Almost without exception, "ring topology" implies a single-carrier doing physical
layer provisioning and support. In the case where multiple points are under
attack in a concerted effort to knock out service (including the failover
capabilities), it's either an "inside job" or, at the least, one where
intelligence relating to individual SONET backbones and rings has been obtained
from various sources for the purpose of thwarting such _self-healing_
capabilities that are usually afforded by SONET/SDH.
In the not too distant past (during the pre-sonet and early SONET days when N+1
automatic protection switching was used instead of counter-rotating recovery
schemes) we saw this occur, albeit infrequently, during periods of labor unrest
and other tense forms of situations relating to competition (where folks feared
for their jobs) along the NY-NJ corridor and in certain parts of California, to
name just two that I recall off the top of my head. Until recently (post 9-11),
however, it was hardly a matter of overwhelming concern. Today it is becoming
more so a matter of heightened concern. Meshing through the use of diverse
providers' facilities may prove to be the ultimate means of protection, with the
proviso being that those providers are not all sharing the same physical routes.
fwiw.
Hmm. How many points of disruption, backhoes, chainsaws, hooligans, etc,
would be needed to do this in the US and Canada? 20? 30? Sean Donelan on
a specially outfitted Segway? (just picture it...)
I suspect that might be a better source of inquiry for our friends in
the federal government, then, say, SBGP.
Might be useful for the Powers That Be to actually do a simulation of
this, and see how far they can get.
If you're referring to the National Security Council (NSC) or the
President's Critical Infrastructure Protection Board (PCIPB) and the
ISP-related working groups they put together (which Avi reported on
at NANOG) when you say "they" then you should know that they are
looking at those sorts of things and they're working on building a
simulator/test-bed. It just wasn't part of the charters for the WGs.
They're looking at a lot of different issues because they understand
there aren't any silver bullets. Hence the working groups... hence
the long set of questions that someone else pointed to... hence some
of the other projects they're working on... they want feedback.
They want to understand as many aspects of the various problems as
possible.
BUT there are also a LOT of different sets of "they" out there, so
try to be specific.
There is no simple solution, government provided or otherwise.
Even if you could stop them from disrupting layer 1 facilities, what about
disruption of carrier hotel power, colo power, etc?
In '98 there was a massive disgruntled employee cut two days in a row. One
evening was the primary, and the next evening was the primary and protect.
He hit splice points. Many network buildouts are shared so many carriers
follow the same routes both underground and aerially.
Even with carrier diversity, you could still be easily subjected to shared disruption.
If it's important enough, always get a splice point map and hope for the best.
The only really solution is very long, deterrent effect, prison terms for deliberate acts.