[mcpherrinm]

In general, every IP address is reachable from every other IP address on the internet. This is possible because there's many BGP peering agreements between ISPs, and generally traffic is not filtered between them. There's no law saying you can reach everybody else: that's just how the Internet works, because it's in everyone's business interests to make it work. Very few websites are hosted using Comcast's internet service, so if Comcast didn't peer with anyone else, you couldn't get to many websites at all.

Comcast mostly provides service to end-users. Comcast connects with larger backbone providers, like Level 3, NTT, Sprint and Cogent. Those providers sell access to other residential ISPs like Necto, but also to businesses, like website hosting companies, cloud providers, etc. Comcast might directly connect to some bigger businesses like Google, CDNs, etc, for performance and cost-saving reasons.

The large ("Tier 1") providers all peer with each other, and you can pay one of those ISPs to be able to reach the customers of all the others (this is called "Transit"). So Comcast might connect to Level 3, and buy transit from them. My ISP might connect to NTT, and buy transit from them.

When my computer sends a packet, it goes to my ISP. They consult their routing table, and decide it's reachable over NTT. NTT gets the packet, routes it through their network to a peering point with Level 3, who will then route that packet to Comcast, and finally to the end user.

Then some other random home ISP which pays for connectivity with NTT is reachable from my comcast connection. The business relationship is not between Comcast and my ISP, but it's between Comcast and L3, L3 and NTT, and NTT and my ISP.

Thus Comcast would have to go out of their way to block connectivity. Comcast wants to reach everyone on Level 3's network, because that's where the websites users want to connect to are.

This is largely simplified. There's a lot of billing, politics, and technology issues involved here, and I'm not sure I understand them all.

[montasaurus]

The fact that you can reach almost any IP address is kind of a small miracle when you start digging into it. There are a bunch of interesting examples of addresses becoming unreachable or sent to the wrong destination, both accidentally and intentionally.

The BGP protocol is how each network announces what IP addresses can be reached through them. Those announcements can often be faked, in a process called BGP Hijacking. This happened to EtherWallet: https://www.theverge.com/2018/4/24/17275982/myetherwallet-ha...

Some address ranges are reserved for internal use within each network. If the network is big enough, some network operators "borrow" other less-used public IP addresses and re-purpose them for internal use. This means that traffic inside that network or transiting through it can't reach those IP addresses. Cloudflare's 1.1.1.1 DNS server (and 1.0.0.0/8 more generally) are affected by that a lot: https://blog.cloudflare.com/fixing-reachability-to-1-1-1-1-g...

Also, sometimes single point of failure connections just...break. It's not guaranteed that every connection is redundant, and it's definitely possible for chunks of the internet to just be "disconnected" from the rest.

[mirimir]

In researching a report about using ping services to locate VPN servers, I found a few examples where nearby ISPs only peer remotely. Iceland via Germany. Zurich via Italy and Germany. Salt Lake City via Boulder, LA, etc.

[solarkraft]

"only" as in trying to avoid local peering? Do you have an idea why they might do that?

[mirimir]

Yes, no local peering. I have no clue why.

The Iceland example: https://keybase.pub/mirimir/IVPN-is1.gw.ivpn.net-All-Probes-...

From the IVPN article:

> Most notably, the lowest-rtt probe for IVPN server is1.gw.ivpn.net is in Amsterdam, NL. The data is somewhat “V” shaped, with the lowest minimum rtt at ~2,000 km. And indeed, the distance between Reykjavik, IS and Amsterdam, NL is 2013 km. However, given my long-term working relationship with IVPN, one of their network engineers verified that this server is indeed in Reykjavik, IS. It’s also unlikely that the maplatency.com probe “IS midlar ehf” is actually in Amsterdam, because that’s an AS in Iceland. It’s arguably most likely that the probe (in Iceland AS60300) and is1.gw.ivpn.net (in Iceland AS44515) just weren’t peering directly, but instead through an AS near Amsterdam.

[collinmanderson]

My guess is because it does cost some money to do local peering. My understanding is you need to contact each individual company you want to peer with, make sure you both have a Point of Presence in the same datacenter, sign a contract, etc. So you both need to be renting space in that building and both have an open port on your router, and then you need to pay the datacenter to actually physically run the wire between the routers.

[mirimir]

Thanks. I hadn't thought it through so clearly.

But wait, how does traffic get to that remote peer?

[hueving]

It means that the only people that can cut your connectivity off are in a completely different jurisdiction. Useful if you have a lot of sketchy traffic.

[mirimir]

But isn't there always some intermediary with a local presence?

[stephengillie]

The politics involved can be interesting.

Sometimes, your equipment is fine, but your peer has a 1GB card in their peeing router instead of the 10GB they promised, and they need time to budget the upgrade.

Sometimes, your peer is handing off packets fine, but their peer is dropping some or all of them - and it's difficult to get someone halfway across the world to spend money for you when you're not their direct customer. Influence falls off at an inverse square of the degrees of separation, or so it feels.

[lioeters]

Off topic, but I saw you mentioned NTT several times, and wondered if it's the same NTT that I remember from my childhood in Japan. It turns out that yes, the tier-1 provider NTT is headquartered in Japan, and the company name stands for Nippon Telegraph and Telephone. Its history goes back to 1869 when the telegraph was introduced in the country, and is now the 4th largest telecommunications company in the world in terms of revenue.

[IA21]

Thank you. This is very informative.