How did Egypt cut the Internet?

Telegegraphy/primetrica, inChildrporation.(http: // www.TelegeGraphy.From Com/Product-Info/Map_cable/)

It is reported that Egypt has cut the Internet Childnnection."Country Code Top Level Domain: Country Code Top Level Domain) of the Egyptian Arab Republic".The site of the EG domain can hardly be Childnnected, like Cairo International Airport,.Even in the COM domain, the server cannot be Childnnected to a site that seems to be in Egypt.On the other hand, it is not accessible to sites opened by the Egyptian GOVernment, such as the Egyptian Portal and the Egyptian Tourism Agency.In order to maintain domestic order, it is not limited to the Internet Childnnection, but it seems that the entire Egyptian network has been separated from the Internet.So how did Egypt leave the Internet?

Amazon.Child.Purchase at JP

The basics of the network are to think on a layer.In the Mook "Books to Understand the Books of Network" published by the Web Professional Editorial Department the other day, the "TCP/IP Basic Course" at the beginning of the book introduces the OSI reference model (7 -hierarchy model) and the 4 -hierarchy model of TCP/IP.There is.Let's consider how one country leaves the Internet, not just Egypt.

1.Cut the cable

The lowest layer of the seven -layer model is the "physical layer". In the physical layer, the shape of the signal and connector is defined, and even devices between different manufacturers can be communicated by design and manufactured according to the physical layer standard. When viewed in a physical layer, the Internet is a collection of inter -base communications connected by overhead wiring cables, buried cables, and submarine cables, and does not work if the cable is cut off. In the case of Egypt, there is a landing base for the Umin Cable that leads to the European continent via the Mediterranean to the European continent and the Red Sea in the second largest city of Egypt. In 2008 and 2009, the cable was cut off in quick succession, and there was an "accident" from Europe that the Internet in West Asia became unstable. Looking at the map of the seabed cable, you can see that the Egyptian (Suezu Canal) is exactly a key point of communication between Africa, Europe and Asia.

However, even though Egypt left the Internet, there was no difficulty in communication between Europe and West Asia.It seems that it is not a physical layer method such as cutting the cable.

2.Limit IP addresses

The third layer from the bottom of the seven -layer model is a "network layer".The network layer is the area in charge of the protocol that realizes communication between networks, and the IP is equivalent to the Internet (TCP/IP).

On the Internet, use the IP address to specify the sender and destination of the packet.IPv4 IP addresses have been assigned to companies involved in early Internet, ministries and organizations related to the United States GOVernment, and network management organizations (North America, South America, Asia, Africa) in five continents around the world.ing.The IP address of Egypt is the IP address assigned to AFRINIC (Internet Assigned Numbers Authority) 217..52.0.0 to 217.55.255.It seems that 65 blocks and more than 5.7 million are allocated, including 255.However, IP addresses may be assigned to companies other than network management organizations.The IP address can distinguish communications with abroad, but there is no "complete list" of the IP address used in Egypt, and the order of Egyptian authorities to block communication based on a list of IP addresses in Japan.Is difficult to put out.In particular, this time, after midnight on January 28, local time, the communication to Egypt was cut off at the same time, so it is thought that the authorities have issued a blockage measures against ISP the morning of the previous day.It is said that filtering based on the IP address is over time.

3.Regulating routing protocols

インターネットを形成するネットワーク同士で、あるパケットを送信するにはどのネットワークを通るのが近道なのかを決める仕組みをルーティング（経路制御）といい、ルーティングの単位となるISPや大企業のネットワークを「AS（Autonomous System：自律システム）」と呼ぶ。AS同士の経路情報の交換には、BGP（Border Gateway ProtoChildl）と呼ばれるルーティングプロトコルが使われる。

Routing protocols such as BGP are positioned in the auxiliary protocol of the network layer, but the server (the routing table management function with a built -in router) that operates the BGP may operate in the application layer.It is the cut of BGP that Egypt is considered to be a major way to leave the Internet, but the method is different depending on whether the BGP is regarded as an auxiliary protocol for the network layer or a BGP server that operates in the application layer.

If the BGP is regarded as an auxiliary protocol for the network layer, if the ISP filters the "advertisement" message used by the BGP to exchange route information, the individual network will be cut. Since the BGP advertisement message uses TCP port 179, if one ISP blocks the communication of the TCP port 179, the route information will not be able to exchange, and basically you can communicate only in the ISP where you are joining. It disappears. Until January 27, Egypt had 2903 networks and 52 ISPs, but only 327 networks and 26 ISPs were observed on the 28th. Easy but the effect is enormous. However, this method will not be able to exchange route information in Egypt. The Internet situation in Egypt has not been transmitted so much, so it cannot be confirmed at this time, but the economy has developed like Egypt, and the Internet -dependent society is too great.

On the other hand, when BGP is regarded as a BGP server that operates in the application layer, there are two ways to leave the Internet.One is to turn off the BGP server (router) or pull out the cable.Easy and effective, but also large.The other is to rewrite the setting information of the BGP server and limit the person who replaces the route information.If the authorities have only 26 ISPs, one day is enough to change the settings so that they do not exchange route information only for BGP servers outside the country.Moreover, in Egyptian domestic Internet, the Internet is limited but can be used.

4.It hinders DNS exchanges

www.egypt.GOV.To access EG, you must convert the domain name to an IP address.DNS (Domain Name System), a name resolution system used in the Internet, is a protocol that belongs to the application layer in the TCP/IP four -level model.There are 13 route servers in the world, from A to M.Childmや.It is managed by a DNS server that is in charge of the domain name called TLD (Top Level Domain), such as JP, and is managed by a hierarchical structure in charge of the DNS server in charge of the subdomain.

If the TCP and UDP port 53 used for the exchanges of DNS are cut off or rewritten with meaningless response, the e -mail address and URL that depend on DNS will not be available.Although the name cannot be resolved by DNS, the server can only be specified with the IP address, but the regulation method is not enough, and it is unlikely that DNS filtering will be used as a way to leave the Internet.

In addition, there are only 13 route servers that were actually installed in the United States and Japan, and the countries that recently participated in the Internet, like Egypt, use the Internet by relying on route servers in other countries. Was. Therefore, it seems that DNS itself cannot be used if the DNS packet cannot go out to other countries due to filtering the IP address or cutting the BGP. However, recently, route servers have been distributed using the technology called IP ANYCAST to deal with the increase in traffic on the Internet. Egypt has a duplication of F and J's root servers managed by Internet Systems Constructions and Verisign, and DNS continues to operate even if domestic and foreign communication is cut off. If Egypt leaves the Internet, if the domestic route server is functioning, DNS will continue to work and it will be in a domestic site without any problems. By the way, F, I, and J -route servers were installed in China, but I have responded to a daunting IP address for inquiries about domain names such as Facebook and Twitter.

■ Reference site