As Internet becomes a societal phenomenon and its influence keeps growing, the government has to control some types of content due to different reasons like national security, protection from propaganda of terrorism, drugs, gambling. Each country has its own set of rules and restrictions.
“Freedom on the Net” report characterizes Pakistan as “Not Free” with Internet Freedom Scores 27/100 and over the years this index is steadily lowing. Due to multiparty political system authorities frequently disrupt telecommunications to stop coverage of news and political events like it was in July 2018 during the general elections when the government shutdown mobile and internet services. Over 800 000 websites are blocked due to religious and social reasons, the most of restrictions refers to pornographic resources. Some research confirm the most popular websites as Facebook, Twitter, Youtube were blocked using DNS-based filtration.
Pakistan is precisely not the only one country with controlled access to web-resources and social media during the political interventions. Turkey’s government instantly reacts to political events by blocking certain websites or throttling Internet traffic. In 2014-2018 the Turkish government has ordered ISPs to block 246 000 of website including Wikipedia for content that contradicts public policy perspective. Some of these blocks are temporary, such as its throttling of Facebook and Twitter, while others are sustainable. Twitter and Facebook Transparency reports state that Turkey is one of the leading countries for requests to remove content from social networks. The “Freedom on the Net” report characterizes Turkey as “Not Free” with Internet Freedom Scores 37/100.
In India the situation is a bit more stable, but nevertheless freedom of Internet has reduced by overwhelming shutdowns and expansion disinformation as well as misunderstanding news in social media. The government also said that in a period from 01/2016 to 11/2017, 1791 websites were blocked by ISPs on the order of the Department of Telecommunications and 2133 websites were blocked on the order of various courts. According to information published in 2017, government blocked as many as 23,030 websites /URLs. The “Freedom on the Net” report characterizes India as “Partly Free” with Internet Freedom Scores 55/100.
In autumn 2019 there were protests in several states of India. According to The Washington Post, for more than 134 days the Internet is shut down in the Indian states of Jammu and Kashmir, which is now a record time.
Governmental blocking of web-resources doesn’t ease work for ISPs but there are different ways to simplify filtration and make it more efficient.
Many operators block IP addresses using BGP Blackhole or advertise only part of the BGP traffic to the filtering system. If we consider all the traffic load transferred to the router, we observe the following amount:
As a result, the router has to process from 1 million to 2.3 million addresses.
We are referring to hardware that is designed for processing significantly less routes. For example, a great number of operators have Juniper MX series routers in their network, which are able to process up to 1 million routes as set in the documentation. Back in 2009, when these models were just created, the hardware was designed for handling about 500 thousand addresses, which seemed more than enough.
Cisco SCE owners might face a similar problem soon, because processing capability of such equipment is up to 2.5 million addresses.
This kind of overload leads to route exhaustion of memory, which in turn evokes disturbance in router performance and can cause a network shutdown. Some hardwares already can not cope with the load, and line cards containing up to 2.5 million FIB prefixes can exhaust their resources very soon if the number of blocked IPs continues to increase.
To filter a large number of routes, we use DPI blocking type with the “in-line” implementation scheme. Filtering is performed by DPI. The VAS Experts DPI platform can handle up to 4 billion records.
An important aspect of DPI application is the transition from IP blocking to moderate blocking by URL, SNI, CN and, if necessary, IP + port.
Let’s have a look at various traffic filtering schemes and mark pros and cons of each appliance.
Pros: Implementation on any equipment.
Cons: It demands to prepare a list of resources for the router. The complete blocking may trigger negative feedback from subscribers. It also creates additional load on the router.
Pros: Reducing the cost of implementation and decreasing usage of processed traffic.
Cons: Additional load on the router and possible omissions on prohibited resources, as not all traffic is filtered.
Pros: fast implementation and the low cost of usage.
Cons: Сhanging domain names takes place in user end side. It makes it easier to evade the DNS solution.
Pros: no impact on the network in the case of a network fault.
Cons: This method occurs possible access to prohibited content and excludes a scenario of blocking IP or subnet due to impossibility to limit the initial request from the network.
Pros: lower cost of this solution as the usage of outgoing traffic is significantly less.
Cons: this solution focuses on dividing network flows, which makes the network more complex and demands additional ports.
Pros: The ability to use all capabilities of DPI to increase QoS / QoE, the implementation of the statistics collection / BRAS / NAT functions.
Cons: Increased implementation costs compared to previous approaches, more points requiring redundancy.
Thus, it is possible to solve the problem of congestion and malfunctions of routers by changing the filtering method. it is necessary to remove the load from device caused by announcement of additional routes and configure “In-line” or “asymmetric” implementation scheme.
Contact us to learn more about VAS Experts DPI functionality and capabilities.