PING

In recent PING episodes, APNIC Chief Scientist Geoff Huston has asserted that Internet routing has shifted away from traditional IP packet forwarding. Instead, it is increasingly driven by processes that map names to addresses. It’s no longer just about your IP address or the specific endpoint you think you’re connecting to, it’s about your location and which intermediary services can most effectively handle your request. How does this actually work in practice? What processes determine where your request is served from, and who makes those decisions? In the latest episode of PING, we explore this topic. Of course, IP-level routing hasn’t disappeared. For optimizing content delivery using a ‘closest’ node model, anycast remains a critical technique, using BGP to direct traffic to the nearest available server, and it is widely deployed at scale. However, this approach is increasingly supplemented by name-based mechanisms, particularly those driven by DNS, to more precisely determine where requests should be directed. The way endpoints are identified in an Internet protocol exchange is changing, and this shift has broader implications for the nature of the network. As a result, we are seeing some trends emerge: Control over routing decisions for application content has shifted away from ISPs operating at the BGP layer and towards higher-level logistics functions in the stack. These decisions are now typically made by service providers offering optimized content delivery as a managed service. Provision of this optimization is typically carried out through DNS-based mechanisms. As a result, organizations often delegate their DNS to the same content delivery provider, allowing it to control request routing. This gives the intermediary significant influence over how and where traffic for a domain is directed. Together, these trends are likely to reinforce the growth of ‘walled garden’ vertical markets. Application-specific delivery methods are increasingly positioned as competitive advantages over generic services (such as standard video streaming), meaning that both application choice and DNS-based steering can guide users into more closed, vertically integrated environments.

In this episode of PING, APNIC Chief Scientist Geoff Huston discusses a problem which cropped up recently with the location tagging of IP addresses seen in the APNIC Labs measurement system. For compiling national/economic and regional statistics, and to understand the experimental distribution into each market segment, Labs relies on the freely available geolocation databases from maxmind.com, and IPinfo.io -which in turn are constructed from a variety of sources such as BGP data, the RIR compiled resource distribution reports, Whois and RDAP declarations and the self-asserted RFC8805 format resource distribution statements that ISPs self publish. At best this mechanism is an approximation, and with increasing mobility of IP addresses worldwide it has become harder to be confident in the specific location of an IP address you see in the source of an internet dataflow, not the least because of the increasing use of Virtual Private Networks (VPN) and address cloaking methods such as Apple Private Relay, or Cloudflare Warp (although as Geoff notes, these systems do the best they can to account for the geographic distribution of their users in a coarse grained “privacy preserving” manner). Geoff was contacted by Ben Roberts of Digital Economy Kenya, a new boardmember of AFRINIC and long-time industry analyst and technical advisor. He’d noticed anomolies with the reporting of Internet statistics from Yemen, which simply could not be squared away with the realities of that segment of the Internet Economy. This in turn has lead Geoff to examine in detail the impact of Starlink on distribution of internet traffic, and make adjustments to his measurement Geolocation practices, which will become visible in the labs statistics as the smoothing functions work through the changes. Low Earth Orbit (LEO) Space delivery of Internet has had rapid and sometimes surprising effects on the visibility of Internet worldwide. The orbital mechanics mean that virtually the entire surface of the globe is now fully internet enabled, albiet for a price above many in the local economy. This is altering the fundamentals of how we “see” Internet use and helps explain some of the problems which have been building up in the Labs data model.

In this episode of PING, APNIC Chief Scientist Geoff Huston shares a story from the recent AusNOG in Melbourne and connects it to measurement work at APNIC Labs, exploring how modern IP flow control manages ‘fair shares’ of the network. At AusNOG 2025, Geoff attended a talk by Lincoln Dale of Amazon AWS titled “No Packet Left Behind: AWS’s Approach to Building and Operating Reliable Networks”. The presentation examined how AWS scales its data centre networks, highlighting massive investments in high-speed routers and switches to support both global internet services and the vast flows of traffic between servers and other Amazon resources. What AWS doesn’t do is rely on highly complex protocols like Segment Routing over IPv6 (SRv6), Resource Reservation Protocol (RSVP), or other modern traffic engineering techniques unless absolutely necessary. Instead, they use a radically simplified, on-chip model of data management, pushing as much processing as possible into a single VLSI circuit and minimizing the amount of ‘smart’ work in the network. The question is: How can simplifying the IP stack to this extent actually work? Geoff has long been sceptical of higher-layer protocols that try to manage bandwidth reservation and shaping. He recalls an earlier attempt by Digital Equipment Corporation (DEC) to signal congestion with Explicit Congestion Notification (ECN), a mechanism that still exists in the protocol stack and now underpins new bandwidth management approaches such as Apple and Comcast’s ‘L4S’. APNIC Labs has measured how the wider Internet responds to ECN signals using an advertising-based model, and the results suggest this approach struggles outside tightly controlled, ‘walled garden’ networks. He contrasts this with advances in flow control through Google’s BBR, now in its third version, which refines the aggressive, bandwidth-seeking behaviour of TCP window management.

In this episode of PING, APNIC’s Chief Scientist, Geoff Huston, discusses the economic inevitability of centrality, in the modern Internet. Despite our best intentions, and a lot of long standing belief amongst the IETF technologists, no amount of open standards and end-to-end protocol design prevents large players at all levels of the network (from the physical infrastructure right up to the applications and the data centres which house them) from seeking to acquire smaller competitors, and avoid sharing the space with anyone else. Some of this is a consequence of the drive for efficiency. A part has been fuelled by the effects of Moore’s law, and the cost of capital investment against the time available to recover the costs. In an unexpected outcome, networking has become (to all intents and purposes) “free” and instead of end-to-end, we now routinely expect to get data through highly localised, replicated sources. The main cost these days is land, electric power and air-conditioning. This causes a tendency to concentration, and networks and protocols play very little part in the decision about who acquires these assets, and operates them. The network still exists of course, but increasingly data flows over private links, and is not subject to open protocol design imperatives. A quote from Peter Thiel highlights how the modern Venture Capitalist in our space does not actively seek to operate in a competitive market. As Peter says: “competition is for losers” – It can be hard to avoid the “good” and “bad” labels talking about this, but Geoff is clear he isn’t here to argue what is right or wrong, simply to observe the behaviour and the consequences. Geoff presented on centrality to the Decentralised Internet Research Group or DINRG at the recent IETF meeting held in Madrid, and as he observes, “distributed” is not the same as “decentralised” -we’ve managed to achieve the first one, but the second eludes us.

In this episode of PING, APNIC’s Chief Scientist, Geoff Huston, discusses "a day in the life of BGP" -Not an extraordinary day, not a special day, just the 8th of May. What happens inside the BGP system, from the point of view of AS4608, one ordinary BGP speaker on the edge of the network? What kinds of things are seen, and why are they seen? Geoff has been measuring BGP for almost it's entire life as the internet routing protocol, but this time looks at the dynamics at a more "micro" level than usual. In particular there are some things about the rate of messages and changes which points to the problems BGP faces. A small number of BGP speakers produce the vast majority of change, and overall the network information BGP speakers have to deal with as a persisting view of the world increases more slowly. Both kinds of message dynamics have to be dealt with. Can we fix this? Is there even anything worth fixing here, or is BGP just doing fine?

In this episode of PING, APNIC’s Chief Scientist, Geoff Huston, discusses the root zone of the DNS, and some emerging concerns in how much it costs to service query load at the root. In the absence of cacheing, all queries in the DNS (except ones the DNS system you ask is locally authoritative for anyway) have to be sent through the root of the DNS, to find the right nameserver to ask for the specific information. Thanks to cacheing, this system doesn't drown in the load of every worldwide query, all the time, going through the root. But, even taking cacheing into account there is an astronomical amount of query seen at the root, and it has two interesting qualities Firstly, its growing significantly faster than the normal rate of growth of the Internet. We're basically at small incremental growth overall in new users, but query load at the root increases significantly faster, even after some more unexpected loads have been reduced. Secondly, almost all of the queries demand the answer "No, that doesn't exist" and the fact most traffic to the root hunts the answer NO means that the nature of distributed DNS cacheing of negative answers isn't addressing the fundamental burden here. Geoff thinks we may be ignoring some recent developments in proving the contents of a zone, the ZONEMD record which is a DNSSEC signed check on the entire zone contents, and emerging systems to download the root zone, and localise all the queries sent onwards into a copy of the root held in the resolver. Basically, "can we do better" -And Geoff thinks, we very probably can.