Sign In

Internet Performance Delivered right to your inbox

Strange Changes in Iranian Transit


Many media sources have reported outages in Iranian mobile networks and Internet services in the wake of Friday’s controversial elections. We took a look at the state of Iranian Internet transit, as seen in the aggregated global routing tables, and found that the story is not as clear-cut as has been reported.

There’s no question that something large happened in the Iranian telecom space, and that the timing aligns with the close of voting and the emerging controversy. Iran typically has a fairly high baseline level of sporadic route instability, due to the country’s highly centralized incumbent transit through DCI (Data Communications Iran, AS12880) and DCI’s somewhat peripheral connectivity to the main east-west conduits for data. Even so, we started seeing spikes of route instability (changes in the paths to Iranian IP space) starting around 08:05 UTC on Saturday (just after noon in Tehran) that were significantly larger than normally expected. These bursts affected as many as 400 prefixes (blocks of IP addresses) — the majority of Iran’s Internet presence.

At 17:48 UTC, instability turned into outage, as more than 180 Iranian networks were withdrawn from the global routing tables, indicating that there were no remaining paths into DCI for that portion of Iranian traffic. Contrary to media reports, however, the outages were fairly short-lived. Within a few minutes, half of the outaged population were restored to alternative transit; over the course of an hour, outage levels returned to their normal baseline. Route instability continued to be fairly high, and that pattern has continued through the night and into Sunday.

What can we say for sure? Not much, except that Iran remains well-connected to the Internet from a routing perspective. If I had to guess, I’d say that there are probably a lot more people around the world pulling local content from Iran’s providers right now, and that surge of demand is probably contributing to increased congestion and (perhaps) some of the route instability we see. It wouldn’t be unusual for there to be some inbound cyber-mischief as well, from supporters of one or the other side, but so far we only have rumors on that front.

It is interesting to note that the changes in routing that took place were very specific in their impact on DCI’s various transit providers, who keep the country connected to the world. There are six of them: Turk Telecom (TTNet, AS9121), FLAG (AS15412), Singapore Telecom (AS7473), PCCW (AS3491), Telia (AS1299), and Telecom Italia Sparkle (AS6762). As the following plot shows, five of them lost Iran’s transit, and one of them (Turkish Telecom) was a big gainer. (Red arrows indicate loss of transit preference from the outside world; green indicates a gain in transit via the given provider.)

A transit shift of this magnitude may indicate that something (administrative, or physical) has affected Iran’s connection to the submarine cables running east and west — not a total outage, but some kind of significant impairment. Turkey has their own, interesting arrangements with Iran for transit, and those are still in good shape (perhaps somewhat congested, having presumably doubled or tripled in transit volume). It wasn’t unusual to see 300ms traceroutes from North America and Europe in this timeframe to many Iranian sites.

Of course, you have to remember that globally visible routes are the signposts for inbound traffic to and through DCI to the local providers; from the outside, there’s no telling what the Internet experience of the average person inside Iran is like today. It sounds as if a lot of content is being blocked within the country. For now, it’s a good sign that information continues to flow, and Iran is still connected to the world at large. Let’s hope they stay connected.

Share Now

  • A few more links — the best way to follow the twitter stream

  • Alex

    Hi Ben,
    Iran internet infrastructure is different with Etisalat (used to be a monopoly) now there is DU.
    Iran has over 30 main ISPs and 1000 sub-ISPs conencted to main ones. There is no single pipe that feeds the country, however, all ISPs are forced to follow the filtering rules set by IRAN Telecom Company. The list is updated and given to ISPs on daily basis and there are heft fines if an ISP neglects to follow the rules.
    As per the past few days, there are huge DDOS attacks toward the government sponsored news agencies and ministries. On top of that they government has started to block virtually everything on the net, from facebook, twitter, IM, news, emails and so on.

  • Michael

    Interesting comments on te IRAN Telecom Company’s filtering rules. You state that these are distributed to the ISP’s on a daily basis.
    Is anything more detailed known about this process? Is it automated? Could it be interrupted or spoofed? If the community could intervene in the direction the ISP’s are getting it could be helpful. One outcome would be a total interruption, likely forcing a status quo based on the last known update. Another would be conflicting (spoofed) credible versions, providing the ISP’s with enough leeway to claim belief of whichever they prefer.

  • Marco

    I am a journalist from Germany’s leading newspaper FAZ and I find your article very interesting. Do you have more details about the the Iran internet infrastructure that you could send me?
    Thanks a lot for your help!

  • Yedda: RE: Protests in Iran

    American Patriot answered: re: How Should We Help Iran? Suppose that President Obama decides to support the revolution in Iran. You may say it?s unlikely, but you?d have said that the revolution itself was pretty darned unlikely, wouldn?t you …

Whois: Dyn Guest Blogs

Dyn offers the platform for some of the greatest minds on the Internet to contribute their thoughts via guest blogs. Follow on Twitter and Facebook.