Animated visualization of Pakistan’s YouTube hijacking

Monday, February 25th, 2008

Yesterday, Pakistan censored YouTube in such a way that YouTube became inaccessible to the greater Internet for a period of about two hours. It was a remarkable screw-up that necessitated mistakes being made on multiple levels.

The gist of the story is that Pakistan Telecom, a Pakistani telecommunications company, advertised a /24 route for YouTube in a botched attempt at censoring YouTube from within Pakistan at the request of Pakistani officials. Unfortunately, Pakistan Telecom’s upstream provider, PCCW, didn’t filter that route, and it superseded the less-specific /22 route YouTube already had with routers on most of the Internet. Within about two hours someone finally got through to PCCW and they disconnected Pakistan Telecom, making the bad route disappear. YouTube was thus accessible to the Internet once more.

Now you can see all of this insanity in a graphical fashion thanks to BGPlay, a graphical visualization of BGP routes in the form of a Java applet. Visit the site, click the “Start BGPlay” button, and type in as the prefix. Then set the date range to 23/2/2008 to 25/2/2008 (European date notation). Then hit OK.

Read the rest of this entry »

Pakistan brings down YouTube

Sunday, February 24th, 2008

Through network magic I know not much about, Pakistan has caused YouTube to be inaccessible from the majority of the world. It’s not just that they blocked access to YouTube from within their own country; they did it in a way that isn’t filtered by their upstream ISP, so it affects pretty much everyone else too. What happens now?

Well, this damage is going to be routed around pretty quickly, as Pakistan having the ability to knock off websites is an error that will shortly be corrected. I predict the fallout will be immense though. Censor sites and the world looks down upon you, but do it in a way that (temporarily) removes the rest of the world’s access, and you’re in another circle of hell.

Maybe Pakistan is about to find out what the true meaning of “Googlebomb” is.

Update 1: So after a little more edification, I think I have a better handle on what’s going on. First, read up on the AS7007 incident, because what’s going on now is essentially the same thing. The Border Gateway Protocol that the Internet uses to establish routes prioritizes specific routes over more general routes. A network in Pakistan set up a /24 route, which is about as specific as you can get (/25 and beyond are commonly filtered out), declaring that YouTube was located within their network. Since this was the most specific route, it propagated out across all the routers, and now most of the Internet thinks YouTube is located within that network in Pakistan. Of course, it’s not, and they’re simply dropping all of those packets as part of their censorship. There are two possibilities: a network admin in Pakistan messed up and accidentally implemented their censorship in a way that affected the whole world, or this was done maliciously. If the latter is the case, well, the Pakistanis may soon be discovering that they need the Internet more than the Internet needs them.

Update 2: As of around 16:00 EST, YouTube is back up and working. Either PCCW filtered the bad route or the Pakistanis stopped sending it. And do check out Greg’s comments below; he’s the networking expert.

Update 3 (Feb 25): Here’s the best technical synopsis of what happened to YouTube yet.

Update 4: This animated visualization provides the clearest view of the hijacking yet. Watch all of the routes divert to Pakistan Telecom within a matter of minutes, and then two hours later, revert just as quickly back to YouTube.

Update 5: Hey look, MSNBC has picked up the story! I wouldn’t have guessed that this would make mainstream media. Or that they would get the technical details right. But it looks like they talked to the knowledgeable folks at Renesys, who I linked to in Update 3.

Read the rest of this entry »