The Internet’s architecture is transforming 

Data routing, the process by which data packets are transferred from one point of the globe to another, is one of the core processes structuring the Internet. While the Internet is primarily a complex mesh of cables and other physical infrastructure, it is also defined at the logical layer as a “network of networks.” The Internet is made up of approximately 90,000 interconnected networks called autonomous systems (AS), run by entities of varying sizes and types, belonging to public or private institutions: Internet service providers (e.g. Vodafone), major content providers (Netflix, YouTube etc.), international transit operators (Lumen, Cogent), etc.

When an Internet user in Paris wants to access a website or video hosted across the Atlantic, the data traverses multiple autonomous systems, each selecting the next route. To ensure the stability of the system, operators often maintain alternative connections so that traffic can continue to flow even if some links become unreliable. In the Internet, the routes data use are therefore not only physical (they rely on transmission infrastructure) but also logical (they depend on actors that run these infrastructures, host data and interconnect).

Historically, the architecture of connectivity (i.e. the way autonomous systems interconnect to create routes for digital data) has been conceived as a decentralized process whereby each actor was free to connect, transmit data, and cooperate with others, provided they complied with shared rules (such as standards and protocols), defined and adopted through a relatively horizontal “multi-stakeholder” model of governance. The functioning of the network thus relied on trust among these actors, while security only became central in the 1990s and 2000s.

However, digital infrastructure is embedded in broader geopolitical dynamics, as the various public (states, agencies, institutions etc.), private (network operators, content providers, companies) and individual actors who structure, shape, and influence it often pursue divergent and sometimes conflicting interests. Increasingly, data routing emerges as both a site and a vector of geopolitical tensions and conflicts. Actors increasingly seek to control parts of the network, including how data circulates geographically, and leverage it to project power onto domestic and foreign territories. By doing so, these actors contribute to forms of fragmentation, understood as progressive and layered spatial differentiation of routing practices, dependencies, and governance policies, that challenge the global resilience of the Internet but also raise significant geopolitical risks and threats to human rights. 

Studying Internet routing from a geographical and geopolitical perspective reveals that political power is embedded in the logical architecture of connectivity. Routing is not merely a technical process but a site where territorial strategies, strategic dependencies and vulnerabilities, and market concentration materialize, shaping the fragmentation of the global network. In the context of the ERC Advanced Grant DATAROUTES led by Pr. Frédérick Douzet, the GEODE research center has engaged in a large study of the geography of Internet routes and how they can be manipulated for strategic purposes by state and non-state actors. Using a BGP observatory that collects routing data as well as open-source tools to research the geography and geopolitics of digital infrastructures, GEODE has participated in this edition of Splintercon to provide a geopolitical understanding of current fragmentation dynamics in the Internet. 

Three main dynamics are reshaping Internet routes for distinct political and strategic objectives while accelerating its splintering. First, the architecture of the network is hierarchical, which creates for some countries issues of access and route dependence on other states. But this architecture is quickly evolving in an unprecedented manner. Internet giants and hyperscalers are actively working towards operating larger parts of the network from user to content, structuring a concentration of data paths. Second, under the auspices of the concept of “digital sovereignty”, a growing number of governments enact infrastructural policies that aim at constraining data flows alongside national borders. Third, state and private actors engage in the strategic manipulation of connectivity during open conflicts for territorial control. 

Route dependencies and path-concentration 

Imagined as a distributed interconnection, the architecture of network connectivity has evolved into a hierarchical structure: transcontinental transit players dominate this hierarchy. At the bottom of the ladder were users and content providers. The former rely on ISPs and transit providers to access content, the latter needed worldwide transit providers to make their content available to the most consumers. This pyramidal organization gives structural power to those players higher up than the others, and this dynamic is translated into geopolitical dependencies as well. 

Central Asia provides a clear example of this type of dependence. Most countries in this enclaved region have multiple cables connecting them to their neighbors including other countries in the region, but also to China, Afghanistan and Iran. However, for commercial, technical, and economic reasons that are themselves the result of Russia’s centuries-long domination of the region, these countries have little intra-regional connectivity and connect to the global internet, even to their physical neighbors, almost exclusively via Russian (and Kazakhstani) providers, making them highly dependent on Russia for Internet access. 

While this type of country-to-country dependency remains common for multiple states, notably in enclaved territories and/or in post-imperial and post-colonial contexts, private actors are also implementing strategies that shape growing and broader strategic dependencies related to data infrastructures. The originally decentralized nature of the network has significantly changed in the past two decades. The advent of large Content Delivery Network (CDNs) in the 2000s and the quicker expansion of Internet hyperscalers in the 2010s and 2020s have fundamentally altered the decentralized way the network previously managed data transit. Hyperscalers like Meta, Google (Google Cloud), Amazon (AWS) or Microsoft (Azure) who previously concentrated their activities as content providers, have positioned themselves as central and unavoidable actors of the global data infrastructure. 

Léa le Pezron explains that over the past decade, some major technology platforms have evolved from large content providers into transit infrastructure owners. Google, Meta, Amazon (AWS), and Microsoft now deploy private wide-area networks that span continents. They also invest in submarine cables, build or lease long-haul fiber, and push edge infrastructure closer to users. Increasingly, they bypass traditional transit operators altogether, and the once hierarchical structure is progressively being replaced by integrated architectures. A growing share of global traffic now circulates inside optimized proprietary networks. Often described as the “flattening” of the Internet, this development reflects a concentration of both services and routing capacity in the hands of the same firms.

This dynamic is largely traffic-driven: while video streaming first concentrated flows within a few platforms, cloud computing intensified this trend, and generative AI is accelerating it further, given its dependence on hyperscale data centers. By internalizing traffic, platforms reduce congestion on traditional backbones and improve performance for their users. However, this raises two fundamental issues for the overall resilience of the network. 

First, hyperscalers are not neutral transit operators. They optimize for their own services, and, by diverting traffic away from traditional carriers, and weaken them. While user performance often improves, route diversity decreases, and increasing volumes of traffic depend on a shrinking number of vertically integrated actors. Second, concentration fosters single points of failure. Major outages, such as the Facebook disruption in 2021 or large-scale AWS incidents, have shown how one network’s failure can cascade globally, at a time where hyperscalers are increasingly integrated within sovereign functions of many states. These risks are also amplified by opacity, as routing architectures remain largely inaccessible to regulators and researchers.

Most hyperscalers are U.S.-based and subject to extraterritorial legislation (e.g. Cloud Act), and the concentration of transit power, cloud infrastructure, and content distribution creates strong structural dependencies. This affects regulatory capacity, digital sovereignty, and infrastructure resilience. This growing private concentration of routing power partly explains why states increasingly seek to reassert control over data flows through sovereignty-driven infrastructural policies.

Building borders for data

Concepts related to the idea of “digital sovereignty” (including information sovereignty, cyber sovereignty, etc.) often serve as a political justification for a wide variety of state strategies. This concept gained significant traction in the 2010s across a growing number of countries. This attention to the control of data, standards, hardware and other parts of the network has been shaped by both global and localized geopolitical events such as the Arab uprisings of the early 2010s, the Snowden revelations in 2013, information operations during the 2016 US presidential campaign or, more recently, the second term of U.S. President Donald Trump. The idea of digital sovereignty generally encompasses a strongly territorialized view of the “global network” and has led to a variety of policy responses across different political systems that tend to reshape it alongside geopolitical borders. While examples from authoritarian countries like Iran or Russia have been well documented as holistic attempts to build “sovereign Internets”, other more nuanced case studies help understand the wide policy spectrum this idea encompasses. 

At Splintercon 2025, a wide range of researchers from the GEODE research center presented their ongoing research on case studies in Cuba, Pakistan, Australia, and Canada. They showed how states seek to influence, and in some cases enforce policies that shape how, where, and through which actors data packets transit.

In Cuba, Margot François’ work has shown how digital sovereignty is built not only through state-led, top-down strategies of control, but also through configurations of restricted access to connectivity shaped by scarcity (a context of shortages and economic crisis) and geopolitical exclusion (US embargo). The Cuban case highlights a peripheral form of network fragmentation that results not only from state choices but also from external sanctions, and contributes to shifting the analysis of “splintering” to non-hegemonic contexts, highlighting the role of access inequalities and local adaptations in the production of diverse forms of digital sovereignty.

Drawing on the case of Pakistan, Nowmay Opalinski shows how territorial and security-driven conceptions of cyberspace shape Internet infrastructure and ultimately affect its resilience. Building on GEODE’s digital network mapping methodology, his analysis demonstrates that infrastructure over-concentration facilitates state control, but at the expense of network reliability and connectivity efficiency.

In Canada, where the relationship with the US is marked by growing tensions, efforts to strengthen digital sovereignty and reduce dependence on US infrastructures have significantly risen. In her research, Celestine Rabouam emphasizes the major vulnerabilities of Canadian Arctic connectivity. In these regions, the lack of cooperation among local stakeholders among other reasons makes networks rely heavily on satellite systems mostly routed through the US. While Starlink development in these territories offers increased capacity and resilience, the induced dependence on US actors sharpens the tension between the need for sovereignty and the need for connectivity in remote regions.

Sophie Hamel demonstrates that, since the 2010s, the Australian government has implemented measures to control and restrict digital infrastructure suppliers, primarily against espionage and interference risks associated with Chinese actors. On the other hand, the Australian Department of Defense has set up a Top Secret Cloud with AWS. Canberra, however, also uses digital infrastructure as an influence tool, by financing projects in Pacific Island states which it sees as a strategic extension of its own networks, in order to exclude Chinese technology and capital and to favour “trusted” economic partners. These policies participate in fragmenting the network both by preventing direct connections to China and by excluding Chinese suppliers from the Pacific islands, underlining how Australia uses technological dependencies as an instrument of its digital sovereignty.

Manipulating the network to project power 

Governments, as well as private stakeholders, are also increasingly building policies in order to assert their power over territories in the context of open conflicts and wars. In the case of Russian invasion of Ukraine since 2014, Moscow has used network reconfiguration as a tool of territorial appropriation in occupied Ukrainian regions. Beyond military control, Russian authorities manipulated routing architectures and upstream dependencies to reinforce sovereignty through infrastructure. By redirecting traffic flows and controlling interconnection points, they turned connectivity into an instrument of political domination.

In 2014, Ukrainian telecommunications infrastructure in Crimea was replaced and traffic was rerouted through Russian backbone networks controlled by the government. After the 2022 invasion, Kherson became an emblematic case where local providers were disconnected from Ukrainian upstream operators and forcibly re-peered with Russian transit networks at gunpoint, effectively integrating local access providers into Russian-controlled infrastructure, but also into the Russian so-called “Sovereign internet”. This rerouting de facto severed access to Ukrainian networks and exposed traffic to centralized filtering and surveillance. As major platforms widely used in Ukraine, such as Facebook and Instagram, disappeared, access to many independent information outlets also vanished, aligning the region with Russia’s increasingly controlled information space.

Shortly after the start of the full-scale invasion in 2022, Kyiv has also set up policies that seek to shape an “information shield” based on infrastructural policies. These included the unprecedented decision of blocking 600 Russian Autonomous Systems, effectively blocking approximately 48 million Russian IP addresses. Furthermore, private actors Lumen, Cogent and the London Internet eXchange Point (IXP) LINX also enacted sanctions against some of Russia’s main international carriers and disconnected them, signaling a rare and clear geopolitical stance by private Western network operators. 

Doug Madory’s presentation analyzes the large-scale migration of Ukrainian IPv4 address space following Russia’s full-scale invasion in 2022, using BGP routing data, WHOIS records, and broker market signals to trace how formerly Ukrainian address blocks exited the region and entered global leasing markets. The core case study focuses on Ukrtelecom, Ukraine’s incumbent telecom operator, specifically AS6849 and AS6877.

AS6849 experienced a steep reduction in originated IPv4 space:

• Declined from 4,728 /24 equivalents to 1,377 /24s.
• Represents a 71% drop in originated IPv4.
• Lost address space either:
  • Ceased being routed, or
  • Began being originated by ASNs outside Eastern Europe.

Routing analysis shows portions of this IPv4 space now originated by major international transit networks such as AS174 (Cogent), AS16509 (Amazon) and AS7029 (Windstream).

AS6877, a sister ASN of Ukrtelecom, saw an even more dramatic collapse:

• On February 1, 2022: 616 /24 equivalents originated.
• Today: effectively disappeared from the global routing table.
• Former prefixes are now originated by Tier-1 and major transit networks including:
  • AS2914 (NTT)
  • AS3356 (Lumen)
  • AS174 (Cogent)
  • AS5511 (Orange)

BGP and passive DNS evidence shows that some address ranges are still registered to Ukrtelecom in RIR databases but originated by foreign ASNs, indicating leasing arrangements rather than outright transfers. WHOIS lookups further reveal involvement of IPv4 broker IPXO (AS834), suggesting structured leasing of Ukrainian IPv4 space to foreign customers, sometimes with routes originated by AS7018 (AT&T).

Based on broker market rates ($100–$150/month per /24), even conservative estimates imply approximately $150,000 per month in potential leasing revenue for Ukrtelecom alone. This suggests that leasing IPv4 space may represent a wartime financial survival strategy for Ukrainian operators. However, Ukrtelecom is not an isolated case. Other Ukrainian ASNs experienced similar patterns:

• LVS (AS43310) began 2022 originating 24 /24 equivalents; later those ranges were primarily originated by AS7018 (AT&T).
• TVCOM (AS34092 and AS57033) also saw IPv4 migration out of Ukraine.

The case of Trinity (AS43554) in Mariupol is especially illustrative. It went offline in early March 2022 during the siege. Its IPv4 space began being originated by up to 54 ASes outside Ukraine. By 2024, much of the space was consolidated into Ukrainian content provider AS204384 (Sweet). During summer 2023, portions of Trinity’s former IPv4 space were observed being originated by AT&T and confirmed to be used in residential proxy networks.

Residential proxies use legitimate IP address space to route traffic in ways that appear to originate from consumer endpoints. These services are frequently associated with web scraping, spam distribution, account creation fraud and account takeovers. Doug Madory documents Ukrainian IPv4 space being monetized through such proxy networks, with AT&T’s AS7018 commonly used as the origin ASN. This practice provided cover under a reputable Tier-1 ASN, making filtering more difficult.

After investigative reporting by Brian Krebs expanded on Madory’s findings, AT&T changed its policy. Customers were required to originate IP space under their own ASNs. This made proxy-origin traffic more identifiable and filterable. Proxy operators ceased using AT&T around October 28.

Doug Madory also examined manipulation of registration records in Russian-occupied territories.

Example:

• Prefix 151.0.0.0/20 originated by AS45025.
• Country field changed from “UA” to “RU” in July 2022.
• Later deleted from RIPE NCC records (April 4, 2024).
• AS45025 no longer in routing table.
• Address space redistributed among ISPs in Russian-held territories and leased to Western telecoms.

This sequence suggests administrative reclassification (“russification”), subsequent fragmentation and leasing; erasure of registry evidence. The deletion of RIPE records effectively purges historical evidence of Ukrainian association.

This case study raises structural questions about the global IPv4 market: are brokers exploiting wartime distress? Or are leasing markets providing critical liquidity to struggling Ukrainian ISPs? Who bears responsibility when leased space is used in abusive proxy operations?

APNIC Chief Scientist Geoff Huston has recently questioned whether we have reached “peak IPv4,” noting declines in routed IPv4 and falling market prices. Madory suggests that increased supply from Ukrainian address space entering leasing markets may be contributing to these macro-level shifts. Doug Madory’s analysis demonstrates how geopolitical conflict manifests directly in routing tables, registry metadata, and secondary IPv4 markets. Ukrainian IPv4 space has transitioned from local origination to global monetization, often via Tier-1 transit ASNs, and in some cases into gray-market proxy ecosystems. The result is not simply an infrastructure collapse, but a reallocation of scarce IPv4 resources under wartime pressure—reshaping both regional connectivity and the global IPv4 leasing economy .

The multiple case studies presented in this section show how Internet routing is not merely a background technical layer but a strategic space where geopolitical dynamics crystallize. The geopolitical approach examines how network architectures and their actors are embedded in space and territory, and how historical legacies, territorial ambitions, and strategic objectives both shape, and are shaped by, connectivity infrastructures. Routing dependencies in Central Asia, hyperscaler-led concentration, sovereignty-driven infrastructural policies, and wartime network manipulation in Ukraine all illustrate how fragmentation is produced through political choices, economic strategies, and strategic calculations that materialize in the topology of the network. This approach also insists on the necessary combination of infrastructural data and network measurements with contextual analyses and fieldwork to accurately understand and document the many transformations of the Internet. In that way, cooperation between social scientists, computer scientists, and civil society is key to deepening our understanding of these processes.