I am curious from what I know
IANA is responsible for keeping track of and handing out all ranges of ip address you can think of them as the root of control for ip address assignment.
Actually controlling ip address assignment is to big of a task for them to even do so they delegated each of the regions to their RIR
which are http://www.iana.org/numbers
Their are 5 RIR's

AfriNIC Africa Region
APNIC Asia/Pacific Region
ARIN North America Region
LACNIC Latin America and some Caribbean Islands
RIPE NCC Europe, the Middle East, and Central Asia

Questions

1) where is the exact location of the IANA and RIR's ?
2) do they have the dns and whois servers at their location or do they delegate to an offsite or other place to take care of dns and whois queries for them? ( or do they just do it / have the computers/power locally at their site)
3) Do ISP providers like comcast or other major top level ISP go directly to the RIR's or IANA to get their ip address ranges or is their some organization between the IANA/RIR's and the top level ISP that I am not aware of?

 

IP Blocks are sort of like radio frequency bands.

They get auctioned and traded based on how the company that was assigned them is using them. The 12 "root DNS" servers are run by the agencies listed, to keep load on them low, everybody that owns an IP block must provide at least 2 DNS servers (for redundancy), which subscribers access. If that ISP sells a block, the new owner also needs to provide DNS, unless the ISP is nice about it, such as a big fiber contract.

Huge ISPs like Comcast, ATT, Verizon, and large regional carriers will get block directly, the owner of those IPs is responsible for DNS. The numbers are then often resold, I have a small subnet for /28, work has a /28 as well, since NAT w/VPN tunneling reduces the number of actual required addresses a huge deal.

There are many IPs that are also overloaded in reverse, such as GoDaddy, a web server will have a single IP address, but provide different content based on the domain name in the request. Same goes for Blogspot, etc. If each blog server had a static IP with version4, we would have been out a long time ago.

Thins are changing with IP Version 6, which you are better off reading the wiki or RFCs for details, it offers a lot of cool stuff, like encryption, which is something that is done at the application level of the IP stack in Version 4.

The government agencies gave out "blocks", such as Class B or A nets based on what they thought ISPs would need back in the mid 90's, Most of the numbers went to ISPs with the highest bandwidth links to other areas. Verizon has a ton, as do all the telco providers. They either cooperate, or if a small ISP won't share, they'll outright buy that ISP to own the addreesses (Something Comcast has done, anyway). You can get a complete list of who is assigned what IPv4 subnets at geobytes.com

 

There are many IPs that are also overloaded in reverse, such as GoDaddy, a web server will have a single IP address, but provide different content based on the domain name in the request. Same goes for Blogspot, etc. If each blog server had a static IP with version4, we would have been out a long time ago.

I understand that you can have many websites hosted on one computer or domain,...etc
But this is configured thru either the application like the webserver apache , websphere...etc (virtual hosts , virtual domains)
Or thru the router/software via port forwarding.
As well as having two or more DNS record point to the same ip address ,...etc

I get where you where going on this since IPv4 only has 4294967296 minus the reserved address ranges/private address ranges.
And if you could only have one website per ip address we could have exceeded that along time ago as well. I gotcha on this piece!

The 12 "root DNS"

Why "12" top level dns servers and which ones are hosted at the specific different 5 RIR's or is these 12 hosted at the IANA in California , Marina del Rey.

SO I am correct the top level ISP's have to go directly to the IANA/RIR's to get their IP address ?

From what you said up their ...if an ISP provides IP address ranges to a lower level ISP provider must they tell the IANA/RIR's that the new ISP provider is using them.
Or is this just when the new ISP provider wants to buy an IP address range from a bigger ISP provider ? In general I am wondering the policy on sharing and selling IP address ranges when it comes to ISP providers... I am assuming they must provided info so the IANA/RIR's can be up to date on knowing who has what IP address ?

 

IANA only keeps track of who owns the big blocks.

When it comes to tracking to where a physical IP is located, the request filters down through ownership of that block, sometimes as many as 4 levels of ISPs, like the parent company, regional, county, then city that have the IP, the request would come from FBI, sent to corporate of the owner for that block, they contact the city that is assigning that block, and can provide traffic, tap, etc.

The Root Servers are THE final word in which machine hosts which domain. Each "server" is actually a computing cluster. They are geographically isolated as well as isolated on different backbones runs (preferably at a station where two to 3 backbones meet) so in a "worse case" scenario, all DNS requests would be forwarded to the root by ISP DNS, which then caches the result, and hands it out again.

Routing on the backbone is similar. Egypt simply forced all in country ISPs to re-program their BGP (Border Routers/Interface with Internet) to show that all IPs inside Egypt were no longer accessible. Essentially, cut the link through software. Obama had the same thing "installed" in the US, so if people get all uppity, the president can kill all international Internet traffic, and people in the US could only talk to others inside the US, and not be able to see foreign news sites, etc.

 

IANA only keeps track of who owns the big blocks.

When it comes to tracking to where a physical IP is located, the request filters down through ownership of that block, sometimes as many as 4 levels of ISPs, like the parent company, regional, county, then city that have the IP, the request would come from FBI, sent to corporate of the owner for that block, they contact the city that is assigning that block, and can provide traffic, tap, etc.

The Root Servers are THE final word in which machine hosts which domain. Each "server" is actually a computing cluster. They are geographically isolated as well as isolated on different backbones runs (preferably at a station where two to 3 backbones meet) so in a "worse case" scenario, all DNS requests would be forwarded to the root by ISP DNS, which then caches the result, and hands it out again.

Routing on the backbone is similar. Egypt simply forced all in country ISPs to re-program their BGP (Border Routers/Interface with Internet) to show that all IPs inside Egypt were no longer accessible. Essentially, cut the link through software. Obama had the same thing "installed" in the US, so if people get all uppity, the president can kill all international Internet traffic, and people in the US could only talk to others inside the US, and not be able to see foreign news sites, etc.

Is it possible instead of using the DNS that your ISP provider gives out to use a static toplevel one of the 12 dns servers directly for dns look up ?

Question
Cool, I didn't know they cut off a region or section of the world by restricting BGP and asn stuff. I thought they had to like go physically to all the internet exchange points and unplug the regions connections physically. (but it makes since BGP is to connect outside domains together it is the internet routing protocal in the WAN so in theory killing all the routes to a particular place would imply that region would be isolated to their own networks)

So I guess what I am curious about is how somebody knows they killed all the routes possible for a given region to access another region?
Is it harder to shut down like internet for a town or state as opposed to a country to country. Seems like their would be tons of routes to kill the smaller the region if it was tightly meshed together.... (and you would even have to make sure that it wouldn't kill other peoples routeing abilities / effect the other places around the region your trying to isolate)

When it comes to tracking to where a physical IP is located, the request filters down through ownership of that block, sometimes as many as 4 levels of ISPs, like the parent company, regional, county, then city that have the IP, the request would come from FBI, sent to corporate of the owner for that block, they contact the city that is assigning that block, and can provide traffic, tap, etc.

Not anymore with sites like http://www.geobytes.com/IpLocator.htm?GetLocation you can get the location in seconds.

Curious how this is, the ISP providers must have made their customer info (at least the address ,...etc stuff) publicly available and linked it with some kind of mapping services to have sites like the above to provide this ability . Or maybe they just do provide the lookup of the latitudes /longitudes as well (they would just have to have lookup code that goes to a mapping services not really that hard)

It is kind of cool stuff to beable to provide this service to the public but of course this could be a privacy issue sometimes.... unless of course you use a proxy first.

Still this service should allow you to delist from it kind of like you can have an unlisted phone number... you should have the ability to hide some of the location information from the general public internet users if you wanted to...

 

Not anymore with sites like http://www.geobytes.com/IpLocator.htm?GetLocation you can get the location in seconds.

Curious how this is, the ISP providers must have made their customer info (at least the address ,...etc stuff) publicly available and linked it with some kind of mapping services to have sites like the above to provide this ability . Or maybe they just do provide the lookup of the latitudes /longitudes as well (they would just have to have lookup code that goes to a mapping services not really that hard)

It is kind of cool stuff to beable to provide this service to the public but of course this could be a privacy issue sometimes.... unless of course you use a proxy first.

Still this service should allow you to delist from it kind of like you can have an unlisted phone number... you should have the ability to hide some of the location information from the general public internet users if you wanted to...

That only narrows it down to zip code level, and is sometimes incorrect.

Shutting down a city when there are only 2 providers is fairly easy. There will always be some that have a direct fiber link to one of the backbone providers that is "above the ISP", so to speak, which can't get shut down easily. We have one at work, and most banks, etc are also literally on a major backbone or two, the overhead is more, as you need to provide a lot more routing equipment and information and DNS servers, but uptime is so close to 100% you could call it 100%.

 

So is their any software that exists to allow the main ISP/companies involved with providing access to the internet... to allow them to quickly locate all the incoming and outgoing routes
that a particular place uses.... so they can quickly shut them off from the internet ?

And after the company knows all the incoming and outgoing routes that a particular place uses.... how much time would it take them to deny them access , or give them back access ?

It would seem if you knew all the routes they are using just simple copy them, safe them, delete them from the routers / BGP table... and recopy them back to give access.

But I could be missing something never had to work with BGP protocol to much but it would seem like if you knew all the routes it would be just a bigger process then just a home or business network... nothing more difficult in concept . (same concept)
Basically just disable the routes / enable the routes.

Curious what ISP and organization have the power to shutdown most of the internet?

O, and btw their are not 12 top level dns servers but 13
http://www.internic.net/domain/named.root

 

Sorry for the typo on Backbone servers.

ISPs are responsible for their own BGP programming, and it is the absolute most unforgiving protocol imagined. One typo will make several bundles of OC-192 fiber think your OC-3 is a backbone node, which in the past, bogs the router down so much you can barely type in a command to reconfigure it. There's a reason Cisco CCIE certs are worth the money.

The government deal pretty much commands all ISPs to change BGP tables so only local or CONUS traffic is allowed in/out. This is fairly simple, as the border routers also exist at the borders on the east and west coasts, though private companies have control of a lot of that bandwidth, the government has it's own Secure Internet links running for military use with Satellite redundancy. This has moved many bloggers to European servers and find as many private links as possible to keep contact with the world no matter what, sort of like HAM radio of the 21st century.n

The "Internet Kill Switch" is basically a Fascist idea to prevent dissent from reaching other countries, or other countries seeing dissent in the US. It was enacted after Libya did it, the president thought it was a good idea. Libya had ownership of most all lines, which made it easy for them. News still leaked out of some private lines until the secret police busted down their door and demanded they kill their link. Don't worry, though it's "For our protection", somehow.

 

Also
I Know the IANA / RIR's are the guys that keep track of and give out ip address ranges to ISP providers to use.

ISP providers are the guys that normally give access to the WAN internet.

But I have hearded internet exchange branches are the things that connect the ISP local and continents ISPs together. Is this correct?

If so the backbone is the Major ISP providers , the exchange branches , and the IANA / RIR's, and major servers. At a high level view would this be essentially what the internet is.
(leaving out the different hardware involved to make everything connected)

Also
curious looking at the map of the world and the different continents
http://www.ipligence.com/worldmap/
How exactly do they connect US to Europe , Asia , Africa , Antarctica and visa-versa for all separated continents?

Is it mesh topology or if one continent's internet goes down we won't beable to reach the other ? For example I am assuming we must of layed underwater fiber optic cables from US to Europe . In that case if Europe internet went down would we lose access/reachability to Asia ? Or did we some how lay fiber around the other side of the world to reach Asia ?
Similar question for the rest of the continents .... Basically wondering about the continent to continent network topology. And to what extent we can reach other continents i.e weather we have to go thru different third party continents to reach are destination continent. Would be more secure in theory to have a mesh topology or a way to send something to a continent with out having to go thru another one in the process. But maybe mesh would be far to much cableing. All though you would only need 21 different lines
(7 2) = 21

Well at least maybe america has a mesh to all the others ... curious

 

never mind this answers my question on the submarine cables for internet to connect the continents.
http://www.submarinecablemap.com/

I see it is not a mesh but it does have alot of redundancies so if one cable got cut or went down they would still have many different routes to use.

One thing that I am curious of is what do the researchers in Antarctica use this is the only continent that I don't see any cables layed down for. (maybe it is to hard / harsh of conditions duno)

But curious are the 1000 to 4000 or so researchers /people that go their all using satellites for their internet and communication. Or have they actually ran fiber optic cable to this continent yet.

Seems to me this is the only major place that doesn't have any wired connections to it.
Maybe it is better that way... probably to much of a hassle or cost to much for the small benfit

Anyway curious if anybody knows the current status of things over their.

 

Antarctica has a fiber link completed in 2009.

The gist of the backbone is that it is not a spine, but a mesh, which is what makes BGP tables such a headache.

Look into OSPF routing first, to get a taste of how decisions are made to send what traffic over which lines. It's a big co-op in the US, it started out with just the DARPA research net, but then the telco companies, cellular companies, and even private firms have added coast to coast high speed fiber with links in metro areas to tap into. Downtime for a major link is estimated at upwards of $10 million per MINUTE, so they all use each other for backup and excess traffic flow, where it all evens out in the end if they are running similar size pipes.

Most ISPs are regional now, local ISPs may lease an OC-3 from a major ISP to sell cheaper cable modem service if that ISP has no presence in that area, but those ISPs cannot compete with ISPs already owning the cable plant and connected to two separate OC-48 + backbone links as far as speed and reliability goes.

There is a lot of fiber that is government only, the "Secure Internet", that has only a few authorized gateways requiring authentication to reach from the 'normal internet'. Banks like Wells Fargo and Citibank have no problem running fiber coast to coast dedicated to only their traffic, with nodes at points to collect regional bank traffic for them (Using a 10.x.x.x subnet). Those aren't even shown on the map you found.

All traffic is controlled by routers, the faster the traffic and the more routes, the more expensive the router, and the more insane (for both the operator and sheer size) the routing protocol programming is. Once it is done right, it is very fault tolerant and will route around a dead link until it is up again. They also keep accounting of packets not on their network, so a sort of "IP Currency" exists for bandwidth, such as when an ATT cable gets cut and Sprint runs traffic for them for a week. Sometimes it is paid in cash, sometimes it is paid from when ATT routed for sprint a while back. It's a scary world to enter, and the amount of power one has at a large border router is unimaginable. I don't know anybody that can confidently walk up to one and change a setting without doing a route dump and pouring over it for a long time, then trying it out without saving it so a reboot will restore the old route.

Then we have the Google project of "A Fiber to every house", which I'm sure will happen soon, and drastically change the way we use the net simply due to the massive bandwidth everybody would have.

 

WOW, did know that about Antarctica so their is a cable laid for that continent cool

Banks like Wells Fargo and Citibank have no problem running fiber coast to coast dedicated to only their traffic, with nodes at points to collect regional bank traffic for them (Using a 10.x.x.x subnet). Those aren't even shown on the map you found.

Well , I guess they don't broadcast some wires ... maybe for security reasons
So it would be hard to find it if you where crazy enough to try to tap into it.


Unless of course you know of a better map of the internet structure I guess mine will be good enough for me to use to get some what of a picture of how things are.