Anatomy of an Internet blackout

The shutdown of Egypt's ties to the rest of the global Internet was not announced by the government -- instead, 3,500 Internet routes suddenly vanished, with more continuing to wink out, leaving network operators in North America to wonder what exactly had happened and what the ripple effects might be.

The first report that Internet connectivity to and within Egypt was disabled came at 5:28 p.m. Eastern Standard Time on Thursday, Jan. 27, on the North American Network Operators Group e-mail reflector:

"I'm hearing reports of (in declining order of confirmability):

1) Internet connectivity loss on major (broadband) ISPs

2) No SMS

3) Intermittent connectivity with smaller (dialup?) ISPs

4) No mobile service in major cities -- Cairo, Alexandria."

This and other operators on the NANOG list are looking for any credible information on how to ensure the Internet outage in Egypt does not disrupt their business in other regions.

"The working assumption here is that the Egyptian government has made the decision to shut down all external, and perhaps internal electronic communication as a reaction to the ongoing protests in that country," the operator wrote on the NANOG e-mail reflector. "If anyone can provide more details as to what they're seeing, the extent, plus times and dates, it would be very useful. In moments like this there are often many unconfirmed rumors: I'm seeking concrete reliable confirmation which I can pass onto ... those working to bring some communications back up."

Egypt yesterday cut connectivity to the Internet amid widespread political protests throughout the country. Mobile operators were also ordered to cut service. Citizens were relying on satellite communications and Twitter feeds to communicate within and outside of Egypt.

Here in North America, one operator noticed yesterday evening, Eastern time, that most of the Autonomous Systems operating in Egypt were not announcing any, or most, prefixes -- except for AS20928, which belongs to Noor Data Networks, the provider used by the Egyptian Stock Exchange.

At 5:34 p.m. EST, another operator noted that Renesys observed the virtually simultaneous withdrawal of all routes to Egyptian networks in the Internet's global routing table. Approximately 3,500 individual BGP routes were withdrawn, according to the operator's posting on the NANOG reflector, "leaving no valid paths by which the rest of the world could continue to exchange Internet traffic with Egypt's service providers."

At first, it was unclear whether the root of the problem was physical or not:

"I guess this begs the question of whether or not we're seeing actual Layer 1 (transmission) going down or just the effects of mass BGP withdrawals," the operator posits. "Are we seeing lights out on fibre links or just peering sessions going down? Both could still point to a coordinated intentional blackout by the Egyptian gov't though."

Another operator responds that if it were a cable or fiber cut, it would affect more connectivity than just Egypt.

"I don't think it takes a leap of imagination to understand what has happened here," the operator states in the e-mail reflector. "Traffic drops to a handful of megabits following the withdrawal of most Egyptian ISP BGP routes."

Another noted that the U.S. Embassy Web site in Cairo is also unreachable, as well as the main Egyptian government portal.

"I think the earlier references to the BGPmon blog article is sufficient to illustrate a coordinated effort in 'blacking out' connectivity," the operator states.

As of this posting, there is no improvement in the Internet connectivity situation in Egypt -- in fact it may be worse, says Andree Toonk, the author of the BGPmon blog.

"It seems that even more networks in Egypt have fallen off the Net," Toonk says. "Before all this there were 2,903 network routed to Egypt. Shortly after the government ordered the shutdown, there were still 327 network reachable (88% drop). Right now there are only 239 networks reachable."

Toonk says the Noor network is still fully operational while others in Egypt have been significantly curtailed.

"ETISALAT-MISR, one the main providers, normally routes 676 networks. Today there are only 50 left," Toonk says. "So you start the wonder if there's anything special about these 50 networks ... Could be military, or something ..."

It's becoming more and more apparent that Egypt can selectively "shut off" Internet communications within its borders during time of political upheaval -- or whenever the government deems it necessary.

A bill was introduced in Congress two years ago proposing the same thing here in the event of a cyberattack on the U.S. 

Operators are doubtful that such a bill could pass into law, and if it did, could be used to shut down Internet communications in the U.S. during times of political protest.

"For better or worse, companies will comply with lawful requests," says Jared Mauch, senior IP engineer at NTT America. "In the event of U.S. civil unrest, I think it would be much harder than in other regimes to exert this type of control, and would cause a much broader global impact to economic activity. The same would happen with any pan-European 'blackout.'

"For the economic reasons alone, I rate the chances of 'kill-switch' a zero," Mauch says. "It makes for great reporting about power, but the practicality is zero."

Read more about lan and wan in Network World's LAN & WAN section.

This story, "Anatomy of an Internet blackout" was originally published by Network World.

Copyright © 2011 IDG Communications, Inc.

7 inconvenient truths about the hybrid work trend
Shop Tech Products at Amazon