Welcome!

Security Authors: Elizabeth White, Raja Patel, Liz McMillan, Yeshim Deniz, John Barco

Related Topics: Security, Java, SOA & WOA, AJAX & REA, Cloud Expo, Big Data Journal

Security: Article

Major Internet Outage in China

For whatever reason at around 3 pm (China time) 2/3 of any domain requests in China were routed to one single IP address

Yesterday one of the biggest outages in history, if not the biggest outage, happened to the Internet in China.

Primarily and directly affected by that outage were most of the people living in China and browsing the Internet in China. Secondary, all companies doing online business in China were affected.

The reasons for the outage are discussed below but I would like to focus on what has happened and what this means for all of us - including Compuware - with our Web presence in China.

For whatever reason at around 3 pm (China time) 2/3 of any domain requests in China were routed to one single IP address.

That single datacenter of course went down immediately by the loads of requests hammering it within milliseconds. At that very moment the Internet in China went down - with a few exceptions (VPN users and those who had the DNS cached within their client).

The outage lasted for north of 8 hours, during the core business time in China.

Interestingly enough, not all domains were affected. Mainly those ending with .com and .net didn't make it. Others with the ending com.cn were "only" partly offline but still had problems. Adobe was technically not reachable. Nokia.com was available in parts of China but part of its content was directed to the suspect IP.

If one domain was reachable because the users browser still had the domain/IP relation in mind other issues appeared.

I mentioned Nokia.com just a second ago. Nokia.com itself was available but the page was kind of broken and loading very slow. The reason was the domain r.nokia.com was falsely directed to the one and only IP everything got directed to.

Figure 1: HTML of Nokia.com was loaded but no css and js. That made the page unusable.

You can see how everything got routed to the one IP address - six connections by only one single host name. Imagine how many requests hammered on that server when you know there are hundreds of millions of Chinese users opening a webpage that has 21 different host names included (average number of hosts included in a webpage - source HTTParchive.com). This incident can be considered the biggest DDoS attack in history.

Now with that said - what else has been damaged?

Read the entire blog post here for a deeper analysis and more details regarding the scope and impact of this major "Internet earthquake.".

Summary
Nearly every Chinese Internet user was affected by the outage. Nearly every company doing online business in China was affected by this outage. Click here to view more analysis.

It is interesting how sensitive the Internet is, reacting to a tiny DNS accident, how long it took to recover - and most important - how quiet everything was outside of China. The web was nearly not available to one of the strongest and fastest-growing economies for one business day.

More Stories By Heiko Specht

Heiko Specht is a technology expert at the Compuware APM Center of Excellence. His focus is on APM as a Service in the EMEA markets. Heiko has experience in all areas of Web Performance and Application Monitoring and special expertise in APIs, data interpretion, agile developement, webservices, XML, XSL, php, asp, XHTML, CSS, Enterprise infrastructure, Server architecture, Server sizing, interface description, flexible, performance management, monitoring key business processes and business impact analysis.

Comments (0)

Share your thoughts on this story.

Add your comment
You must be signed in to add a comment. Sign-in | Register

In accordance with our Comment Policy, we encourage comments that are on topic, relevant and to-the-point. We will remove comments that include profanity, personal attacks, racial slurs, threats of violence, or other inappropriate material that violates our Terms and Conditions, and will block users who make repeated violations. We ask all readers to expect diversity of opinion and to treat one another with dignity and respect.