When The “Political” Layer Impacts The Internet

The Internet is a wonderful media, based on strong routing protocols like BGP. Originally, the Internet was designed to be “unbreakable” (of course, it is not): If a path to a network is unavailable, an alternative (or backup) path will be used. BGP is designed in this way: based on strongs rules, it decides which path(s) use to send packets to a remote AS (“Autonomous System“). Those rules uses all of the seven layers of the OSI model.

Unfortunately, a layer “hiehgt” (8) was created by network administrators and was called, in the Internet jargon, the “Political layer“. Why? BGP don’t care about political (read: external) factors! It will always choose the best path based on available technical information. Let’s have a look to a beautiful world where all ISP’s are working hands to hands and imagine the following network topology:

Network Example #1
Network Example #1

In this topology, BGP will send the traffic between ISP_A and ISP_D through the vertical 2Mbits pipe. Which is the best path (lowest number of hops). In case of unavailability of the 2Mbits pipe, alternative paths exists via ISP_B or ISP_C. What a wonderful world! Helas, the business always changes and we’ve now a new topology:

Network Example #2
Network Topology #2

What changed? The ISP_D had a great opportunity to increase its pipe to ISP_C due to a business alliance (read: for (almost) free)! They’re now part of the same group called “BIG_ISP”. On the other hand, the 2Mbits pipe remains from an old carrier contract and its costs have a negative effect in the ISP_D revenues. What will append? On a pure business point of view, the preferred path is now the 5Mbits pipe!

Unfortunately, BGP has no idea of the business! His algorithm remains the same: the best way is the very expensive 2Mbits pipe. There comes the “Political layer”! ISP_D network administrators will force BGP to send traffic through the brand new costless 5Mbits pipe! How? There are several ways to achieve this but a common and simple one is called “AS-path prepending“: you fake a very long AS-path to cheat with the BGP algorithm. Results can be disastrous for smaller companies like ISP_A: if all traffic sent from ISP_D to ISP_A passes now via ISP_C, this can lead to congestions on link between ISP_A and ISP_C! This can also lead to asymmetric routing.

The same kind of problem occurred a few days ago when Sprint stopped his peering with Cogent. Read the story here. What’s a peering agreement? It’s a direct connection established between two Internet providers to exchange easilytheir direct customers traffic. Generally, it’s a win-win situation and can help local Internet users to not cross the whole world to reach a server located in the same area. Often, peering are setup via Internet eXchange point (aka “IX in the Internet jargon). Each country has its own IX: BNIX in Belgium, AMS-IX in the Netherlands or LINX in UK. Generally, a peering agreement is signed by both parties to avoid problems like the one seen with Cogent-Sprint. By using peering agreements, the network costs can be drastically reduced: the ISP rent a single correctly dimensioned pipe to the IX and exhange as much traffic as possible with other ISP’s connected.

Note: configuration has to be properly done to avoid being a “transit AS”! Otherwise, malicious ISP’s could inject their traffic via the peering agreement and use others ISP’s international backbone for free! That’s why BGP is hard to setup and maintain and is reseverd to big organizations.

Leave a Reply

Your email address will not be published.

This site uses Akismet to reduce spam. Learn how your comment data is processed.