中断,中断向量,中断向量表_旧版中断-CSDN博客

本文探讨了美国国防部使用AS721作为单一上游网关的问题，指出这可能导致网络连接的脆弱性。文章强调了网络多样性和冗余的重要性，尤其是在关键基础设施中。

摘要生成于 C知道，由 DeepSeek-R1 满血版支持，前往体验 >

中断,中断向量,中断向量表

Right at the beginning, we need to outline a couple of details for our readers:

从一开始，我们就需要为读者概述一些细节：

All Autonomous System Numbers under 1000 are called “lower ASNs,” as they are the first autonomous systems on the Internet, registered by IANA in the early days (the late 80’s) of the global network. Today they mostly represent government departments and organizations, that were somehow involved in Internet research and creation in 70-90s.
所有低于1000的自治系统号都被称为“较低的ASN”，因为它们是Internet上的第一个自治系统，由IANA在全球网络的早期(80年代末)注册。今天，他们主要代表政府部门和组织，这些组织以某种方式参与了70到90年代的互联网研究和创建。
Our readers should remember, that the Internet became public only after the United States’ Department of Defense, which funded the initial ARPANET, handed it over to the Defense Communication Agency and, later in 1981, connected it to the CSNET with the TCP (RFC675)/IP (RFC791) over X.25. A couple of years later, in 1986, NSF swapped the CSNET in favor of NSFNET, which grew so fast it made possible ARPANET decommission by 1990.
我们的读者应该记住，只有在最初的ARPANET出资的美国国防部，将其移交给美国国防部通信局，并在1981年晚些时候，将其通过TCP( RFC675 )/ IP (RFC791)通过X.25。几年后的1986年，NSF将CSNET换成了NSFNET，NSFNET增长如此之快，以至于1990年ARPANET可以退役。
IANA was established in 1988, and supposedly at that time, existing ASNs were registered by the RIRs. It is no surprise that the organization that funded the initial research and creation of the ARPANET, further transferring it to another department because of its operational size and growth, only after diversifying it into 4 different networks (Wiki mentions MILNET, NIPRNET, SIPRNET and JWICS, above which the military-only NIPRNET did not have controlled security gateways to the public Internet).
IANA成立于1988年，据说当时现有的ASN已由RIR注册。不足为奇的是，为ARPANET的最初研究和创建提供资金的组织，由于其运营规模和增长而将其进一步转移到另一个部门，只是在将其分散到4个不同的网络中之后(Wiki 提到了 MILNET，NIPRNET，SIPRNET和JWICS) ，仅军用的NIPRNET上面没有控制到公共Internet的安全网关。

After the establishment of one of the ICANN functions in the form of the IANA (Internet Assigned Numbers Authority), it started allocating ASNs to the organizations that were part of this network creation from the beginning. It is interesting that the first ASNs were post factum taken into consideration by various registries around the globe, allowing to assume that different countries’ Government’s Official Departments were a part of the Internet creation in the 80s. We know that a lot of new ideas came from CERN, which began the installation of TCP/IP between the years 84 and 88, and was interconnected to the rest of the networks in 1989.

在以IANA(互联网编号分配机构)的形式建立ICANN职能之一后，它从一开始就开始向作为该网络创建一部分的组织分配ASN。有趣的是，第一批ASN在事后被全球各地的注册机构所考虑，从而可以假设不同国家政府的官方部门是80年代互联网创建的一部分。我们知道，CERN提出了许多新想法，CERN在84至88年间开始安装TCP / IP，并于1989年与其他网络互连。

So what happened on May 5?

那么5月5日发生了什么？

As we may suppose, all those networks that existed within the ARPANET and besides that had not ceased to exist. After the modern IP addressing took its place, and the first IP prefixes were assigned, network resources were already within those networks.

就像我们可能想到的那样，ARPANET内部存在的所有那些网络，除此之外还没有停止存在。在使用现代IP寻址并分配了第一个IP前缀之后，网络资源已经在这些网络中。

After establishing ICANN, IANA and the RIRs it was necessary to “register” all those addresses and prefixes and correlate them to the corresponding Autonomous System — a term introduced in the EGP draft from 1982. So it is no surprise that the United States’ Department of Defense which, once again, funded the initial ARPANET research, got a lot of “lower ASNs” for their needs. Nowadays, 70 ASNs are belonging to different DoD’s departments, including USAF, ISC, NAVY NNIC, and DNIC. What unites them and make the whole situation so unique?

在建立ICANN，IANA和RIR之后，有必要“注册”所有这些地址和前缀，并将它们与相应的自治系统相关联(这是1982年EGP草案中引入的一个术语)。因此，美国部就不足为奇了。美国国防部再次资助了最初的ARPANET研究，获得了许多满足其需求的“较低级ASN”。如今，美国国防部的70个ASN属于不同部门，包括USAF，ISC，NAVY NNIC和DNIC。是什么使它们团结起来并使整个情况如此独特？

The answer is — they all have one upstream to the world in the form of AS721.

答案是–它们都以AS721的形式向世界上游发展。

Why is that peculiar? Let us quote the 2018 National Internet Segment Reliability Report:

为什么这么奇怪？让我们引用《 2018年全国互联网细分市场可靠性报告》：

Strictly speaking, when the BGP and the world of interdomain routing were in the design stage, the creators assumed that every non-transit AS would have at least two upstream providers to guarantee fault tolerance in case one goes down. However, the reality is different: more than 45% of ISP’s have only one connection to an upstream provider.

An opportunity to see one individual ISP overwhelmed with traffic is on the table most of the time. For us, it is quite surprising that such a serious state organization, as the Department of Defense, haven’t updated their image of how a network should interconnect from the late 80s. Everything that connects through the outer world through the AS721 relies on it as the only connectivity medium, which might, and the Sunday events show that such a feature would be exploited.

严格来说，当BGP和域间路由世界处于设计阶段时，创建者认为每个非传输AS都将至少具有两个上游提供程序，以确保在一个发生故障的情况下的容错能力。但是，现实是不同的：超过45％的ISP仅与上游供应商建立一个连接。

大多数情况下，有机会看到一个单独的ISP被流量淹没。对于我们来说，令人惊讶的是，像国防部这样的严肃的州组织没有更新其关于网络应该如何从80年代后期开始互连的形象。通过AS721通过外部世界进行连接的所有内容都依赖于它作为唯一的连接介质，而且周日事件表明将利用这种功能。

Such a network, serving internal purposes and not trying to earn money by transit, should have much more controllable upstreams to be reliable and failure-tolerant. The option of having only one critical external gateway could sound like something easy to control and therefore secure, though ultimately it casts doubt on the ability of such a network, and therefore organization which it belongs to, to sustain the needed level of connectivity.

这样的网络服务于内部目的，而不是试图通过传输来赚钱，它应该具有更可控的上游，以便可靠且容错。仅拥有一个关键外部网关的选择听起来很容易控制，因此很安全，尽管最终它使这种网络以及维持其所需连接水平的组织的能力产生了疑问。

AS721, as it is seen on the Radar graph, connects to the Internet only with the help of one transit provider — CenturyLink. Again we have to quote the 2018 Reliability Report:

在Radar图表上可以看到， AS721仅在一个公交提供商CenturyLink的帮助下才能连接到Internet。同样，我们必须引用《 2018年可靠性报告》：

However, the big news involving Cogent comes from the United States. For two years — 2016 and 2017 — we identified Cogent’s AS 174 as the crucial one for that market. This is no longer the case — in 2018, the CenturyLink AS 209 replaced Cogent, and the change sent the United States up the list by three places, to 7th.

However, even in the case of a reliable ISP — a single outer connection is the pain point for any internet infrastructure IRL. In case of an emergency, technical failure, mistake or catastrophe such a single link is expected to fail, or at least to suffer degradation. That is why Qrator Labs and the Radar project have, again, to remind a simple one-word verb for 2019: diversify.