Article

The Splinternet – what it is, how it works and why it’s bad

Dr. Thomas King, CTO DE-CIX
May 2022

In times of global upheaval, there are often moves from within and outside of countries to disconnect certain areas from the Internet – either as a mechanism for oppression or as a form of sanctioning. When action of this kind is taken, it results in a splintering of the open, global Internet infrastructure and impacts the use of the Internet for everyone. This concept is known as the “Splinternet”. To understand the Splinternet and its impact on global information flows, it is first necessary to understand the Internet itself.

The Internet is – as the name suggests – a network of networks. Typically, the Googles, Facebooks, and telecom companies of the world each operate their own computer networks – much like we do at home, with our router and WiFi network, but much, much bigger. There are around 65,000 different networks in the world, and examples of these include:

  • Internet service providers (ISPs) and telecom companies that provide fixed-line connections to households and companies, as well as mobile operators
  • Content networks, such as social media, video and music streaming and gaming networks
  • Cloud networks, including application providers offering software as a service (e.g. Microsoft 365)
  • e-Commerce platforms and website hosters
  • Long-distance carriers that transport data across and between countries and connect continents, including terrestrial, undersea and satellite networks

These networks are interconnected. That is the “inter” part of the word “Internet”. So the Internet really is, quite simply, a network of networks which are all connected with each other.

The navigation system telling data where to go

By 2023, Cisco forecasts that there will be 3.6 networked devices and connections per person, globally – that means close to 30 billion. With so many devices accessing and sharing data, across 65,000 networks, the question is then: How does the data know where to go? The answer is, each device needs to be connected to a network, like your smartphone is connected to your home WiFi, and these networks need to talk to one another, in order to navigate the data flow to the right destination. The result is that your smartphone can talk to the website, application, cloud resource, or whatever other kind of data or device you want to access and interact with.

To navigate any complex system, there need to be ways of identifying things. For example, if we want to call a particular person, we need to know their phone number. If we want to visit them, we need to know their street, what city or suburb that street is in, and what the house number is.

The Internet also has such identifiers. Firstly, we have domain names (website names like amazon.com). The Domain Name System (DNS) functions like the telephone directory of the Internet. Computers work much better with numbers than with names, while names are easier for people to remember. So, in principle, the networks exchange information from directories which map domain names to what we call IP addresses.

IP addresses, then, are long strings of numbers that identify devices (such as servers, routers, computers, or smartphones) connected to the Internet and describe their position within a network, so that they are findable. An analogy for this would be your street address and house number. So, the IP address already provides a lot of information about how to find the resource you are looking for. But we still need a navigation system to find out how to get there.

Now we come to the networks: They, in turn, are also identified by a unique number, this time called an Autonomous System Number, or ASN. An ASN is a bit like the geographical coordinates for a specific location on a map. It is only because of the ASN that networks can find and interconnect with each other, and data can flow. (However, it may be that a small enterprise network actually makes use of a larger network’s ASN – such as that of the ISP connecting the enterprise to the Internet.)

The ASN is used as a main parameter for what is known as the Border Gateway Protocol (BGP). Basically, BGP is a navigation tool for finding networks on the Internet, like we use Google Maps for finding physical addresses. BGP is a language that enables computers to talk to each other about how to get to a certain destination, such as a website or a cloud. They do this by offering directions to the next network that the data will need to pass through on its way to its destination. This system is not centralized – there is no global map which tells you the best way to get to your destination. Instead, each network passes the data through it – according to a set of policies – and on to neighboring networks, so that the data can continue its journey towards its destination.

To sum up, we have identifiers for networks, and for devices connected to networks. This information is exchanged between networks using BGP, so that data can flow to where it’s meant to go.

How the Internet functions splinternet

Navigating a route across countries and around the world

Now, imagine you are sitting in central Europe (let’s say Germany), and you want to access a website hosted in Brazil. You connect to the Internet using your ISP or your mobile provider, but this network only has connections for your region (perhaps only your city). Your website request needs to pass through your network to a series of other networks, in order to eventually reach the network in Brazil that the website server is connected to. From here, the data from the website will be sent back to your device in central Europe. This is what we call “routing”. This all happens extremely quickly, because firstly, routing decisions are automated within each network, and secondly, data can travel very fast – at the speed of light through fiber-optic cables.

Networks are always kept informed by their neighboring networks about which further networks are reachable via the respective network. Each network has sovereignty over data in its own network. This means that each network decides for itself, based on the information from neighbors, where the data going through that network will go next. A network can influence the routing decision, depending on whether they want to send data via the shortest path (which might be more expensive, if that is a “transit” path), or would prefer it to travel along a longer path that might be cheaper. This means that, in the public Internet, we cannot say for sure what route data will take to get to its destination.

Navigating the Internet across networks, countries, and continents

As an analogy, think of a navigation tool with multiple regional instances – let’s say, one separate map for each country, with each country representing a single network that the data needs to pass through. You send a request from your network in Germany to the website in Brazil. The data will need to travel across Europe, and then across the Atlantic Ocean. It might take a route via the new undersea cable linking Portugal to Brazil (EllaLink), but there’s no guarantee. It might travel via Spain to the US and then head southwards. There are any number of routes it might take between the continents, depending on the policies and decisions of each network along the way. But long before it reaches South America, the data first needs to get across Europe.

To put it simply, each network has its own view of the world, based on the information within the network and the information it is given by neighboring networks. As a result, each network can only give a statement based on this information. If you want to go to Spain, the navigation tool for Germany can tell you that it seems like a good idea to go via France, and to get to France you just take the route XY. However, when you get to France, perhaps the navigation tool for France tells you that, unfortunately, the road heading directly south is blocked because of an accident. Therefore, you will need to take route YZ – it is a detour, but at least the traffic is moving on it.

Now, if one of your neighboring networks is having problems with their connectivity, then there is generally the possibility that the data can take another path, as long as your network is connected to multiple neighboring networks. So, looking at our analogy above, if for some reason all the highways in France are blocked, and this information has been passed on to the German network, then your request might be routed via Switzerland or Austria on its way towards the Atlantic.

And that’s basically how data flows in the Internet. It’s really individual decisions made by networks that talk to each other using BGP to exchange information about how they see the world.

How networks connect – the “inter” in Internet

I mentioned “neighboring networks” above. These are networks that your network is connected with and has a relationship with. Relationships between networks can take various forms, and different networks connect to varying numbers of neighboring networks in different ways.

One way is to use a third-party network, a transit provider, to give your network access to the Internet. It is possible to have a contractual “transit” relationship. In this case, you need a transit agreement with a network which will be responsible for transporting data from your network to the rest of the Internet. This intermediate network transports the traffic for you either directly to the destination network or via their transit partners. Such a transit relationship costs money, because the transit provider needs to make sure its network is big enough to route not only your traffic through it, but also that of all their other transit customers.

However, if your network is only connected to a single transit network, then you are highly vulnerable to communication breakdowns. This happens typically with small ISPs or small hosters – they often just buy transit from just one provider, simply because of the cost of transit. The problem is, if there is a disruption with this transit provider’s network, then your network is no longer available on the Internet.

Another way of connecting to other networks is what is known as “peering”, which is exchanging data traffic on a cost-neutral basis via an Internet Exchange (IX). By putting an Internet Exchange in the middle, you don’t have to manage relations to other networks individually, or pay them to take your data traffic. It’s best to connect to an IX which is geographically close to your network location.

Splinternet highway
An Internet Exchange (IX) is a hub that allows data to flow between networks, similarly to how a highway junction enables the flow of road traffic. Here, the different highways represent the networks, while the cars represent the data packets, which use the junction (IX) to move from one highway to another on their way to their destination. IXs form part of the basic infrastructure of the Internet.

As an example for Central Europe, if you were to peer at a big exchange like DE-CIX Frankfurt, you would be able to reach close to 1,100 other networks directly. In this case, you only need to pay for your access to the exchange, and then you can connect to as many of these networks as you deem necessary. You can also establish several such transfer points – not only one connection in Frankfurt, but perhaps two connections in Frankfurt, and maybe also one in Amsterdam. Then, if there is a disruption somewhere, the other networks you are connected to can make sure that communication continues. We technicians call this use of multiple connections “redundancy”, and we prepare ourselves precisely for the fact that a link can break, a connection can go down, a bulldozer digging up the street can cut a cable accidentally. We want the flow of data traffic to continue undisturbed in such a situation. With such redundancy, the flow does continue, and then no one notices the outage.

Can the Internet go down?

Locally, within a network, it is possible for a disruption to mean that you can’t access services. We’ve all had days where websites load slowly or nothing happens at all. But this is generally a local issue involving one ISP or one transit provider, or perhaps a local data center. However, it’s basically not possible to disconnect a whole country from the Internet, at least not from the outside, and certainly not easily. Of course, there are occasional examples resulting from natural catastrophes. We recently saw a volcanic eruption on Tonga. There were just two submarine cables connecting Tonga to the outside world, and both were destroyed. As a result, the whole island was then disconnected from the Internet. This kind of incident is now the exception rather than the rule, because large countries typically have many independent links to the Internet. Internet service providers that offer Internet to companies or private individuals, for example, have a large number of connections to other networks in other countries.

From inside the country, it’s a different story. If a country decides for itself that it’s not going to allow any more connections to the outside world, the government can initiate a law prohibiting it, then a country can splinter itself off – cut all outside connections and disconnect itself from the Internet. There are several ways of doing this. Specific services can be blocked via DNS blocking – so that particular domain names no longer resolve to the destination being sought. This is a mechanism that some states use for blocking illegal content that is hosted (and potentially legal) in other jurisdictions. However, this is not such an effective mechanism, as it’s easy to get around if you know the IP address of the resource you are looking for. Another mechanism would be for the government to restrict access to the outside world by enforcing the filtering of certain IP addresses, so that Internet service providers in the country are prohibited from passing on data packets unless they come from devices within the country that are permitted to access the Internet. A further possibility is to force the ISPs to remove private customers from the BGP routing (an example of this is North Korea). In this way, authorized devices would still have full access to the Internet, while citizens and other non-government actors would be completely isolated from it.

If a country disconnects itself from the Internet, this impacts neighboring countries in various ways. If content is hosted in the country which is now separating from the Internet, Internet users from outside the country will no longer be able to access this content. Furthermore, Internet traffic being transported internationally typically flows through multiple countries to get to its destination. In the case that a country disconnects itself from the Internet, traffic would need to detour around that country. Users in neighboring countries would perceive this detour as a deterioration of the quality of the Internet connection, such as increased latency times and less bandwidth available.

Why neutrality is important for infrastructure providers

We believe that infrastructure should be available to all. Information should be allowed to flow freely, in the hope that through transparency and access to information, people everywhere can inform themselves and form their own picture of local and global events and situations. Although network operators and digital infrastructure of all kinds need to be subject to their local jurisdictions and law-makers, these law-makers also need to understand the gravity of their decisions. A splintering of the Internet into isolated countries will have a negative impact on the access to information, the performance, and the reliability of Internet connectivity, everywhere, and would, in the long run, destroy the concept of the Internet – an open and technology-neutral reservoir of information, and a tool for interacting with the world.