Travel Technology - Everyone Loves YouTube: Pakistan shutdown goes worldwide

Very interesting - just on a news bulletin now, summarised in layman's terms:

Pakistan, through some internet company presumably, sent out a misleading DNS address for YouTube as a 'faster' route and after this leaked outside Pakistan, the viral effect of the incorrect address meant YouTube's shutdown spread worldwide.

(Geeks, nerds or just more IP literate FTers and IT people, I;m sure you can explain this better... Let's hope there's not a Fatwa or whatever on FT!)

:D

---
TravelTech IT / IP / pointyhead eminent experts:
Was this inadvertent shutdown outside Pakistan peculiar to YT due to its structure or content or could such a method work for any internet site?

Tenuous link to TT:
Who has experience downloading and watching YouTube videos on an iPhone / iPod Touch? :)

The way you described it is pretty accurate. Basically the Pakistani government issued an order to all ISPs that operate in the country to block access to YouTube due to some content in a clip that was available on the site. PCCW, a global ISP based in Hong Kong, complied with the order a bit too efficiently, allowing the updated routing information to leak outside of Pakistan and into the rest of their network and across to other peering partners of theirs, affecting YouTube access worldwide. Once a YouTube engineer noticed and called it in PCCW fixed their systems to only advertise it in Pakistan.

A similar effect could happen to any web site, as long as you can get someone with reasonably high level access in an ISP to participate in the effort. Generally that requires that you're a government or that you have some very good friends in very high places. For a reasonably intersting recount of a cyber-attack on a county and how global ISPs can manage and deflect the attack (a similar but not 100% comparable event) there's a pretty good Wired article that you can read about an attack on the Estonian infrastructure (http://www.wired.com/politics/security/magazine/15-09/ff_estonia) by what is presumed to be Russian mafia.

A couple important things to note from all this:
Despite the redundant routing structure, countries are able to isolate themselves on the internet
It is very possible for an ISP to break a lot of things if they aren't careful
Your geography on the Internet isn't anonymous


S.

sent out a misleading DNS address for YouTube as a 'faster' route
DNS does not influence routing decisions. As I understand it, the ISP advertised a BGP route to YouTube. In other words, if you want to get to the autonomous system(s) associated with youtube.com, "send all your traffic to me!"

DNS does not influence routing. As I understand it, the ISP advertised a BGP route to YouTube. In other words, if you want to get to the autonomous system(s) associated with youtube.com, "send all your traffic to me!"

Yup, and this is only a problem if they don't actually pass the traffic on to a server that can actually respond to the request. In this case, the Pakistani government wanted the traffic to go nowhere - and that's what it did - but the BGP route advertisement made it out of Pakistan, so other users globally also had their computers also routing to the "nowhere" destination that Pakistan wanted their users to see.

PCCW, a global ISP based in Hong Kong, complied with the order a bit too efficiently, allowing the updated routing information to leak outside of Pakistan and into the rest of their network and across to other peering partners of theirs, affecting YouTube access worldwide. Once a YouTube engineer noticed and called it in PCCW fixed their systems to only advertise it in Pakistan. Not quite. Pakistan Telecom instantiated the YouTube block in their network; and mistakenly advertised the YouTube prefix to their upstream transit provider - PCCW. PCCW was not filtering Pakistan Telecom, and as a result the prefix was propogated globally to PCCW's partners.

As the prefix was advertised was a more specific (a /24 (256 IP addresses); rather than the YouTube /22 (1024 IP addresses)) causing traffic to flow towards Pakistan Telecom.

Renesys, a routing analysis company, has a good commentary of it on their blog (http://www.renesys.com/blog/2008/02/pakistan_hijacks_youtube_1.shtml).