Home / Blogs

A Closer Look at Iran's State of Internet, Strange Transit Changes in Wake of Controversial Election

Many media sources have reported outages in Iranian mobile networks and Internet services in the wake of Friday's controversial elections. We took a look at the state of Iranian Internet transit, as seen in the aggregated global routing tables, and found that the story is not as clear-cut as has been reported.

There's no question that something large happened in the Iranian telecom space, and that the timing aligns with the close of voting and the emerging controversy. Iran typically has a fairly high baseline level of sporadic route instability, due to the country's highly centralized incumbent transit through DCI (Data Communications Iran, AS12880) and DCI's somewhat peripheral connectivity to the main east-west conduits for data. Even so, we started seeing spikes of route instability (changes in the paths to Iranian IP space) starting around 08:05 UTC on Saturday (just after noon in Tehran) that were significantly larger than normally expected. These bursts affected as many as 400 prefixes (blocks of IP addresses) — the majority of Iran's Internet presence.

At 17:48 UTC, instability turned into outage, as more than 180 Iranian networks were withdrawn from the global routing tables, indicating that there were no remaining paths into DCI for that portion of Iranian traffic. Contrary to media reports, however, the outages were fairly short-lived. Within a few minutes, half of the outaged population were restored to alternative transit; over the course of an hour, outage levels returned to their normal baseline. Route instability continued to be fairly high, and that pattern has continued through the night and into Sunday.

What can we say for sure? Not much, except that Iran remains well-connected to the Internet from a routing perspective. If I had to guess, I'd say that there are probably a lot more people around the world pulling local content from Iran's providers right now, and that surge of demand is probably contributing to increased congestion and (perhaps) some of the route instability we see. It wouldn't be unusual for there to be some inbound cyber-mischief as well, from supporters of one or the other side, but so far we only have rumors on that front.

It is interesting to note that the changes in routing that took place were very specific in their impact on DCI's various transit providers, who keep the country connected to the world. There are six of them: Turk Telecom (TTNet, AS9121), FLAG (AS15412), Singapore Telecom (AS7473), PCCW (AS3491), Telia (AS1299), and Telecom Italia Sparkle (AS6762). As the following plot shows, five of them lost Iran's transit, and one of them (Turkish Telecom) was a big gainer. (Red arrows indicate loss of transit preference from the outside world; green indicates a gain in transit via the given provider.)

A transit shift of this magnitude may indicate that something (administrative, or physical) has affected Iran's connection to the submarine cables running east and west — not a total outage, but some kind of significant impairment. Turkey has their own, interesting arrangements with Iran for transit, and those are still in good shape (perhaps somewhat congested, having presumably doubled or tripled in transit volume). It wasn't unusual to see 300ms traceroutes from North America and Europe in this timeframe to many Iranian sites.

Of course, you have to remember that globally visible routes are the signposts for inbound traffic to and through DCI to the local providers; from the outside, there's no telling what the Internet experience of the average person inside Iran is like today. It sounds as if a lot of content is being blocked within the country. For now, it's a good sign that information continues to flow, and Iran is still connected to the world at large. Let's hope they stay connected.

By Jim Cowie, Chief Technology Officer, Co-founder of Renesys. Jim is also a contributor of the Renesys blog located here.

Related topics: Access Providers, Telecom

WEEKLY WRAP — Get CircleID's Weekly Summary Report by Email:

Comments

To post comments, please login or create an account.

Related Blogs

Related News

Topics

Industry Updates – Sponsored Posts

DotConnectAfrica Attends Transform Africa 2013 Summit in Rwanda

dotMobi and Digital Element Announce Strategic Partnership

Dyn Research: CDN Adoption Across Our Customer Base

Neustar Expands Professional Services Offerings for Communications Service Providers

Reducing the Risks of BYOD with Nominum's Security Solution

Nominum and IBM Partner Around Big Data

New Nixu Solution Slashes Cloud Application Delivery Times from Weeks to Milliseconds

Virgin Media Selects Nominum to Support London Underground WiFi Roll-out

Nominum Releases New Version of Carrier-Grade DHCP Software for Telecom Providers

How Secure is Your Mobile Network? And Does It Even Matter? (Webinar)

Nominum Survey of World's Leading ISPs Shows Nearly 60% of ISPs Plan to Roll-Out IPv6 by End of 2012

Nominum Launches Comprehensive Suite of DNS-Based Security Solutions for Russian Service Providers

Nominum Sets New Record for Network Speed and Efficiency

Implementing a Cyber-Security Code of Conduct: Real-Life Lessons From Australia (Webinar)

Neustar and University of Illinois Launch the Neustar Innovation Center

Australian ISP iiNet selects ARI Registry Services to Help It Apply for and Operate .iinet TLD

Nominum Launches World's First Purpose-Built Suite of DNSā€Based Solutions for Mobile Operators

Verisign to Award New Infrastructure Research Grants

Breaking the DNS: Another Look at How SOPA Could Be Destructive

Neustar Names Joe Pasqua to Head Neustar Labs

Sponsored Topics