Wednesday, February 06, 2008

I am a lineman for the county...

So what about those submarine cables then? There has been a mass of blogfroth about this, but I'm quite surprised by the degree of mis- or possibly dis-information that is circulating. For a start, Iran is not without Internet connectivity, whatever this webpage says. It shouldn't be this difficult; after all, the route to anywhere on the Internet is public information, because that's how it works. If you're familiar with Internet routing, you might want to skip the next paragraph...or three.

OK, so we all remember what the Internet is, right? A set of diverse interconnected computer networks, using various standard protocols to make it all work. The two we need to think about here are the Internet Protocol (IP) and the Border Gateway Protocol, BGP. IP specifies how Internet traffic is broken down into packets - discrete messages - and how these are routed between the networks. Routers receive packets and forward them to routers nearer their destination, usually preferring the shortest path. This routing is stateless - each packet is treated as if it was the first - and nondeterministic, so all the packets in one session of some higher-level protocol could theoretically take different routes to their goal. This is why the Internet is capable of routing around a cable break.

But where does the router get its information from? How does it know which of the routers it can see is nearest to an arbitrary destination? Well, it looks this information up in a list, called a routing table; but where does it get the list from? This is where you need BGP, and specifically External BGP or eBGP. Remember that the Internet is all about the relationship between autonomous but interconnected networks; BGP deals with how the router at the point of interconnection between two networks behaves. It announces to everyone it can hear which blocks of IP addresses are behind it, and they announce to it which blocks they have a route for. And this happens further down the track; a third network beyond the second will be informed that you are there.

The effect is to distribute around the Internet a complete routing table. It can and always does contain multiple routes to many networks; this is OK. Various rules exist for choosing one of multiple routes, and network engineers spend a lot of time tweaking them to get things *just right*. Three things are not OK - you must never announce someone else's route unless they announce it to you, you must never announce an address that isn't globally unique, and a route must never form a loop. Announcements, once made, can either be withdrawn, or they can expire after a pre-set period of time.

OK, techie readers can start reading again. With this in mind, you should know that any router that has a full routing table knows where everyone else is and who's reachable; if someone loses all connectivity, the Internet will know at the latest when the announcement expires and they disappear. So, if you're as smart as the people at Renesys, you know that Iran is not disconnected from the Internet because they're still sending BGP announcements to the world. In fact, Iran wasn't in the top 10 countries by lost networks. Neither did Stanford's Confluence project notice anything.

But but but but! Wasn't it the USS Jimmy Carter? The special submarine that can go down and fiddle with them? Eh? Eh?

Well, the Carter is a very special boat; but one thing she is not is a time machine, so there was no way she could have cut two cables off Alexandria and then another in the Strait of Hormuz in two days. Or perhaps she is? Powered by the Holly Hop Drive, like enough. Or...was it Al-Qa'ida? Or the Russians? Or the Chinese? Or the Canadian Menace?

Unlikely; think of the co-ordination implied by getting ships to the right places unnoticed. And it wouldn't be enough just to randomly drop the hook - the chances of nailing all three seem pathetic without using divers. And here we are parting company with the realities of conspiracy. Further, various governments have or could get the capability to fiddle with cables, probably by chartering a cable ship; realistically, though, doing more than one at a time would have been tough as there are only a very few cable ships in the world. (Here's FLAG's estimated times to repair; note that they have to wait for one ship to finish another job.)

But but but but but! Isn't it incredibly unlikely for something like this to happen? Well, it doesn't happen every day, put it like that. It does happen every day on land, though; people are always putting pneumatic drills and diggers and stuff through telecoms equipment. Anyway, this is a logical fallacy; it's like the smartarse who claims they carry a bomb every time they get on a plane, because the chance of there being two bombs is tiny. You can't add up independent probabilities; damage to a cable off Alexandria doesn't somehow protect cables elsewhere.

Further, when was the last time four major submarine cables were severed? Well, not much more than a year ago, after an earthquake in the Taiwan Strait; it took weeks to fix. So what is going on?

The short answer is Lord Fisher's; five strategic keys lock up the world, Dover, Gibraltar, Suez, Singapore, and Cape Town. He was of course talking ships, but the same geography and economics work for cables; it's actually easier to lay cable at sea (no land to buy; no backhoes; no interfering nosey parkers), so cables go there. Once you're at sea, of course, the geography will tend to make you follow the shipping routes like it makes the ships follow them. And the markets are cities, which are very often ports - so you've got to go to the same places. All of which means that cables pile up in exactly the same places where the ships do, which also tend to be shallow.

Hence both FLAG and SEA-ME-WE3 and 4 follow the old imperial seaway down the Mediterranean, over the Suez isthmus, down the Red Sea, and across the Indian Ocean via Bombay, Colombo, the Malacca Strait (or across the isthmus at Penang for FLAG), into Singapore and Hong Kong. Neal Stephenson wrote wonderfully about the building of FLAG for Wired; all fifty-six pages of it are here, and his remarks on the British Empire, submarine cables, and the role of Kew Gardens as part of the infrastructure of national power are probably unimprovable. Everyone links to that one, though; not so many to Rudyard Kipling's poem about telecoms infrastructure.

SAT3-WASC-SAFE takes the clipper route down the Atlantic, swings round the Cape, and ends up in Singapore as well. Literally dozens of cables run through the narrow seas around Western Europe; another mass of 'em leave the western UK and Brittany, and head through the South-Western Approaches on the great circle route to North America. Southern Cross takes the same route as the 1920s British Cable from Canada to New Zealand, in order to link Australia and New Zealand with, well, everyone else.

The Guardian atoned for writing a really awful article - they confused routers with DNS servers, and appeared ignorant of the existence of national roots or of the huge developments since the 1990s in DNS resilience (F-Root is actually 40-odd physical machines using anycasting, under which any one of them responds to requests for f.root-servers.net and the first to answer handles the query) - by paying the money to the good folks at Telegeography to use their fantastic cable maps. These are one of those things that usually I can enjoy because it's my job and you can't, but the Grauniad has made the map publically available: and here it is. Get the picture, as they say. If you still think this is Teh War With Iran, by the way, you might want to check out this map from TAE.

However, that map is like the Tube map; it links the landing stations, but doesn't show exact routes, which are tightly held information. But this blog gives you more; here's a chart (PDF) of the cables in the South-West Approaches prepared for fishermen, in a hopeless bid to keep them from dragging nets across the wires. You'll notice that there are a hell of a lot, they cross each other frequently, and they often get broken and repaired. You'll also notice that the realities of geography don't change - the Soviet General Staff used to call them the permanently operating factors.

Update: A six-tonne anchor has been found at the scene of the crime.

Update Update: Earl Zmijewski at Renesys blogs further and more.
I'm going to start with a word of caution: this will be the most technical of our discussions so far.
You say that like it's a bad thing. Seriously, the Renesys team rarely update their blog, but when they do every bit is choice. Read the whole thing. Me, I reckon the squid are building an internetwork down there and they're doing an experiment on ours to find out how it works.

3 comments:

Jim Lippard said...

It's nice to encounter an island of rational commentary in a sea of idiocy on this subject. I've added a link to your post from my commentary on the submarine cable issues (not all of which appear to be cuts).

Alex said...

Jim, something called fbvibes.com that your blog loads in the sidebar is down, and it's preventing the content div from loading.

The Great Simpleton said...

Good post, you've made a techy subkect quite clear.

BTW, I can never get your RSS link to work although your atom feed appears to work.

kostenloser Counter