Arbor Networks’ Craig Labovitz digs into the debate over Chinese manipulation of Internet routing. His analysis is the best I have seen so far on this issue. He cites original source material and also explains why the real issue appears to be very different than what is being said by those selling fear — cyberwar books (maybe even mugs now).
Here is his report: China Hijacks 15% of Internet Traffic!
While traffic may have exhibited a modest increase to the Chinese Internet provider (AS23724), I’d estimate diverted never topped a handful of Gbps. And in an Internet quickly approaching 80-100Tbps, 1-3 Gbps of traffic is far from 15% (it is much closer to 0.015%).
In fairness, I should note that I don’t know how Mr. Alperovitch obtained his 15% number (the article does not say) and a hijack of 40k routes out of a default-free table of ~340K is not far from fifteen percent. But of course, routes are different from traffic. I also add that both China denied the hijack and many Internet researchers suspect the incident was likely accidental.
The comments below his blog entry support Craig’s analysis with further evidence, page 252 of the congressional report:
For about 18 minutes on April 8, 2010, China Telecom advertised erroneous network traffic routes that instructed U.S. and other foreign Internet traffic to travel through Chinese servers.* Other servers around the world quickly adopted these paths, routing all traffic to about 15 percent of the Internet’s destinations through servers located in China.
Source 116 is a briefing that Dmitri Alperovitch gave to the Commission Staff on Aug 25 2010. Your assessment of ‘15% of routes’ vs. ‘15% of volume traffic’ is correct, and it looks like Dmitri was misinterpreted.
I also should mention, to be fair, that other blogs have done a good job summarizing the situation and ending with a different conclusion. Renesys, for example, gives a look at how hard it is to prove a negative — prove that China did not look at traffic they could see. They end up suggesting the April 8th traffic flows could have been a demonstration of Chinese “muscle-flexing” to demonstrate “trivially exploitable” Internet infrastructure:
the stage is set for traffic redirection. When you need to send Internet traffic to the defender (for example, to send him email or read his website), it’s passed towards the “closest” organization that asserted ownership. A large fraction of all the defender’s inbound traffic is potentially redirected straight into the waiting arms of the attacker. And until they withdraw their BGP route assertion, or their neighbors start filtering it out, there’s no way to stop it. It’s that simple.
In fact, it’s so simple, that it happens every year to somebody through sheer accidental misconfiguration. It’s been happening like this, periodically, at varying levels of severity, for over a decade. Sometimes it happens to just a network or two, as in Pakistan’s global hijacking of Youtube. Sometimes it happens to tens of thousands of prefixes, as someone briefly asserts ownership of huge swaths of the Internet. Sometimes it’s China, and sometimes it’s Con-Ed. We’ve seen it happen so many times, to so many people, that when it happened again in April, we didn’t even feel like investing the time to blog about it. [Emphasis added]Ok, now we’re getting somewhere. So, did the April 8th event target the US Government?
No, almost certainly not.
Almost certainly might not good enough for some people. Here is the rub. Some say that China will do evil things period and they can not be trusted. Regardless of whether that is true or not there is no evidence in this instance that they did anything evil.