Deploy360 21 December 2012

ENISA Report: Resilience of the Internet Interconnection Ecosystem

Seeking to understand routing resiliency and routing security? In this April 2011 report, “Inter-X: Resilience of the Internet Interconnection Ecosystem
“, the European Network and Information Security Agency (ENISA) provides an extremely thorough understanding of the complex ecosystem of connections between networks.

This document is highly recommended to anyone looking to understand how the Internet operates – and where there are opportunities for improvement.

As noted on the introductory web page, the study:

…looks at the resilience of the Internet interconnection ecosystem. The Internet is a network of networks, and the interconnection ecosystem is the collection of layered systems that holds it together. The interconnection ecosystem is the core of the Internet, providing the basic function of reaching anywhere from everywhere.

where “resilience” is defined as:

the ability to provide and maintain an acceptable level of service in the face of various faults and challenges to normal operation.

The comprehensive study outlines the challenges to both measuring the infrastructure of the Internet and to understanding the resilience of the network.  A key point is:

There may well not be an immediate cause for concern about the resilience of the Internet interconnection ecosystem, but there is cause for concern about the lack of good information about how it works and how well it might work if something went very badly wrong.

The report sets out to capture a good bit of that information and to lay out recommendations about how further work may be undertaken.  The document is available in two versions:

  • a 31-page “Executive Summary” report (PDF) that presents the major findings and recommendations and provides a decent tutorial into the issues and challenges.
  • a 239-page “Full” report (PDF) that goes into great detail about the “state of the art” with regard to routing and Internet interconnections, includes a section about how the report was developed and then includes a lengthy bibliography that is very useful in and of itself.

While originating in Europe, the document and its recommendations are globally applicable.

For a taste of the document, here is the table of contents of the Executive Summary report:

1 Summary

  • 1.1 Scale and Complexity
  • 1.2 The Nature of Resilience
  • 1.3 The Lack of Information
  • 1.4 Resilience and Efficiency
  • 1.5 Resilience and Equipment
  • 1.6 Service Level Agreements (SLAs) and ‘Best Efforts’
  • 1.7 Reachability, Traffic and Performance
  • 1.8 Is Transit a Viable Business?
  • 1.9 The Rise of the Content Delivery Networks
  • 1.10 The “Insecurity” of BGP
  • 1.11 Cyber Exercises on Interconnection Resilience
  • 1.12 The “Tragedy of the Commons”
  • 1.13 Regulation

2 Recommendations

  • Incident Investigation
  • Data Collection of Network Performance Measurements
  • Research into Resilience Metrics and Measurement Frameworks
  • Development and Deployment of Secure Inter‐domain Routing
  • Research into AS Incentives that Improve Resilience
  • Promotion and Sharing of Good Practice on Internet Interconnections
  • Independent Testing of Equipment and Protocols
  • Conduct Regular Cyber Exercises on the Interconnection
  • Infrastructure
  • Transit Market Failure
  • Traffic Prioritisation
  • Greater Transparency – Towards a Resilience Certification Scheme

More information about the report can be found on the ENISA web site.

,

Related Resources

Deploy360 1 March 2019

DNS Privacy Frequently Asked Questions (FAQ)

Almost every time we use an Internet application, it starts with a Domain Name System (DNS) transaction to map...

Deploy360 1 March 2019

IPv6 Security for IPv4 Engineers

This document provides an overview of IPv6 security that is specifically aimed at IPv4 engineers and operators. Rather than...

Deploy360 27 February 2019

Introduction to DNS Privacy

Abstract Almost every time we use an Internet application, it starts with a Domain Name System (DNS) transaction to...