When we first got word last night that Egypt had shut off its Internet, most of the confirmation was coming from reporters in the country who no longer had access. I was hoping for something more definitive and graphic so I could see what it actually looks like when a country's whole Web goes dark. As I squinted helplessly at sites like The Internet Traffic Report, I was relieved to find the answer from the renesys blog.
The above graph was the first insight they offered. That line jumping shows the Egyptian sites that suddenly became unreachable. I'm not clear if these are specifically .eg sites or sites within some numerical IP range (and if you understand this better, please help me out in the comments **See updates at bottom.) but at least we can visibly see that what was on the Internet isn't there anymore, and it left in a hurry.
With their first update, they addressed what Rachel tweeted about a little while ago. The Egyptian Stock Exchange site actually had four IP addresses and only three were Egyptian. The fourth was based in Italy so they stayed online. (I don't know where I got this from. I'm wrong.)
More illustratively, renesys blog showed the minute-by-minute shut down of the Egyptian Web (below), revealing that rather than the kill-switch metaphor we'd been hearing about (and dreading), it appeared as though each Egyptian ISP shut itself off individually over the course of a few minutes.
Again, I appreciate any help you can offer in understanding this. For example, why is it that only 93% of the Egyptian internet became unavailable? What's up with that other 7%?
Developing explanations after the jump...
***That first graph is not of sites but of paths to the Egyptian internet. Part of the point of the "net" is that if one piece goes out, the information finds its way around through a different path. So that first chart shows how the number of paths to get into Egyptian cyberspace suddenly became unavailable. (Huge thanks to Michael Wise in the comments. See also Wikipedia on BGP.
***Still poking through answers on Rachel's tweet about the Egyptian Stock Exchange site staying up when everything else went down. The site did have four IPs, three of which were turned off. The fourth was from an ISP called Noor. Among the explanations for why Noor wasn't also shut down I find three credible ones: The first is that the Egyptian government kept it up on purpose for their own use and stability of the financial markets (even though there's apparently no trading on Fridays). The status of the corporations that make up Noor's client list may actually have more clout and priority than this particular government order. Thirdly, Noor's partners may explain why they stayed up.
***The Italian connection (which I'm sure I didn't make up but now can't figure out how I got it in my head) is that the path to access Noor is/was through the Palermo node in the Telecom Italia network called Seabone.
Leave a Comment:
Wow. How much internet did the Egyptians have to start with? 104%?!! Impressive...
yer killin' me...
ok fixed.
Here's a less technical question. Does anyone know where the graph on this page comes from? (other than "Twitter") http://globalvoicesonline.org/2011/01/28/egypt-netizens-rise-for-the-support-of-egyptians-on-their-day-of-rage/
I don't know where the data for the graph came from, but Internet traffic is something that can be monitored fairly easily. By telecoms and other Internet providers, at least. I've been looking for a way for non-industry people to get at the data but without much luck so far. One site that looked promising had no data for Africa at all. Nor Australia. Two whole continents, no data. Wow.
One page that's sort of generally useful but not all that useful is at Akami.com which only gives you color coded 'information' in real time and no history. Another page on the same site uses graphs by region and gives some history but still not all that useful. However, maybe there's some press contact at Akamai who can hook you up with some insidery techy person.
The "Prefixes" refer to BGP prefixes, which are "magic" numbers that tell routers how to move data from where they are ... out to the next best place closer to the destination. They are shared between routers thru the "Border Gateway Protocol", which you probably don't have time to research. Suffice it to say that every "important" (ie, "Gateway") router in the world shares information with its nearest neighbors about how best to get to any other place on the internet. And when a big piece of the 'net disappears, that change is reflected in the routing tables fairly quickly.
Aloha,
Michael.
Hugely helpful. Thanks very much.
The information in the graph comes from just about any gateway router on the internet. Finding someone who can get that information is trivial if you work in a medium to large ISP, otherwise ... difficult. And you REALLY need to know exactly what you are looking for, and I no longer have credentials on such a router. Sorry.
I know this sounds shallow of me, but I'd just been wondering if Twitter withdrawal was helping fuel the public anger.
It's not "withdraw" as much as it's loss of that right/freedom that others are allowed to have.
Ah, goodie. The "AS" references in the bottom graph are "Autonomos System" numbers. Those are what BGP uses to tell where something is. You go from IP address to an AS number, and route from there. Each AS number has a "preferred route" for traffic to pass thru in order for it to get where it needs to go. If the list of blocks of IP address ranges assigned to a particular AS drops to zero ... it means that the ISP has been told to pull the plug.
BTW, I am not the best person to explain this. If you don't have an EXPERT, drop me an email, and I can try to connect y'all with an expert from Akamai who *DOES* know this stuff inside and out.
That's ok, for the purposes of understanding generally what is shown in that graph that's great. I'm trying to read through the introductory Cisco materials now just to try to fill in some of the gaping hole in my own know-how.
I heard (I think) on Al Jazeera.net that an Italian Internet communications link was still up... there's your 7%. I guess Mubarack couldn't shut it down.
I deleted myself. I don't know what I'm talking about. :/
HuffPo cited The Guardian:
The shut down involved the withdrawal of more than 3,500 Border Gateway Protocol (BGP) routes by Egyptian ISPs, according to Renesys, a networking firm. Only one ISP out of 10, Noor Data Networks, appeared largely unaffected. It connects to the outside world via an undersea cable operated by Telecom Italia.
http://www.huffingtonpost.com/2011/01/28/internet-egypt-shut-off_n_815495.html
Dear Rachel,
I am an Egyptian-American, and I can assure you that Mubarak's speech tonight was taped, not live. He never made references to the curfew nor to the presence of the army. By the way, this is not the army. It is the republican guard (it's written on the tanks, actually). The army hasn't gotten involved yet. He did not make any references to today's events. I know how this government works, and I highly suspect that his speech was taped yesterday or much earlier than when it was aired. He also fired everyone in his cabinet but himself!! What's new??
Rachel: you can watch Al Jazeerah in English here: http://english.aljazeera.net/watch_now/
They are covering the events in Egypt non-stop, and it is all in English.
Thank you.
Rachel,
One final comment, and I appreciate your kind ears: this is not just about the Muslim world. It is the Arab world as a whole. I know many Christians in Egypt who went out and protested in Egypt side by side to their fellow Muslims. It is about Egypt, not just Muslims. As far as the Muslim brotherhood, the vast majority in Egypt does not want them in power. The vast majority is not conservative and they do want a moderate leader who will look after Egyptian interests, not US' or Israel's on Egyptians' accounts!
I am a HUGE HUGE HUGE fan of yours by the way. I would be honored if one of these days we could have a meaningful dialogue. I am a very proud American citizen and I am also extremely proud of being an Egyptian born, especially today when the people in Egypt have proven me wrong. For the longest time I had thought they were dead and there was no hope of any awakening. Today, I was gladly proven wrong. Thank you for everything you do. You are the absolute best. My email (should you wish to communicate) is: Ammora14221@mac.com
Cheers, and may God bless you.
--- An "Egyptian Peace Sign" ---
To Rachel & Team (and Anyone Else):
The following is what I posted at Mohamed ElBaradei's and other places -- it is exactly what it states that it is: a video gift from a former graphic designer and video-maker (me). I also have had a long affection for the Middle East since I had been there on both sides in 1968 right after the 6-Day War.
The video version began as the "Egyptian peace sign" still artwork which includes the Egyptian flag, the beginning of the U.N. Declaration of Human Rights and the universal peace sign this morning. By the evening, I made the video version.
Feel free to distribute, air, publish, share, etc. either or both, incl. explanatory notes if so deemed useful.
~ Philip Steven Knight
__________________
Posting left at Mr.Mohamed ElBaradei's Facebook page and elsewhere:
♣ VIDEO GIFT VERSION ♣ TO ALL IN EGYPT - Salah/Peace & Freedom ♣ Video version of small gift previously included in this thread. Facebook and YouTube versions available. FACEBOOK (http://www.facebook.com/video/video.php?v=174936845883296)AND AT YOUTUBE (http://www.youtube.com/watch?v=CxNMR2ZX6BE).
Both still image and video versions are free to share and distribute without permission request (I am the creator of both). A higher quality resolution version of the non-video artwork of the "Egyptian peace sign"with the beginnings of the U.N. Declaration of Human Rights in both Arabic and English is available for viewing and saving here: http://www.compassionsensuality.net/Other/SALAH.html
♣ Asalam Alkekum ♣
As I understand it, the 7% is to allow the banking industry to function.
BTW, think of an IP address as a mailing address. It's the address of the party you are attempting to reach on the Internet.
Think of a group of IP addresses as an area code or a zip code.
If I decide to shut off all traffic to Concord, NH I simply disallow any traffic to reach the zip codes 03301 and 03302. ti's a tad more complicated than this, but I think you get the general idea.
That's a great analogy for the ISPs.
And then the way I'm understanding the BGP chart it's like asking how many ways there are to get to Concord and removing each one.
I believe that if only the routers using BGP servicing Concord quit advertising their routes, no traffic would reach it.
One possible explanation, apart from the Italian telecom link, for those 7% of sites still up is foreign colocation with failover capability. A large (or paranoid) enough entity could pay a foreign
colo and/or CDN company (like Akami or others) to host mirrors of their site (even webapps) stored in server farms anywhere around the world and configured to react to BGP signals of outages by registering themselves as primary DNS results (instead of the "dead" results) when
users type the address for the site into their browser. With the increase in the use of distributed CDN networks by many companies, this kind of setup becomes increasingly easier & more available...to those who can afford it.
Disclaimer: I'm not a routing expert by any means, but I do have some facility with the basics of routing protocols and try to keep up with networking advances.
Wow. That came out way more technical than I intended. CDN = Content Delivery Network. Facebook and Microsoft have them, and they're designed to look at BGP (those "zip codes") information, which includes "how long it takes via this 'post office' (router) to get from here to there". If the CDN notices that it could serve the data (deliver the message) faster via a different post office by using one of its other servers, it will.
What I'm guessing happened is that these content networks, upon noticing that all "deliveries" through Egypts "post offices" would take an infinite amount of time (because the post offices were closed), altered their configuration to answer more and more requests for those Egyptian sites.
This would keep some sites that are "located" in Egypt online, even if the routers were refusing connections. However, as I indicated, it would have to have been setup specifically to do this, so a larger or more paranoid entity would be more likely to do this.
Here's the bigger question: What is the impact of Egypt's actions to shut down the Internet on the National Security goal (since the Bush years, I believe it may have started circulating).? Wired Threat Level has been all over this, and here's a recent update on the beat:
http://www.wired.com/threatlevel/2011/01/kill-switch-legislation/
When you find time, you might like to explore the graphics at the Internet Storm Center http://isc.sans.edu/reports.html
This place tracks troublemakers (e.g. hackers) on the Internet, puts it in like a Weather Map ... where do we have a lot of trouble?
They get a lot of their info from people who volunteer to share their Firewall Logs. If you ever look at your firewall log, there are probably automated hacker probes hitting you ever micro-second from all over the Internet world, where THEIR IP address is identified. You can download software which will send your logs to the Internet Storm Center to be combined with thousands of other people logs.
While this institution is different purpose than your current voyage of Internet technical exploration, I think there is useful insight you can gain here to put lots into a good perspective.
Another source of great education in Internet matters is KNUJON. You might start out by studying their report on Registrars. http://www.knujon.com/registrars/
Registrars are the places which register the places that operate domains.
msnbc.msn.com is a domain
knujon.com is a domain
gmail.com is a domain
Some of these registrars are owned and operated by criminal enterprises, which do things to help criminals on the internet function without getting caught by law enforcement, make it difficult to address phishing, spam etc. effectively.
We can forward our spam (with e-mail headers) to Knujon, which combines the spam from thousands of volunteers to identify not only who the spammers are, so they can individually get relocated to the slammer, but the domains and registrars which are most crook-friendly in how they provide services to help the crooks do their thing and elude law enforcement.
Their report on registrars is extremely educational on explaining how the world of Internet crooks functions, and how supposedly legitimate companies are enabling the crookedness.
Knujon does not take the position that the registrars, which are supporting crooked activity, are themselves crooks. There are many alternative theories and speculations.
They could be incompetent. They might not budget enough money to have enough people to do a responsible job. They may be ignorant.
Knujon tells these registrars what they need to do to clean up their act. Some cooperate. Some ignore them.
The reports, at the link I gave, identify which outfits cooperate, and which make it difficult for anyone to get them to put a stop to the criminal activity which their business practices have enabled.
http://www.knujon.com/registrars/
Thanks Alister, these are on my list for weekend reading.