Networking

01:00 AM
Russ White
Russ White
Commentary
Connect Directly
Twitter
RSS
E-Mail
50%
50%

Turkey’s Twitter Shoot: Lessons Learned

Network engineers can gain insight into resilience, indirection techniques like NAT, and Internet governance from Turkey officials' none-too-successful attempt to shut down the popular messaging service.

In March, the nation of Turkey attempted to shut Twitter down within the country. There are several lessons network engineers should glean from Turkey’s efforts to shut down a single service, including lessons on resilience, indirection, and the interaction between Internet governance and the technology decisions engineers make when designing protocols and networks.

First -- because of resilience -- it’s become very difficult to turn off “one service” on the Internet. Turkey tried to shut down Twitter by blocking access to Twitter’s DNS records. Using DNS to block access to a service isn’t very effective, though; it’s easy enough to switch to a public DNS server, such as those run by Google, thus restoring any services rendered unreachable through this sort of blocking.

Let’s assume, though, that Turkey had decided to block the IP addresses of Twitter servers rather than the DNS records. Would this have worked? Probably not. Just about any service can be deployed across a number of different IP addresses, even changing IP addresses on a periodic basis to make it difficult to find and block each individual instance of the service. Putting the service behind a large-scale network address translator (NAT), would make it virtually impossible to block without blocking a large number of sites that are “innocent bystanders.”

Indirection such as NAT is often considered a very bad thing in network and protocol design and engineering. If we had a truly “transparent” Internet, where every person or service had to be identified before sending traffic, we’d certainly have a lot less spam. But without the indirections, Twitter service could not have been restored to people living in Turkey.

So the first lesson is this: To block any particular service, you almost have to block the entire Internet. IP networks are just too good at routing around blocked paths or dealing with mapping information being removed from one source. Resilience is a two-edged sword -- individual services are much more reliable, but they’re also much harder to block or otherwise shut down.

Second, this level of resilience comes with another sort of cost in terms of security. DNS servers are often used to reflect or amplify denial-of-service attacks specifically because of the resilience built into the DNS system as a whole. Are we potentially facing another version of the CAP theorem? Just as a database cannot be made to be consistent, available, and partitionable all at the same time, maybe network protocols cannot be resilient, reliable, and secure all at the same time.

Finally, while we sit outside Turkey, smugly condemning an attempt to block Twitter, "free speech zones" are becoming increasingly common in the US. Free speech isn’t just about technology. It’s also about accepting that you’re not going to agree with anyone all of the time -- and, in fact, you might just find what they say offensive. This is perhaps a little more of a personal lesson, but as engineers we need to realize that, while we can’t anticipate all the potential consequences of every decision we make, there is still some interaction between the technical world and the political one.

Engineering decisions have social outcomes as well as technical ones. It’s important to remain as neutral as possible, providing technology for a narrow set of requirements at hand, but it’s also important to get our heads out of the technology sandbox and try to come to terms with the real-world implications of what we’re building from time to time.

Russ White is a Principal Engineer in the IPOS team at Ericsson. He has worked in routing protocols and routed network design for the last 15 years. Russ has spoken at Cisco Live, Interop, LACNOG, and other global industry venues, is actively involved in the IETF and the ... View Full Bio
Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
OrhanErgun
50%
50%
OrhanErgun,
User Rank: Apprentice
4/30/2014 | 3:27:12 AM
Twitter War !
Hi Russ,

Thanks for mentioning about Turkey and I am sure you are also against to Twitter or another social media to be blocked. Which steps Turkey government took for this event and what people actually did after government decision can be found at my packet packet pushers article which I shared the link below. I believe there are also lessons to be learned from the security point of view. Twitter block opened the door for the hackers and even now there are some story about it.

http://packetpushers.net/twitter-war/
Cartoon
Hot Topics
6
IT Certification's Top 10 Benefits
Global Knowledge, Global Knowledge,  8/20/2014
1
Why Large Data Centers Need Overlay Networks
Cisco Press, Publishing Alliance,  8/21/2014
White Papers
Register for Network Computing Newsletters
Current Issue
2014 Private Cloud Survey
2014 Private Cloud Survey
Respondents are on a roll: 53% brought their private clouds from concept to production in less than one year, and 60% ­extend their clouds across multiple datacenters. But expertise is scarce, with 51% saying acquiring skilled employees is a roadblock.
Video
Slideshows
Twitter Feed