How Egypt pulled its Internet plug

Flipped 'kill switch' by withdrawing border gateway protocol (BGP) routing information, say experts

To sever its link with the outside digital world, Egypt "raised the drawbridge" in mere minutes by forcing the country's providers to make simple changes to their routers, experts said on Friday.

"The major Egyptian networks stopped announcing what networks they represented to the rest of the world," said Andree Toonk, the founder and lead developer of the open-source BGPmon, a tool for monitoring BGP, or "border gateway protocol," the protocol at the core of the Internet's routing mechanism.

The process likely took only minutes, and required simple changes to the country's core router configuration files, Toonk said. Earlier Friday, Toonk noted that more than 90% of Egypt's networks were unreachable because they had withdrawn their routing announcements.

Routers communicate with each other using BGP to establish pathways for digital traffic. By refusing to tell other networks how to reach their IP addresses, Egyptian Internet service providers (ISPs) effectively cut off all communication with the Web.

"You could call it a 'kill switch,'" Toonk said.

Beginning Thursday and accelerating Friday, Egyptian networks began disappearing to observers outside the country. Although early reports said it wasn't clear how the disconnect had been done, Toonk and others said today it was certainly by refusing to release BGP information to upstream providers and other networks on the Internet.

Without BGP information provided by Egyptian networks, the rest of the world has no way to connect with the country's ISPs or its Web sites. Nor do its citizens have a way to reach sites or services beyond its boundaries.

The Egyptian government apparently ordered the country's providers to sever their connections. Vodafone, for example, has acknowledged that it complied with a government order to suspend its mobile services. Vodafone is also one of Egypt's largest ISPs.

"The Egyptian government has instructed the ISPs, whether state owned or state licensed, to withdraw their BGP announcements that tell other routers how to reach those ISPs," said Rodney Joffe, senior technologist with Neustar, a DNS (domain name system) service provider.

"Within a few seconds or at most a couple of minutes, traffic could no longer flow [to the Egyptian ISPs]," Joffe said. "For most of the ISPs inside Egypt, there's no longer a path that tells other networks how to reach them."

BGP is not only one of the backbone technologies of the Internet, but also provide its flexibility and strength, Joffe said.

"Using BGP, your networks tells its directly-connected providers that, 'I know the way to these IP addresses, and can get you there in one hop,'" Joffe explained. "Those providers are connected to other networks as well, and begin to tell the world the way to you."

The process continues, with each network's routers describing a pathway to a specific network. Some of those paths may be long -- ten, eleven, even more 'hops' as Joffe described them -- while others may be much more direct, taking fewer hops from one network to another.

"At any time, there are hundreds of different ways to get from Point A to Point B," Joffe said. "So if for some reason there's a disconnection of a nine-hop path, the traffic switches to a path using, for example, 11 hops."

But all that fails when a network refuses to announce to others that it exists.

The kill switch deployed by Egyptian ISPs took effect in a matter of minutes, and was the easiest way for the government to sever connections.

"Physically breaking the links is complicated," Joffe said. "There are thousands of such links. So the easiest way is to configure the routers to withdraw the BGP announcements. All it takes is just one entry in the router's configuration file."

Unlike DNS entries, which are cached and so take hours, sometimes days to propagate throughout the world's DNS servers, by discontinuing BGP routing announcements, Egyptian ISPs were able to quickly disconnect from the Internet.

"As soon as that happens, seconds in some cases, minutes usually, the whole Internet knows that there are no pathways to those ISPs," Toonk said.

"One or two minutes, and it's done," Joffe echoed.

Egypt's digital blockade, called an "Armageddon approach" by other network experts today, is the equivalent of isolating a castle under siege, Joffe added.

"They raised the digital drawbridge," Joffe said.

While other countries, including Iran and Myanmar, have tried to limit access to the rest of the Internet in the past, Egypt has set a new standard for suppression, Joffe said. "This is the first time when a large country, with tourism and freedom of movement has disconnected from the Internet."

"It's huge," Toonk agreed. "The size and amount of people in Egypt make this unprecedented."

If the Egyptian government, which has been rocked by protests of the autocratic rule of President Hosni Mubarak, decides to reconnect to the Internet, the process would be as swift as the earlier blocking, sToonk and Joffe said.

What's still unclear is how the severing of ties to the outside Internet has impacted access inside Egypt. "We don't have any visibility on that because we can't do a trace route," Joffe said.

"I would think that internal [Internet] communications would be severely damaged as well," Toonk said. "ISPs inside Egypt rely on outside services, such as DNS."

On Friday, Mubarak ordered the military into the streets and imposed a national curfew. The New York Times reported that demonstrators ignored the curfew order and had rushed the Egyptian Interior Ministry headquarters and tried to attack the U.S. Embassy.

Gregg Keizer covers Microsoft, security issues, Apple, Web browsers and general technology breaking news for Computerworld. Follow Gregg on Twitter at  @gkeizer or subscribe to Gregg's RSS feed . His e-mail address is gkeizer@computerworld.com.

From CIO: 8 Free Online Courses to Grow Your Tech Skills
Join the discussion
Be the first to comment on this article. Our Commenting Policies