monitoring network performance in china
TRANSCRIPT
2
About ThousandEyes ThousandEyes delivers visibility into every network your organization relies on.
Founded by network experts; strong
investor backing
Relied on for "critical operations by leading enterprises
Recognized as "an innovative "
new approach
31 Fortune 500
5 top 5 SaaS Companies 4 top 6 US Banks
3
• High latency and packet loss are common • 10 backbone access points (i.e., “choke points”) • 2 dominant, government-controlled ISPs: China Unicom
(North), China Telecom (South) – Underdeveloped and congested – Few peering points in between
• Highly sophisticated censorship system – Great Firewall – Great Cannon
A Different Internet in China
4
• IP blocking – Routers drop all
packets going to blacklisted IP addresses
– Lightweight • DNS tampering
– Cache poisoning
– Keyword-based hijacking
The Great Firewall
5
• Deep packet inspection and keyword filtering – Resource-intensive
The Great Firewall
Read more: https://blog.thousandeyes.com/deconstructing-great-firewall-china/
6
• Set up Network tests to benchmark performance metrics like latency and packet loss
• Expect: – Higher latency and loss • Especially for traffic crossing into or out of China
– Changing conditions due to censorship and diurnal patterns
Baseline Network Performance
Read more: https://blog.thousandeyes.com/benchmarking-network-performance-china/
7
Higher loss and latency from China
Clear diurnal patterns in outbound
traffic
Use Reports to Benchmark Performance
8
Compare HK with geographically close locations in China: Foshan,
Zhuhai, Guangzhou
Performance differences can then be attributed to crossing the
Great Firewall
Use Hong Kong for Comparison
9
• DNS packets often go missing – Frequently congested, unreliable networks – DNS poisoning and hijacking
• Cloud Agents in China use local ISP caches • Use DNS Server and Trace tests and alerts to check if
records: – Are always available – Have the correct mappings – Are served up quickly
DNS Issues
Read more: https://blog.thousandeyes.com/monitoring-application-delivery-china/
10
DNS lookup of “dns-plx.ewr1.nytimes.com”
returns incorrect mappings to blocked
IPs of services including Facebook,
Dropbox
Tests to these blocked IPs are then blocked in
China Telecom and China Unicom
DNS Server Test: NYTimes.com A record
11
DNS lookup of “ns1.p24.dynect.net”
returns correct mapping, suggesting DNS tampering on
NYTimes nameserver’s A
record
Test traffic from China makes it through to the
Dyn nameserver
Evidence of DNS Tampering
12
Lookup of NYTimes.com A record
returns incorrect mappings to blocked IPs
Impossibly low resolution times suggest DNS
cache poisoning
Evidence of DNS Cache Poisoning
13
• Page objects with blocked keywords or domains may fail to load and slow down page load times
• Watch out for: – Google: fonts, APIs, ads, Google Analytics – Facebook – Adobe Typekit – Marketo
• Use the waterfall in Page Load and Transaction tests to monitor for objects that fail to load
Blocked Page Components
Read more: https://blog.thousandeyes.com/monitoring-application-delivery-china/
14
Objects from blocked sites Facebook and
Google have long wait times and fail to load
Page Load Test: Starbucks US from China
15
China-optimized webpage sees
much lower object load times
Still room for improvement:
Google object has long DNS time
Page Load Test: Starbucks China from China
16
• Scope alerts to China agents and recalibrate thresholds
• Consider ISP-specific Path Trace alerts
Alerting
Read more: https://blog.thousandeyes.com/monitoring-application-delivery-china/
17
q Adjust your expectations and alerts based on Network test data q Use Reports to analyze data by
country q Also benchmark: q CDN providers q Data center/colocation providers
q Continuously monitor important services in China’s volatile environment
Best Practices for Monitoring in China q Understand the difficulties unique
to the Chinese Internet and adjust your monitoring strategy accordingly q 2 ISPs with few peering points q Underdeveloped and congested
q Only 10 access points q Stringent censorship q DNS poisoning and hijacking q Blocked page objects
18
See what you’re missing.
Watch the webinar:
https://www.thousandeyes.com/resources/network-performance-in-china-webinar