Will Iran Follow Sudan in Leaving the Internet?

September 26, 2013 Jim Cowie


As Iranian President Hasan Rouhani addressed the United Nations for the first time this week, people all over the world took to the Internet to hear and discuss his message, many for the first time. They saw a statesman exercising what Ayatollah Khamenei has called “heroic flexibility” — the will to consider all possibilities for escaping the sanctions bubble that don’t compromise Iran’s core values.

Within Iran, unfortunately, few have the Internet bandwidth to stream President Rouhani’s appearance, or the opportunity to discuss his message on Twitter and Facebook, unless they use illegal proxies to circumvent government-imposed restrictions. Alone among the world’s significant Internet economies, Iran remains committed to a public course that could actually disconnect the country from the Internet altogether as soon as it’s technically feasible. Countries like Egypt and Sudan disconnect the Internet as a last-ditch side effect of the implosion of state power; Iran has worked for three years toward disconnection, framing it as a key element of public policy.

Might it be time for some heroic flexibility in Iran’s Internet strategy? When sanctions end (and they will end), Iran will need its Internet connectivity intact, if only to restart its economic engine. The Internet will serve as a source of global employment for Iran’s highly educated technical workforce, as a competitive necessity for its traders and businessmen as they reenter the global marketplace, and as a two-way link to the cultural and financial resources of the global Persian diaspora. These will be the drivers of growth for the Iranian economy for the next 20 years, as (among all the others in the region) Iran competes for development money and economic diversification opportunities post-peak-oil.

Getting There from Here

Given the state of Iran’s Internet in 2013, a good outcome seems increasingly unlikely. Iran’s regulatory status quo enriches a few state-approved gatekeepers, while strangling the broader Internet industry: a powerful constraint to future growth. Worse, it denies Iran the regional and global influence it deserves by virtue of its central geographic location, and its role as an east-west and north-south connector for the Internet’s fiberoptic resources.

How could this picture be improved? Based on what we’ve learned about the evolution of national Internet ecosystems in the last few years, here are a few personal observations.

Simply “Unblocking” the Internet Isn’t Enough

Despite some official ambivalence toward Rouhani’s “heroic flexibility,” the relaxation of state censorship would be a highly visible and welcome first step. It would be easy to implement, no more than a few phone calls and the flipping of a switch. We may have seen the first test of this idea last week, as Facebook and Twitter briefly became available, and were taken away again.

Unfortunately (and here I risk disappointing friends inside Iran and in the expat community), focusing on censorship and debating the political and legal boundaries of appropriate state action does little to address the underlying structural challenges of Iran’s Internet industry. If anything, it encourages activists to expend their energies on the symptom — the use of legally valid censorship and throttling as a political tool — rather than considering the underlying mechanisms that created an Internet industry that can be shut down by order of a few people in the first place.

So let’s set this option aside for the moment and look deeper.

Iran Should Keep Building The “National Internet” .. Without Disconnecting

Iran has been moving closer to Internet autarky for a few years, building toward the concept of a self-sufficient national Internet of its own. This wasn’t just political rhetoric. Actual, sustained engineering effort has been applied throughout the country, at great cost, to prepare the technical infrastructure for such a cutover. Service providers have prepared their content servers to respond to two completely different sets of Internet addresses: one public, one private (drawn from the familiar RFC1918 space known as “ten dot” because all the addresses are of the form 10.x.x.x). If the switch were ever thrown, Iranian consumers would receive a “ten dot” address for their home computer, and they would connect to Iranian websites at their “ten dot” addresses. The rest of the Internet’s address space could simply cease to exist for Iranians — if it were not routed domestically at all.

Country Pop(M) Routed Networks Domestic ASNs ASNs with Int’l Connections “Risk of Disconnection” Actual Disconnections
Iran 76 2875 269 2 Significant planned for 2014?
Egypt 81 2810 54 9 Significant Jan ’11
Sudan 37 2100 8 5 Significant Sep ’13
Syria 22 95 2 1 Severe June ’11 et seq
Myanmar 53 58 5 1 Severe Sep ’07, Sep ’13

Sound crazy? It was a purely political goal, transformed into legal requirements that smart engineers dutifully found a solution to. But it hasn’t happened yet — and the ironic truth is that until the killswitch is thrown, Iran’s Internet industry is actually better off for all the investment and attention. To see why, consider a key metric: the number of autonomous systems in the Iranian domestic routing table.

Autonomous systems are, as you might guess, organizations whose Internet connectivity is portable across providers, designed to be independent of any particular gateway to the Internet. Autonomous systems have border routes that speak BGP to other autonomous systems, and this lets them be first class citizens on the Internet. If they don’t like their path to the Internet, they can go speak BGP with someone else, and change the paths without interrupting service.

In recent years, Iran has added autonomous systems at a furious rate, far outstripping the growth of other countries in the Gulf region. In each of the past two years, Iran has created as many new autonomous systems as existed in all of Egypt. As of today, there are 269 domestic organizations speaking BGP in Iran (banks, schools, ISPs, private companies, government offices): more than in Saudi Arabia, Bahrain, the UAE, Oman, Qatar, Yemen, Kuwait, and Egypt — combined. Where did the energy and investment come from, to prepare all these entities for first-class citizenship on the Internet?

If we look at the creation of new Iranian autonomous systems over time (not simply registration, but their appearance in the routing table as functioning entities), we see peaks in certain months. Those months seem to correspond to announcements by the Iranian leadership that the National Internet was “coming soon.” One plausible hypothesis is that engineers are playing catch-up with the political leadership, scrambling to get new addressing in place. If the National Internet requires BGP for internal routing of all those ten-dot addresses, which seems likely, then the robust growth we see may be an ironic byproduct of Iran’s drive toward the National Internet strategy. Structurally, it has the potential to give Iran a real competitive advantage on the real Internet.

In Case Of Disaster, Route Through Iran

We’ve written about the EPEG cable system several times this year, from the first signs of life to the official announcement last month in Singapore. EPEG is now the Internet’s fastest path between the Gulf and Europe, shaving at least ten percent off the best submarine cable round trip time from Dubai to Frankfurt. It follows the terrestrial great circle path through Iran, Azerbaijan, Russia, Ukraine, and Germany. It’s anchored by Omantel (at the southern terminus) and Vodafone (at the northern terminus), and those are the carriers you buy service from. Rostelecom, Azeri Delta Telecom, and Iran’s DCI are the silent providers in the middle who profit from the arrangement.
EPEG’s greatest selling point this year isn’t the 10% latency reduction; it’s simply that it doesn’t go through Egypt. Egypt now represents a global Internet disaster waiting to happen, where most major east-west submarine cables crawl out of the water and cross the restive Sinai Peninsula, between the Med and the Red Sea. Should both the northern and southern terrestrial legs of cables like SMW3, SMW4, and IMEWE go out at once, the world could lose most of the Internet connectivity between Europe and Asia in a heartbeat.

ثاني؟ ♻ @MadaMasr: Phones and Internet shut down in North Sinai http://t.co/BmJeBMjidQ

— Alaa Abd El Fattah (@alaa) September 24, 2013


In 2013 we’ve seen providers ranging from Pakistan, to Bahrain, to Kenya, making use of EPEG bandwidth during previous Egyptian cable outages. In other words, Iran is sitting astride one of the most important Internet traffic corridors in the world, just by virtue of its geographic position and its EPEG consortium membership. If Iran’s Internet were open for business, and if the sanctions went away, Iran could rapidly become a regional hub for Internet connectivity. TehranIX, anyone?

Iran’s national incumbent, DCI/TCI, represents a significant single point of failure (or disconnection) for all sectors of the Iranian economy.

Within Iran, DCI stands as the lone provider at the border, the gatekeeper for international Internet service, keeping EPEG connectivity (and the associated hard currency revenue) for itself.

Regardless of the internal diversity of the national Internet, vulnerabilities to disconnection and single-point failure tend to appear at the border. When an Internet economy like Iran has a very limited number of companies that are allowed to make direct connections with international carriers, fragility is the result, and disconnections follow. This lack of diversity classically afflicts small islands in the middle of the ocean, although it has bitten economies as diverse as Lebanon and Uruguay. But Iran is one of the classic examples of a dominant incumbent establishing an uncontested Internet bottleneck. Iran’s economy can probably support ten or twenty times as many international commercial Internet relationships as it actually has.

This creates significant vulnerabilities for the economy that are hard to measure until a failure occurs. For example, this graphic shows today’s connectivity for a cross-section of Iranian banks. You can see that one provider, DCI/TIC (here, autonomous system 12880) mediates nearly all of the traffic bound for Iranian markets, whether that traffic enters the country from the UAE (Reliance/FLAG, TeliaSonera, Telecom Italia), from Oman (Omantel), or across the Azeri border to the north (via Russian providers Rostelecom and Transtelecom). All that traffic squeezes through a handful of core routers. (Click for details.) DCI (AS12880) mediates the Iranian banking industry's Internet connectivity.

Who profits from keeping international connectivity in general, and EPEG connectivity in particular, so closely held within Iran’s domestic Internet economy?

Iran has spent a decade working on privatizing state industries, but the results have fallen short of a “free market”, particularly in telecoms. In 2009, the Mobin Trust Consortium (a company affiliated with the Revolutionary Guard) purchased a majority stake in the incumbent (including TCI, DCI, and mobile provider Hamrah-e-Avval). Since then, we’ve seen no moves toward the kind of telecommunications sector liberalization and Internet diversification that have taken place elsewhere in the world. If a domestic customer wants international service on EPEG within Iran, they effectively get it from Mobin.

What can the Iranian government do to secure the future growth and survival of the Iranian Internet? They could start by returning some significant control over the “import-export” of Internet data to the bazaar — to the industry of ISPs and content providers who make their living via the Internet. For example, they might decide to allow second-tier Iranian ISPs to purchase capacity on EPEG directly, and connect their BGP sessions directly to peers at the Internet Exchange in Frankfurt. This needn’t impact the government’s oversight of content, since all of the domestic providers are well-familiar with the technical requirements. But it would increase the diversity of Iran’s Internet connectivity at the frontier, and reduce the likelihood of national disconnection, through equipment failure or at the direction of special interests.

The Internet is too vital for the economic future of any nation to be left in the hands of special interests. There are probably 20 Iranian ISPs that would immediately purchase (perhaps subsidized) EPEG capacity to Frankfurt, if given the chance. Spreading the responsibility for the health of the national Internet over a larger, more diverse bazaar of service providers with international connectivity would go a long way toward safeguarding the industry’s long-term growth, and with it, Iran’s.

The post Will Iran Follow Sudan in Leaving the Internet? appeared first on Dyn Research.


About the Author

Jim Cowie

Jim Cowie is the Chief Scientist at Dyn. Previously, Jim was the founder and CTO of Renesys, the Internet Intelligence Authority, which Dyn acquired in 2014.

Follow on Twitter More Content by Jim Cowie
Previous Article
Why Internet Paths Matter:  Performance
Why Internet Paths Matter: Performance

Remember the Information Superhighway? It’s what some folks used to call the...

Next Article
Internet Blackout in Sudan
Internet Blackout in Sudan

Update (8:01 ET, 26 Sep): A few hours ago, we observed a total Internet...