Geekly Articles each Day
📜 ⬆️ ⬇️

“Isolating the Internet is much easier and cheaper than ensuring its operation in case of external blocking”

Interview with an expert from the largest telecom operator on the law on the isolation of Runet


To find out what the consequences of the recently adopted law on isolation of the RuNet will be, we (the authors of the “Russia 404” project ) talked with Yuri, the head of the technical services department for clients of the Big Four operator (the name was changed at the request of the interlocutor).


the main thing



Is it possible to implement a project to isolate the Runet?


Strictly speaking, now there are not even approximate requirements for its implementation, not to mention the possibility of implementation itself. Of course, any implementation will require changes in the infrastructure, the introduction of new capacities, the launch of global Internet nodes, for example, completely autonomous management of domain names, if it comes to that.


What is technically feasible for the law to take effect?


The simplest and at the same time significant measure of change is the adjustment of traffic routing rules at border routers. Border routers are nodes that come to channels from other countries, thus giving us connectivity to the whole world. If we prohibit the reception and transmission of traffic through foreign channels, traffic will only go inside Russia. For Internet users, it will take a post-apocalyptic view, but technically the task will be completed.


How much can it cost in terms and time to build an analogue of the Chinese firewall "Golden Shield" - filters for cross-border traffic? Does this fit into the announced budget of 30 billion rubles? What equipment and software are needed?


At the moment, we do not know how exactly “sovereignty” will be ensured. The Chinese firewall model involves the use of several technical solutions simultaneously: filtering traffic by IP addresses, DPI (Deep Packet Inspection), replacing DNS requests and responses, and prohibiting VPN tunnels. Technically, we are currently only available filtering by IP-addresses, but, obviously, it will not be enough to implement all measures.


DPI operators now have far from all telecom operators, and even those able to analyze only a small part of the traffic. A large operator is more than 1 terabit of traffic per second, and for a continuous analysis of such traffic, serious DPI infrastructure is required. Now DPI for operators is primarily a tool for collecting marketing data about customers, so there is more than enough current capacity to solve commercial problems.


The ban on VPN services and DNS records is now actually implemented; it works, as we know, with varying success. At the same time, we must not forget that the Chinese firewall is openly positioned as a means of restriction and control, while the law on the sovereign Internet is designed to ensure “stable and uninterrupted operation of the Internet” in Russia. Isolating the Internet is much easier and cheaper than ensuring its operation in case of blocking from the outside.


Is there a decision now on what exactly will be done by the 1st of November or later?


For now, it is clear that we are talking about the implementation of traffic routing rules established by Roskomnadzor and a certain registry of traffic exchange points. In addition, the law states that telecommunications operators need to use approved software for resolving domain names and the national domain name system. What kind of software and hardware and what a national domain name system is still unknown.


Whose resources can be involved in the implementation in terms of production and supply of software and equipment?


Probably, as in the case of the “Spring Law”, domestic suppliers of equipment and software will appear. All this will become clear when the operators and the Ministry of Communications approach the technical implementation. It is not yet clear what to produce.


Does this project have a rationale in terms of information security? Can such a project make Runet more cyber-safe? After all, it is impossible to make the Internet 100 per cent domestic — almost all the well-known computer hardware and software are not produced in Russia.


Again, it all depends on what problem is being solved. If the goal is to isolate the Russian segment of the Internet, everything is more than realistic - this is a model of China; they do not claim complete autonomy. After all, technically in China, the Internet works in full, but access to resources is already limited within the country. To do this, it is not necessary to reinvent all software and equipment: it is enough to restrict access to knowledge flows, while retaining access to technical information (updates, service data of various services, etc.).


If the task is to preserve the work of the Internet when trying to block it from the outside, then we must assume that blocking the Internet will not be the only measure or even the most significant one. It will require full technological autonomy, which is now available only in the United States. Recall the story of last year, when US sanctions against the Chinese ZTE at one point actually bankrupted one of the largest telecom equipment manufacturers. It was enough just to prohibit Qualcomm and Google from selling ZTE mobile processors and licenses for Android. It’s possible to fantasize about what will happen if such sanctions are imposed on all Russian companies.


What should ordinary users be prepared for? Why be ready for Russian and foreign IT-companies and those who are engaged in online commerce?


Generally speaking, the law under discussion does not imply any immediate changes in the work of the network - it describes measures that will allow making these changes quickly. How and under what conditions this law will be applied is difficult to say now. Most likely, there will be a repetition of the history of April-May 2018, when Telegram was actively blocked, but with a very large scale.


Foreign resources and services will stop working, including technical modules (libraries) used for the operation of Russian sites. The main burden in this case will fall not even on the operators, but on the Russian business, which will be without the ability to carry out its operations and it will have to adapt to the new conditions. For example, a huge number of Russian sites “break down” due to the fact that modules (libraries, styles, frameworks) placed on the resources of the producers of these modules were used for their work - naturally abroad.


A large number of sites of Western companies will simply become unavailable because they are located at sites of large western cloud providers (Cloudflare, Google, Amazon, DigitalOcean, Microsoft). By the way, many Russian sites are being placed there now, which, of course, will move to Russian servers, but this will take time. As a result, only Russian sites will continue to operate, which constitute less than 10% of all tools and services that we use regularly.


Your personal forecast in this direction for the next 25 years?


It must be admitted that the Internet is becoming more regulated and we are not the first in this sense. There are mechanisms similar to Roskomnadzor in Australia, the United Kingdom and many other Western countries, not to mention the Arab ones. Motives everywhere are the most noble ones - protection of the interests of citizens or even the very freedom of speech. I think that technically more control mechanisms will appear, but how they will be used will depend on the geopolitical situation in each individual country, and generally in the world.


- Nick McFly, Evgeny Kudashev


')

Source: https://habr.com/ru/post/450736/

More articles:


All Articles