This article is more than 1 year old

Breaching China's Great Firewall is hard. Pushing packets faster than 1Mbps once through is the Boss Fight

Network boffin finds packets headed into China go AWOL yet packets coming out do just fine

79 percent of internet traffic flows into China struggle to flow faster than 1Mbps, but the Great Firewall is probably not to blame.

So says PhD student Pengxiong Zhu, from the Department of Computer Science and Engineering, University of California, Riverside, whose research has been showcased by regional internet registry APNIC.

Zhu’s research started as an exploration of how content delivery networks (CDNs) impact internet performance in China. Doing so meant measuring the performance of transnational networks, an effort that found most such links are “fairly stable and fast”. Across Africa nations, Zhu found that traffic slows down on its way in and out.

And in China, data flowed out at lovely speeds but often slowed down on the way in.

To check that finding, the team “performed additional experiments measuring more than 400 receiver-sender pairs in China and foreign nodes over more than 53 days.”

That effort found that “Slow speed occurs extensively for transnational traffic”. Indeed, the team “recorded 79% of measured in-bound connections with throughput lower than 1Mbps.”

The slowdown happened “in almost every city”, almost every day, and tends to start around 6:00AM and then tail off at 03:30 the next day.

wall punch

China now blocking ESNI-enabled TLS 1.3 connections, say Great-Firewall-watchers


Even some of the world’s biggest websites, most of which invest heavily in CDNs, cop the performance hit.

“We calculated the end-to-end loss rate and found only packets travelling into China are lost, the other direction (China > International) barely has packet loss,” Zhu wrote, adding “all packet types share the same packet loss — TCP, UDP and ICMP don’t have noticeable differences.

The researcher also found that the problem mostly occurs within China.

“Our results show that in 71% of cases, the bottleneck hops are located deep in China, which is abnormal because we know the domestic infrastructure can handle the domestic traffic pretty well, however, it fails to handle the smaller transnational traffic,” he wrote. “This does not make sense from an economic perspective, as it is much more expensive to construct transnational links such as submarine cables, which are interestingly, often not the cause of the bottleneck.”

So what’s going on in the Middle Kingdom? Zhu’s first hypothesis is that China’s infamous Great Firewall could be to blame, but could only find its fingerprints on a third of the slowed streams.

He instead fingers Chinese ISPs as the source of the slowdown.

“In the early years, Chinese ISPs did not have a good reputation for making international peering easy, because they wanted to grow their own transit business and make themselves top-tier ISPs,” he explains. Their desire to run transit businesses sees China Telecom offer four tiers of service for incoming traffic.

“To verify the existence of tiered services, we found an exotic virtual private server provider reselling these tiers of networks through hosting, which provided test IPs that allow customers to check the loss rate and latency to these nodes from within China. We found the loss rate does decrease with the tier of networks.”

Zhu concludes by saying the research is, by necessity, a best-effort affair that will be hard to verify without rummaging around inside Chinese ISPs and learning more about local policies. ®

More about


Send us news

Other stories you might like