[Outages-discussion] Hypothetical: isolating a single AS from the world?

Matthew Petach matt at petach.org
Mon Apr 25 19:10:25 EDT 2022


All it takes, technically, is for peers to stop accepting prefixes from
that ASN, whether by policy changes, or termination of the BGP neighbor
relationship.

The challenge is coordinating multiple players to do it at the same time.
It doesn't work if I do it today, you do it tomorrow, a third peer does it
the day after; the internet just routes around sub-optimal pathing in the
meantime.

The only thing an ASN can do to stop it is to wave money at a transit
provider, and say "hey, I'm giving you money, make sure my prefixes
propagate out as far as you can send them."

The Internet works through collective good will and contracts backed by
money.
If at any point, you've done enough bad things that *nobody* wants to
connect to you for any amount of money, you don't exist on the Internet
anymore.

Until that point, it's just an exercise in sub-optimal routing.

The legal aspect only comes into play when you try to convince multiple
commercial providers to act in concert to enforce a single policy with
respect to the target network.
The Sherman Act in the US, for example, explicitly forbids this: ""[e]very
contract, combination in the form of trust or otherwise, or conspiracy, in
restraint of trade or commerce." This targets two or more distinct
enterprises acting together in a way that harms third parties." --
https://en.wikipedia.org/wiki/United_States_antitrust_law#Cartels_and_collusion

As long as every other BGP speaking entity comes to the decision
*independently*, there's no legal edict against it.
It's just that it's very unlikely every BGP neighbor will come to that same
decision at the same time, resulting in the complete disconnection of the
target network from the rest of the Internet.
And once you try to coordinate a date on which everyone will take
action...you've crossed the legal line into illegal restraint of trade.

So...technically easy.   Legally, very tough to do in a technically
effective manner.

Matt



On Mon, Apr 25, 2022 at 3:22 PM Chapman, Brad (NBCUniversal) <
Brad.Chapman at nbcuni.com> wrote:

> Hello Outages-Discussion,
>
>
>
> As a hypothetical exercise, what would it take—technically, legally, or
> otherwise—to disconnect a single autonomous system from the rest of the
> world for "disruptive activity" originating from that entity, and is such
> disconnection allowed under certain cases, like cyberattacks, terrorism, or
> threats of the same?
>
>
>
> And what could said entity do—technically, legally, or otherwise—to stop
> the withdrawal of routes connecting to it?
>
>
>
> Do existing telecommunications laws in Western Europe and the US generally
> *require* the free and open connection of autonomous systems regardless
> of what is transmitted across them?  The FCC Net Neutrality rules are the
> closest legal framework I could find.
>
>
>
> The example I had in mind for today is AS13414
> <https://bgp.he.net/AS13414>.
>
>
>
> Would love to hear everyone's thoughts on this and if it's ever been done
> before.
>
>
>
> Cheers,
>
> Brad
> _______________________________________________
> Outages-discussion mailing list
> Outages-discussion at outages.org
> https://puck.nether.net/mailman/listinfo/outages-discussion
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://puck.nether.net/pipermail/outages-discussion/attachments/20220425/719687fb/attachment.htm>


More information about the Outages-discussion mailing list