March 23, 2011, 1:20 PM — Are you a user of China's state-owned China Telecom Chinanet network?
For a short time yesterday, it appeared that Facebook traffic might be written on the Great Wall, not just users' individual ones.
For about 30 minutes Tuesday morning, when customers of AT&T's Internet services browsed Facebook, that traffic went not by the most direct route, but through servers in China and South Korea, according to independent security researcher Barrett Lyon.
Normally AT&T would have handed off packets representing content requests, session IDs and other data – most of which travels unencrypted to and from Facebook – to Level3 Communications, which would hand them off to Facebook servers.
Instead they went the long way, through subnetworks owned by China Telecommunications, the state-owned ISP of mainland China, then to SK Broadband, a commercial ISP in South Korea, before finding their way to Facebook.
Here's the route, according to Lyon:
route-server>show ip bgp 220.127.116.11 (Facebook's www IP address) BGP routing table entry for 18.104.22.168/20, version 32605349 Paths: (18 available, best #6, table Default-IP-Routing-Table) Not advertised to any peer 7018 4134 9318 32934 32934 32934
The AS path (routing path) translates to this:
- AT&T (AS7018)
- Chinanet (Data in China AS4134)
- SK Broadband (Data in South Korea AS9318)
- Facebook (Data back to US 32934)
Current route to Facebook via AT&T:
route-server>sho ip bgp 22.214.171.124/20 BGP routing table entry for 126.96.36.199/20, version 32743195 Paths: (18 available, best #6, table Default-IP-Routing-Table) Not advertised to any peer 7018 3356 32934 32934, (received & used)
Lyon theorizes the odd routing might have been an error within the BGP routing tables that tell Internet backbone routers where to send traffic.
Twice last year similar changes to BGP tables sent as much as 15 percent of all Internet traffic through China, on servers belonging to China Telecommunications.