I have a few questions not knowing all that much about BGP other than thinking of it in terms of a higher level DNS system for IP routing.
What gives Syria the authority to do this? What gives anyone authority to do this? What prevents malicious routing?. Could they route all traffic to 8.8.8.8 and overwhelm another network? If it's ICANN, can they come in and revoke control and give it to a third party intermediary?
It has been rumored a small staff of 6 stayed trying to keep the routes up. Their current status is not known. I understand in those cases no intermediary would help. But from a pragmatic standpoint, I'm curious.
While I understand this goes against the "rules" but if I have a DNS server and the roots drop a zone, and I don't agree, I can add it back in. As a local user I could add to etc/hosts like in the old days.
The above assumes I had a large user base like openDNS or google pDNS to be effective. Can the same be done with BGP? Can major broadband providers decide to ignore the dropped routes and send traffic along?
I understand Syria would just toggle off some other "switch" and terminate core routers but it would at least send a tiny message of sorts.
How are they stopping satellite access?
How are they stopping cellular based access?
Is there any form of TCP over Ham radio? TCP over laser? USB over carrier pigeon (seriously)? What are the bare bones options here for getting data in and out and where is that closest point of access?
No one has put in long range wifi links of the 20 mile line of site type, or is that still too short a distance to get a few users online?
What about dialup?
If CloudFront can see this much traffic, they must be doing pretty well. What is the point of Facebook, reddit, and many others using CDN's and Amazon and such when they could probably half their hardware and push the rest to ClouFront. Or is CloudFront really only best for static sites that are hit hard and need lots if bandwidth. Dynamic sites would still bottleneck at the database/drive/physical/etc layer?
Thanks. Sorry if these are rudimentary questions. I haven't even met that many people who have had BGP access. I'm going to go look up what the format files look like now, just out of curiosity.
> Can major broadband providers decide to ignore the
> dropped routes and send traffic along?
IIRC, each router makes it's own decisions. Take the following route:
A - B - C - Syria
Assuming that there are no published routes to Syria, if node A tries to send a packet to Syria, the only node that can force a packet onto the Syrian routers is node C. If node B decides to ignore the lack of a published route and forwards the packet to node C, then node C will just drop it (possibly sending an error response back). Even if the node C forces data over the Syrian connection, the Syrian routers won't act on it.
This is my understanding of how it works.
> How are they stopping satellite access?
Presumably very few Syrians have satellite access. If they are from a Syrian provider, then it's pretty easy to cut them off. If they are with a foreign provider, not so much. On the other hand, if you were in Syria when they Internet was shutdown, you would probably be very secretive about your foreign satellite access. If only because men with guns might have something to say about it.
> How are they stopping cellular based access?
Presumably because the state can go to the cell providers and shut them down. What is Syria's cellular data infrastructure like?
> Is there any form of TCP over Ham radio?
There are ways of getting Internet over HAM radio, but this probably runs up against the same friction as a foreign satellite connection. Especially since the equipment would be more conspicuous.
> TCP over laser?
Really?
> USB over carrier pigeon (seriously)?
USB is a client-server protocol. It probably wouldn't do too well over a carrier pigeon.
> What are the bare bones options here for getting data in and
> out and where is that closest point of access?
Probably a directional antenna pointed over the border to a line-of-sight receiving station.
> What is Syria's cellular data infrastructure like?
Well, there are 2 cellular providers. One is completely state owned and called "Syriatel" and the other is MTN(http://www.mtn.com/). Though MTN is extremely heavily regulated by the state.
Also, Syria enforces a web filter(similar though not as sophisticated as china's) which also affects browsing over the cellular data network. So even cellular providers eventually go through some choke point which is state-owned so that the filter can be applied.
In other words, if the state wants to cut off internet, cell isn't going to save you.
> USB is a client-server protocol. It probably wouldn't do too well over a carrier pigeon.
They can't stop satellite access or dialup to modems outside Syria (unless they spike the 'phone network), or TCP over HAM radio, or anything else like that. More than likely there are people getting access like this. However, anyone using any of those methods won't have an IP Address from the block assigned to Syria, they'll have an IP address associated with the Internet access provider they are using (Satellite, dialup to another country, etc).
There are surely people online in Syria, just are there are people online in North Korea (very few). They're just not going through the official channels and their IP then appears to come from neighbouring countries/the US etc.
And yes, if the phone system is still operational, the easiest method is to use an international dialup service.
International phone access in Syria is abysmal though. I've been there and to call my parents in neighbouring Lebanon would sometimes take me ~20 attempts to get a successful phone call through. It almost never worked in less than 5 attempts. My hunch is that they artificially limit the number of simultaneous international phone calls so that they can more easily monitor all of them.
Further corroborating that theory, when we first got there, we were told by Syrian friends never to discuss anything that might be possibly misconstrued as political over the phone and especially international calls. I was there when the trouble started(I eventually left around June of 2011, some 3 months later) and during that time I'd have friends/family call to check up on me and I could never give any status updates about what was happening just that my surrounding area was calm and that I was fine.
TL;DR; I would guess that international dialup, if you even managed to keep it up for any length of time given the difficulty of calling international would quickly flag you as "suspicious" as these things are heavily monitored.
What gives Syria the authority to do this? What gives anyone authority to do this? What prevents malicious routing?. Could they route all traffic to 8.8.8.8 and overwhelm another network? If it's ICANN, can they come in and revoke control and give it to a third party intermediary?
It has been rumored a small staff of 6 stayed trying to keep the routes up. Their current status is not known. I understand in those cases no intermediary would help. But from a pragmatic standpoint, I'm curious.
While I understand this goes against the "rules" but if I have a DNS server and the roots drop a zone, and I don't agree, I can add it back in. As a local user I could add to etc/hosts like in the old days.
The above assumes I had a large user base like openDNS or google pDNS to be effective. Can the same be done with BGP? Can major broadband providers decide to ignore the dropped routes and send traffic along?
I understand Syria would just toggle off some other "switch" and terminate core routers but it would at least send a tiny message of sorts.
How are they stopping satellite access?
How are they stopping cellular based access?
Is there any form of TCP over Ham radio? TCP over laser? USB over carrier pigeon (seriously)? What are the bare bones options here for getting data in and out and where is that closest point of access?
No one has put in long range wifi links of the 20 mile line of site type, or is that still too short a distance to get a few users online?
What about dialup?
If CloudFront can see this much traffic, they must be doing pretty well. What is the point of Facebook, reddit, and many others using CDN's and Amazon and such when they could probably half their hardware and push the rest to ClouFront. Or is CloudFront really only best for static sites that are hit hard and need lots if bandwidth. Dynamic sites would still bottleneck at the database/drive/physical/etc layer?
Thanks. Sorry if these are rudimentary questions. I haven't even met that many people who have had BGP access. I'm going to go look up what the format files look like now, just out of curiosity.