[Chapter-delegates] Lybian Internet Outage

Fred Baker fred at cisco.com
Tue Feb 22 18:24:22 PST 2011 

On Feb 22, 2011, at 4:36 PM, Narelle wrote:

> On Wed, Feb 23, 2011 at 8:49 AM, Fred Baker <fred at cisco.com> wrote:
> 
>>> On 18 February 2011, during the 2011 Libyan protests, Libya appeared to have withdrawn all of its BGP prefix announcements from the Internet for a short period, cutting it off from the rest of the global Internet. The prefix were re-advertised six hours later.[1]
>> 
>> Reports on nanog indicate that traffic between Libya and the outside world is sharply curtailed but not "out".
> 
> So does it look like people inside the ISPs (as it did in Egypt) are
> being told to turn it off?
> 
> Do you think they are just turning off BGP? Then turning it back on
> again arbitrarily (eg because someone's son needs to check their
> financial portfolio)?

I have no direct data. Craig's charts (http://www.monkey.org/~labovit/blog/) report an overall 60-80% traffic reduction impacting all Internet applications, especially hitting web and AIM data. One possible theory might be that a class of users (people using certain COs or routers for example) is affected; another is that specific web 2.0 applications (facebook, youtube, etc) are affected. Media reports indicate censorship; one could imagine them looking for encrypted or obfuscated traffic (https, IPsec, SSH, tunnels of various kinds, etc) and keywords in unencrypted traffic resulting in a TCP RST or simple drop.

My guess is that the government-owned ISPs have the gateways to the great wide world, and are being told to do make the Internet not be an issue. On the 18th they shut it down completely, per Renesys, and brought it back up on the 19th. There have been "Internet Curfews" most nights since. Referring to a chart in the blog, today it says

> You can see a few things here. The median time it takes to reach Libyan hosts from all over the world has remained pretty constant, roughly 200ms. Fewer traceroutes are succeeding, suggesting that reachability is impaired, even though the routes are up. The distribution of times has remained relatively stable, without large outliers, perhaps suggesting that the reported reductions in traffic to/from Libya are the result of internal shutdowns, rather than heavy congestion on the international links. Finally, you can see successful traceroute counts drop to zero during the outages.

Your guess is at least as good as mine. But it does look like some amount of routing to /dev/null in some form.



> 
> best regards
> 
> 
> 
> --
> 
> 
> Narelle
> narellec at gmail.com

More information about the Chapter-delegates mailing list