Why Russia’s “disconnection” from the Internet isn’t amounting to much

Cartoon padlock and broken glass superimposed on a Russian flag.reader comments

8 with 7 posters participating

Rumors of Russian Internet services degrading have been greatly exaggerated, despite unprecedented announcements recently from two of the world’s biggest backbone providers that they were exiting the country following its invasion of Ukraine.

Just as ISPs provide links connecting individuals or organizations to the Internet, backbone services are the service providers that connect ISPs in one part of the world with those elsewhere. These so-called transit providers route massive amounts of traffic from one ISP or backbone to another. Earlier this week Russian ISPs saw the exit of two of their biggest providers. One was Lumen, the top Internet transit provider to Russia. The other was Cogent, one of the biggest Internet backbone carriers in the world.

Still kicking

A transit provider disconnecting its customers in a country as big as Russia has never happened before, Doug Madori, the director of Internet analysis at network analytics company Kentik, said earlier this week. He and others said the move would constrain the overall amount of bandwidth coming into and out of Russia.

“This reduction in bandwidth may lead to congestion as the remaining international carriers try to pick up the slack,” he added. Some people predicted Russia might even find itself effectively severed from the global Internet.

But so far, that hasn’t happened, researchers from network intelligence firm ThousandEyes said on Friday. Network metrics show that connectivity continues as it has historically.

There are several reasons for this. One is that the exit of a single transit provider from a country the size of Russia—or two in this case—doesn’t have enough of an impact to degrade overall service. Another reason is that both Lumen and Cogent continue to provide transit services to the outposts of major Russian ISPs as long as those outposts aren’t located inside Russia.

Traffic originating in Atlanta, Georgia, transits through Cogent to JSC Rostelecom (AS 12389) at a peering point in Frankfurt on March 7, 2022.

Enlarge / Traffic originating in Atlanta, Georgia, transits through Cogent to JSC Rostelecom (AS 12389) at a peering point in Frankfurt on March 7, 2022.
ThousandEyes

Traffic originating in St. Petersburg, Russia, transits through Cogent via CJSC Rascom (AS 20764) at a peering point in Copenhagen, Denmark, on March 7, 2022.

Enlarge / Traffic originating in St. Petersburg, Russia, transits through Cogent via CJSC Rascom (AS 20764) at a peering point in Copenhagen, Denmark, on March 7, 2022.
ThousandEyes

Bi-directional traffic between Moscow and Atlanta, Georgia, transiting through Cogent and CJSC Rascom, who are peering in Stockholm and Copenhagen.

Enlarge / Bi-directional traffic between Moscow and Atlanta, Georgia, transiting through Cogent and CJSC Rascom, who are peering in Stockholm and Copenhagen.
ThousandEyes

The researchers also showed how both Cogent and Lumen (referred to by its former name Level 3 by ThousandEyes) continue to supply bandwidth courtesy of a border gateway protocol announcement by JSC Rostelecom advertising routes from one of its Russian ISP customers, RSNET (AS 8291), to Cogent, Lumen, and TeliaNet.

JSC Rostelecom advertising routes from one of its Russian ISP customers, RSNET (AS 8291), to its global transit peers Cogent, Level 3, and TeliaNet on March 8, 2022.

Enlarge / JSC Rostelecom advertising routes from one of its Russian ISP customers, RSNET (AS 8291), to its global transit peers Cogent, Level 3, and TeliaNet on March 8, 2022.
ThousandEyes

“Much has been speculated recently about their potential role in disconnecting Russia from the rest of the global Internet,” the researchers added, referring to Cogent and Lumen. “However, Russia’s connection to the rest of the world via these vital networks remains intact, with major Russian ISPs, such as JSC Rostelecom, continuing to peer with global transit providers outside of Russia, just as they did long before recent events. As a result, the Russian people continue to have access to the global Internet—at least at an infrastructure level.”

told CNN on Friday that they were trying to balance the need to prevent their networks from carrying cyberattacks backed by Russia with their convictions for a free and open Internet. Cogent’s CEO told the news network that his company had limited its action to around 25 customers incorporated in Russia and directly on Russian networks. Russian businesses that rely on Cogent’s network outside the country through non-Russian state providers remain unaffected.

“We felt that the downside of having the possibility that these connections could be used offensively outweighed the negative of terminating some services,” Cogent CEO Dave Schaeffer said.

Lumen cited a similar rationale for its limited move.

“We decided to disconnect the network due to increased security risk inside Russia,” Mark Molzen, the company’s global issues director, told CNN. “We have not yet experienced network disruptions, but given the increasingly uncertain environment and the heightened risk of state action, we took this move to ensure the security of our and our customers’ networks, as well as the ongoing integrity of the global Internet.”

The ThousandEyes post was published before the London Internet Exchange—one of the Internet’s biggest exchanges for networks around the world to swap or “peer” traffic with each other—would stop routing for Rostelecom and MegaFon, Russia’s No. 2 mobile phone operator and a top ISP. It’s not clear how that termination will affect transit service for the country.

ThousandEyes said that while wholesale traffic going into and out of Russia is currently normal, traffic to select Russian sites—both from inside and outside the country—was spotty. Much of the disruption—coming in the form of dropped traffic that often reached a 100-percent loss of packets—was the result of distributed denial-of-service attacks or attempts by Russian networks to fend off the attacks.

“Russian sites have also shown evidence of distressed network conditions indicative of DDoS attacks, as well as behavior consistent with route filtering, firewalling of traffic and, in some cases, cloud-based DDoS mitigation,” company researchers wrote. “The latter blocking mechanisms have predominantly impacted users external to Russia.”

Article Tags:
Article Categories:
Technology