• November 21, 2019

Blackout in Iran and How It Went Down

Doug Madory
Director of Internet Analysis

As Iran’s internet blackout stretches into its sixth day, we decided to follow-up our initial blog post and look at additional aspects of what we’ve classified as the largest Iranian blackout ever. Below we analyze some of the varied timing of outages by various Iranian networks.

As mentioned in the previous post, one of the defining characteristics of the topology of the Iranian internet is that state telecom TIC and research institute IPM serve as chokepoints between a walled-garden of domestic networks and the greater global internet. This centralization of international bandwidth enables an Egypt-style internet kill switch, but this is not what we have observed during the last 5+ days in Iran.

Much but not all of the Iranian internet went down simultaneously; different parts went down at different times. This is well illustrated by a graphic tweeted out by hosting provider Cloudflare. As we detail below, Iran’s internet blackout was implemented in a piecemeal fashion, starting with mobile carrier networks, and moving on to different fixed line networks.

Mobile carriers down at 14:30 UTC, 16-Nov

At around 14:30 UTC (6pm local), three of Iran’s major mobile carriers (Iran Cell, MCI, and Rightel) withdrew nearly all of the routes they normally transit from the routing table. By withdrawing their routes, they rendered themselves disconnected from the internet.

A screenshot of a cell phoneDescription automatically generated

Overall Connectivity Falling Around 16:45 UTC, 16-Nov

We run over a billion traceroutes per day out to the internet and at 16:45 UTC (10:15pm local) a large portion of the Iranian hosts we measure against stopped responding as was visible in our publicly available Internet Intel Map. About 75% of the traceroute targets throughout the country stopped responding with a few minutes (top of panel, below) and soon after about one third of the country’s BGP routes were withdrawn from the state telecom provider TIC (bottom of panel, below).

A screenshot of a cell phoneDescription automatically generated

IPM down at 07:00 UTC (10:30am local), 17 November

Before the Iranian state telecom got into the internet business, Iran’s original connection to the internet was through the Iranian research institute IPM (AS6736), more on this background can be found in Cyrus Farivar’s 2011 book Internet of Elsewhere. IPM remains one of Iran’s two international internet gateways.

From a BGP routing standpoint, AS6736 appeared nearly unchanged since the beginning of the blackout continuing to transit a little more than 200 BGP routes to AS39533, an upstream provider. However, as reported by our Internet Intel Map, our traceroutes traversing AS6736 began failing just after 07:00 UTC (10:30am local) the day after the blackout began. (Note: because there are no traceroute hops to associate with AS39533, the graphic essentially displays the upstream providers and peers of AS39533)

A picture containing screenshotDescription automatically generated

A Glimmer of Hope?

As of this morning, we observed an uptick in the traceroute completion rate at around 9:15 UTC (12:45pm local).

A screenshot of a cell phoneDescription automatically generated

IPM appears to be one of the networks again passing traffic (as seen below).

A screenshot of a cell phoneDescription automatically generated

We hope that these observations signal the beginning of the end of this multi-day internet blackout in Iran.

Be the first to comment

Comments ( 0 )
Please enter your name.Please provide a valid email address.Please enter a comment.CAPTCHA challenge response provided was incorrect. Please try again.Captcha