Disconnect from the internet.
The news (which MUST come because warring nations do NOT share crucial infrastructure) that Russia is planning to disconnect from the Internet came yesterday, and I saw some "explanations" that were ridiculous.
First, DNS has little to do with it. Many services that can be used to transfer propaganda material (ex: Torrent) do not use them because they have their own DHT. They wouldn't stop things like I2P or Tor. It is therefore unclear how some journalists describe the Russian move as "a departure from the DNS of the rest of the internet".
Sure, if the Russians stopped announcing their ASs on BGP, they wouldn't even be able to use DNS (ca va sans dire), but that doesn't mean they'd get some level of protection from attacks.
What they do is act on the so-called AS, Autonomous Systems.
The geography of the Internet is not made up of countries or names, but of "blocks" of IPs that are assigned by the relevant authorities (in Europe it is RIPE) in order to ensure that they are unique (in short, that two companies / governments do not take possession of the same addresses).
When you want to reach a given IP (after DNS may have told you that it corresponds to your favorite website), someone or something has to calculate a route to that IP. I mean, you are at your home and you have an IP. So now it's a matter of figuring out which road to follow to get to your destination.
"Which road" in the case of the Internet corresponds more or less to "which AS to cross", since between you and the site you want to see there are, in fact, these administrative units: it is like saying that to go from Bologna in Naples you will cross many municipalities.
Yes, but which ones. And on which roads?
There is therefore a method, called BGP, which is also a protocol, with which the AS maps are kept up to date. Some particular routers, on board or border, through a system of various types of exchangers, will then represent those "roads" that your traffic (the data you read in the browser, in short) will use to reach its destination.
So, when I have an AS (so I "own" a certain number of IP addresses and I do what I want with it) I just have to "announce" using this protocol that I exist, and that my router that is on the "edge "Of my AS is capable of carrying traffic to my IPs.
That is: "when you arrive in the province of Bologna to get to Casalecchio di Reno you just have to follow the signs". This is a "pretty" good translation of a BGP ad.
At that point some device will have the whole list of these announcements and will be able, as a navigator does, to calculate the next "hop", the next stop, to get to Casalecchio di Reno from Naples.
So again: if all my SAs, let's say all Russian SAs stop declaring their routes, what happens? Eh, it happens that nobody uses them anymore to pass, and it happens that nobody knows how to get there anymore. In short, it happens that Russia is not reachable because there is no “route to host”, it is not possible to know how to get there.
But if the Russian ASs continue to exchange these announcements among themselves, the Russians will be able to communicate with each other: they simply will not be able to communicate with the outside because even if their packet reaches its destination the answer would not know how to go back.
So the Russians have built a set of ASs that can survive without problems and be detached, and they have ordered anyone with a website to put it in this "zone", because when they stop announcing it the rest of the world won't be able to anymore. getting there.
Obviously, in addition to stop with the ads (which is more or less equivalent to removing the maps from all navigators) then they also put firewalls on us, that is, they cut the bridges.
But this has little to do with DNS. Moreover, since they are losing the cyberwar (you cannot win a cyberwar against the nations that produce your electronic equipment and your computers), their problem is that they are not reachable: but the DNS does not determine the reachability of an IP, he facilitates it by giving it a name.
Why did I write that if they disconnect the Russians will never come back?
Because they haven't assigned a lot of IPs, but together with the disconnection comes the "invitation" to Russian companies to use only RuNet as a place for their servers. However, if all the Russian companies that now use the various clouds return home, the Russians will soon need new IP blocks (which are already in short supply).
They can get them from two NRO members
- asking them to RIPE (who is European)
- asking APNIC to serve them (now they are under the RIPE)
It is not said that APNIC accepts, it is not said that in the future RIPE will accept (it depends on the level of hostility) and the unilateral disconnection is not even in the policy, so the RIPE could also, after some time, consider the IPs available Russians.
In short, the Russians will be very tempted to assign public IPs by themselves. Once this is done, they will no longer be able to reconnect.
Public addresses, in fact, are assigned in such a way as to be unique. And the reason is simple: imagine you are sending a letter, and imagine that in France there is a person who has exactly your address. At this point it would be very difficult for the postman to understand where to deliver the letter.
Once the public addresses have been duplicated, that is, re-integrating with the rest of the network is very complicated, at least it is necessary to free them on at least one side.
The second possibility is that if Russia completely disconnects by creating a "national intranet", RIPE will consider those ASs free. Again, after distributing addresses here and there, it would not be possible for Russia to go back.
IPv6 would be a possibility, but the level of adoption in Russia is still too low, and not even the rest of the world shines. .)
This is the reason why I say that if the Russians leave the internet, as they announced, they will probably never come back: resisting the temptation (or the need) to duplicate IPs will be almost impossible, in the medium and long term. period.