Tuesday, June 23, 2009

Iranian Traffic Engineering (Arbor Networks)

Iranian Traffic Engineering

by Craig Labovitz

http://asert.arbornetworks.com/2009/06/iranian-traffic-engineering/


The outcome of the Iranian elections now hangs in the balance and perhaps, also on the availability of the Internet (or at least Twitter and Facebook according to the US State Department).

Based on significant Internet engineering changes over the last week, the Iranian government seems to agree…

While other countries (e.g. Burma in 2007) completely unplugged the country during political unrest, Iran has taken a decidedly different tact.

Before going further, I should note that we have no direct insight into Iranian political machinations nor telecommunications policy. But the 100 ISPs participating in the Internet Observatory provide some interesting hints on how the Iranian government may hope to control Internet access.

The state owned Data communication Company of Iran (or DCI) acts as the gateway for all Internet traffic entering or leaving the country. Historically, Iranian Internet access has enjoyed some level of freedom despite government filtering and monitoring of web sites.

In normal times, DCI carries roughly 5 Gbps of traffic (with a reported capacity of 12 Gbps) through 6 upstream regional and global Internet providers. For the region, this represents an average level of Internet infrastructure (for purposes of perspective, a mid size ISP in Michigan carries roughly the same level of traffic).

Then the Iranian Internet stopped.

One the day after the elections on June 13th at 1:30pm GMT (9:30am EDT and 6:00pm Tehran / IRDT), Iran dropped off the Internet. All six regional and global providers connecting Iran to the rest of the world saw a near complete loss of traffic.

The below graph shows Iranian Internet traffic through Iran's six upstream providers.


Note: All data comes from analysis of Internet Observatory anonymous ASPath traffic statistics from which we infer upstream ISP traffic. Also a few caveats — Iranian traffic is such a small part of global Internet traffic levels that the Observatory data is fairly noisy. We used a number of standard statistical approaches to normalize the sampled dataset.

As noted earlier, Iran normally sees around 5 Gbps of traffic with typical diurnal and weekly curves (though Iran sees dips both on Iranian weekend of Thurs / Friday as well as during western Sat / Sun weekends). From the view of the Observatory, most Internet traffic to Iran goes through Reliance (formerly Flag) Telecom, the major Asia Pacific region underseas cable operator. Singtel, a major pan-Asian provider and Türk Telekom also provide significant transit.

Initially, DCI severed most of the major transit connections into Iran. Within a few hours, a trickle of traffic returned across TeliaSonera, Reliance and SignTel — all well under 1 Gbps.

The below graph shows a zoomed in view of the outage and earlier graph.

As of 6:30am GMT June 16, traffic levels returned to roughly 70% of normal with Reliance traffic climbing by more than a Gigabit.

So what is happening to Iranian traffic?

I can only speculate. But DCI's Internet changes suggest piecemeal migration of traffic flows. Typically off the shelf / inexpensive Internet proxy and filtering appliances can support 1 Gbps or lower. If DCI needed to support higher throughput (say, all Iranian Internet traffic), then redirecting subsets of traffic as the filtering infrastructure comes online would make sense.

Unlike Burma, Iran has significant commercial and technological relationships with the rest of the world. In other words, the government cannot turn off the Internet without impacting business and perhaps generating further social unrest. In all, this represents a delicate balance for the Iranian government and a test case for the Internet to impact democratic change.

Events are still unfolding in Iran, but some reports are saying the Internet has already won.


No comments: