A Brief History of Notable Internet Disruptions
By stretch | Thursday, March 17, 2011 at 1:30 a.m. UTC
While pondering the implications of the government-initiated Internet outages in Egypt and Libya over the last few months, I decided to do a bit of digging on past Internet disruptions. This article summarizes what I found. Interestingly, the frequency of these events seems to suggest an interval of roughly two years (excluding the politically motivated outages). I also worry that with Egypt and Libya apparently having set the precedent of severing Internet access in the face of revolution, other countries in the region and around the world might respond the same way in the future.
Below my own summary of each incident I've included references for anyone interested in learning more.
December 2004: TTnet
Turkish ISP TTnet (AS 9121) mistakenly begins advertising over 100,000 routes for other networks with itself as the destination. A misconfigured peering with an upstream AS allows these advertisements to be propagated throughout the global Internet, affecting just about everyone. Various portions of the Internet become unavailable for different organizations around the world for several hours.
January 2006: Con Edison
Con Edison Communications, since acquired by RCN, begins originating routes for a number of prefixes which are not its own. Some belong to its customers, while others are entirely unaffiliated. The invalid advertisements persist for several hours.
February 2008: Pakistan Telecom and YouTube
Pakistan Telecom (AS 17557) begins announcing part of YouTube's address space. This was intended to be done internally as part of an effort to block access to YouTube from within Pakistan, but was propagated to the global Internet as well. Because the prefix advertised by Pakistan is more specific than the legitimate YouTube route, it is preferred by all autonomous systems which received it. Throughout much of the world, traffic destined for YouTube is routed toward Pakistan, where it is discarded.
YouTube responds first by advertising its own /24 route for the affected prefix, equivalent to the route announced by Pakistan Telecom, and then by splitting the route into two /25 prefixes. It is not until PCCW Global (AS 3491), Pakistan Telecom's upstream provider, withdraws all routes originating from AS 17557 that normal connectivity to YouTube from the rest of the world is restored.
April 2010: China Telecom
AS 23724, which belongs to China Telecom, begins announcing around 37,000 routes from the global table. The event is widely reported as having lasted no more than 18 minutes. However, concern regarding the event is raised that November in a report generated by the US-China Economic and Security Review Commission. Although technical analysis of the event revealed that it was unlikely an intentional attack on US interests, the theory was of course exaggerated by media coverage. That said, the Chinese government has adamantly denied that the incident occured.
January 2011: Revolution in Egypt
In response to civilian uprising and wide-spread protest, the Egyptian government moves to block in-country access to several prominent social network sites. Days later, virtually all Internet access from within the country is severed. This is believed to be the first ever example of an entire country intentionally isolating itself from the global Internet. The outage lasted from January 27th to February 2nd.
February 2011: Revolution in Libya
Spurred by uprising in neighboring Egypt, protests break out in Libya. In a manner similar to Egypt, the Libyan government responds by severing Internet access. Although the initial outage lasted for only a few hours, the coming weeks would see repeated interruptions to Libyan Internet access.
About the Author
Jeremy Stretch is a network engineer living in the Raleigh-Durham, North Carolina area. He is known for his blog and cheat sheets here at Packet Life. You can reach him by email or follow him on Twitter.
Posted in Random
March 17, 2011 at 4:06 a.m. UTC
Nice article. I'm always fascinated by the technical details of large scale Internet outages.
March 17, 2011 at 7:36 a.m. UTC
Dude, you've done a good job, well done !!
March 17, 2011 at 10:14 a.m. UTC
March 17, 2011 at 2:19 p.m. UTC
Nothing before 2004? That's hard to believe...
March 17, 2011 at 6:33 p.m. UTC
@apt mgmt: October 27, 1980.
On October 27, 1980, there was an unusual occurrence on the ARPANET. For a period of several hours, the network appeared to be unusable, due to what was later diagnosed as a high priority software process running out of control. Network-wide disturbances are extremely unusual in the ARPANET (none has occurred in several years), and as a result, many people have expressed interest in learning more about the etiology of this particular incident.
March 17, 2011 at 6:44 p.m. UTC
If we're talking about "disruptions", I guess the undersea cable cuts can also be added:
March 18, 2011 at 6:02 p.m. UTC
very funny article Stretch! the war between youtube and pakistan telecom made me lol :D
March 21, 2011 at 8:56 a.m. UTC
March 21, 2011 at 1:43 p.m. UTC
October 21, 2002: Massive DDoS attack which took down 9 out of 13 root servers!
March 21, 2011 at 3:45 p.m. UTC
@Eno: While the DDoS on the DNS root servers was noticeable, it didn't actually result in widespread disruption (a testament to the resiliency of the DNS).
March 21, 2011 at 7:36 p.m. UTC
On 27 August 2010, the RIPE NCC's Routing Information Service (RIS) was involved in an experiment using optional attributes in the Border Gateway Protocol (BGP). As a result of this experiment, a small, but significant percentage of global Internet traffic was disrupted for a period of about 30 minutes.
March 27, 2011 at 9:47 a.m. UTC
What about iran?
May 14, 2011 at 1:51 p.m. UTC
Another example of government shutting down completely or partially internet access.
April 7: Moldtelecom (ASS8926) Moldova, Eastern Europe. In time of disorders and street protests over the political issues, national ISP has blocked access to social networks web sites (surprisingly, Twitter, wasn't affected), and for a short time internet and mobile access in the center of the capital.
August 1, 2011 at 8:20 a.m. UTC
Several countries are disrupting their Internet connection for different reasons. Though, no one can stop the use of internet nowadays for it has been a part of our everyday living. And mean it or not, social media has not only been used as a mean for communication and recreation but it has also been used in business. And if you're a young person who thought you can pull through your career while avoiding LinkedIn entirely, think again. LinkedIn's “Apply with LinkedIn” button will modify the playing field totally, according to experts. Corporations and large-scale job boards are currently using it, and there's plenty of room for expansion. Here is the proof: Apply with LinkedIn aligns stars around job networking service.
April 5, 2012 at 10:40 p.m. UTC
Internet traffic was "accidentally" routed through China. Securing the major DNS servers on the 'net is on the way, slowly. In the mean time, if you want privacy, secure your email with PGP and use https protocol everywhere. Laughable as it might sound, even Facebook now offers https sessions. I've used https on Gmail for years but only recently did https become the default connection Gmail offers. I know, the idea of using https with Gmail is about as ludicrous as locking yourself and a wolf, a shark and a injury lawyer up in a bank vault with you for your security.
April 24, 2013 at 4:58 p.m. UTC
I can remember a major Internet outage caused by a former employee (!) of a former employer due to an inexcusable BGP misconfig, sometime during the 90s...
I've always tried to envision the exact shade of white the face of the implementor turned at the moment they realized "Oh no! OH NO!!! I just brought down THE Internet!"
Never fun to be the cause of an outage of any sort, at any level, for any reason, but most of us have been there at least once in our careers.