What is happening with the BY internet segment in terms of BGP and IPv4/IPv6

Before we start investigating what is happening with the Internet within and outside of Belarus, let us quote a couple of sentences we are repeating in annual National Reliability Research & Report

“Strictly speaking, when the BGP and the world of interdomain routing were in the design stage, the creators assumed that every non-transit AS would have at least two upstream providers to guarantee fault tolerance in case one goes down. However, the reality is different; over 45% of ISP’s have only one connection to an upstream transit provider. A range of unconventional relationships among transit ISPs further reduces reliability. So, have transit ISPs ever failed? The answer is yes, and it happens with some frequency. The more appropriate question is — under what conditions would a particular ISP experience service degradation? If such problems seem unlikely, it may be worth considering Murphy’s Law: “Anything that can go wrong, will.”

Why are we repeating this rather than start with the facts and timesteps as usual? Because this is precisely the case, from our point of view, with Belarus’ internet segment. Let us take a look at two diagrams representing a BGP network of Belarus a month ago, at the beginning of July 2020:



What do we see here? We see two critical ASes: 6697 - Belpak, the national telecommunication monopoly, and 60280 - National Traffic Exchange, responsible for almost exclusively owning Belarus’ connection to the outer world. 

The curious AS21274, apparently belonging to the National Science Academy of Belarus, is the only network that bypasses the Belpak and NTEC in cross-border connection. Furthermore, by no surprise, resources hosted within AS21274 are very much available (http://basnet.by/en/index.html), unlike the 6697 and 60280 contents.

However, let us take a closer look at the networking events starting August 8, 2020.

The first thing that got our attention was the fact that IPv6 sessions were shut down by both national telecommunication companies a little bit before everything that happened after. According to Qrator.Radar data, more than 80% of IPv6 prefixes were unreachable starting 18:00 UTC on August 8. Moreover, this is continuing for three days straight - a very unusual course of action, considering the increasing use of IPv6.

AS6697 IPv6 upstreams

AS60280 IPv6 providers…

… and IPv6 peers (it is almost the same with Belpak’s IPv6 peers, which dropped from 73 on August 9, to 0 on August 10, and 2 today, August 11).

As you can see, those two ASes almost entirely cut their IPv6 connectivity for some reason, and have not restored it until now. We could only speculate due to what specific reason this was done, but dropping almost all IPv6 from maintenance is a thing that could only be done from “within” - we have never seen such a massive and simultaneous “outside” IPv6 shutdown.

It is much trickier with IPv4, however.

At first glance, from the outside perspective, almost nothing changed. Those two critical autonomous systems of Belarus’ are still connected to their global upstreams even after 20% prefix drop on August 10:

AS6697 BGP connection graph

AS60280 BGP connection graph

So the reason for massive unavailability of resources hosted inside the BY segment, and vice versa, the inability of users inside Belarus to reach global internet resources, is probably somewhere else.

Unfortunately, we do not have an insider perspective to analyze how the traffic flow changed in the TCP/UDP plane, so our only option is to look at the information still flowing from inside the country. One of the markers we want to refer to is the outbound traffic flow of one of the country’s largest internet media - tut.by; that posted a graph earlier today, showing how their channel capacity was shaped by the upstream provider, which is Belpak - AS6697:

If that is the case for every customer of AS6697, then we have almost no question about why the connectivity to and from BY segment in such a shape — because it was shaped into that way, according to the graph above, starting at 10:30, UTC+3, August 10.

What was the particular reason behind such a move — we do not know. Even without a DPI system in place, such artificial congestion would almost certainly affect the traffic flow. And in the current situation in Belarus, where more and more people are relying on the Internet for communication, with the growing amounts of ingress and off-ramp traffic, cutting or restricting the bandwidth would almost certainly shut down large portions of the BY-net, amplifying collateral damage up to a denial-of-service state.

We could only hope that AS6697 and AS60280 would restore their connectivity as soon as possible, surpassing existing infrastructure limitations. We would see in a month, with the release of 2020 National Reliability Research, how those events changed the position of the BY segment over the years. As the Internet has long ago become a crucial part of human life, we feel obligated to remind everyone that every action has its short-term, as well as long-term consequences.