doug, how about you?

Yeah. I'm at Doug Madory on, Twitter, x and, as well as LinkedIn. Those are probably the best places to reach me.

Great. And I am still very active on Twitter, network underscore Phil. You can search my name in LinkedIn, my blog network phil dot com. And now if you have an idea for an episode of Telemetry Now or if you'd like to be a guest, I'd love to hear from you. You can reach out to us at telemetry now at Kentik dot com. So for now, thanks very much for listening. Bye bye.

About Telemetry Now

Do you dread forgetting to use the “add” command on a trunk port? Do you grit your teeth when the coffee maker isn't working, and everyone says, “It’s the network’s fault?” Do you like to blame DNS for everything because you know deep down, in the bottom of your heart, it probably is DNS? Well, you're in the right place! Telemetry Now is the podcast for you! Tune in and let the packets wash over you as host Phil Gervasi and his expert guests talk networking, network engineering and related careers, emerging technologies, and more.
We use cookies to deliver our services.
By using our website, you agree to the use of cookies as described in our Privacy Policy.