2

About ThousandEyes ThousandEyes delivers visibility into every network your organization relies on.

Founded by network experts; strong

investor backing

Relied on for "critical operations by leading enterprises

Recognized as "an innovative "

new approach

31 Fortune 500

5 top 5 SaaS Companies 4 top 6 US Banks

3

•  High latency and packet loss are common •  10 backbone access points (i.e., “choke points”) •  2 dominant, government-controlled ISPs: China Unicom

(North), China Telecom (South) –  Underdeveloped and congested –  Few peering points in between

•  Highly sophisticated censorship system –  Great Firewall –  Great Cannon

A Different Internet in China

4

•  IP blocking –  Routers drop all

packets going to blacklisted IP addresses

–  Lightweight •  DNS tampering

–  Cache poisoning

–  Keyword-based hijacking

The Great Firewall

5

•  Deep packet inspection and keyword filtering –  Resource-intensive

The Great Firewall

Read more: https://blog.thousandeyes.com/deconstructing-great-firewall-china/

6

•  Set up Network tests to benchmark performance metrics like latency and packet loss

•  Expect: –  Higher latency and loss •  Especially for traffic crossing into or out of China

–  Changing conditions due to censorship and diurnal patterns

Baseline Network Performance

Read more: https://blog.thousandeyes.com/benchmarking-network-performance-china/

7

Higher loss and latency from China

Clear diurnal patterns in outbound

traffic

Use Reports to Benchmark Performance

8

Compare HK with geographically close locations in China: Foshan,

Zhuhai, Guangzhou

Performance differences can then be attributed to crossing the

Great Firewall

Use Hong Kong for Comparison

9

•  DNS packets often go missing –  Frequently congested, unreliable networks –  DNS poisoning and hijacking

•  Cloud Agents in China use local ISP caches •  Use DNS Server and Trace tests and alerts to check if

records: –  Are always available –  Have the correct mappings –  Are served up quickly

DNS Issues

Read more: https://blog.thousandeyes.com/monitoring-application-delivery-china/

10

DNS lookup of “dns-plx.ewr1.nytimes.com”

returns incorrect mappings to blocked

IPs of services including Facebook,

Dropbox

Tests to these blocked IPs are then blocked in

China Telecom and China Unicom

DNS Server Test: NYTimes.com A record

11

DNS lookup of “ns1.p24.dynect.net”

returns correct mapping, suggesting DNS tampering on

NYTimes nameserver’s A

record

Test traffic from China makes it through to the

Dyn nameserver

Evidence of DNS Tampering

12

Lookup of NYTimes.com A record

returns incorrect mappings to blocked IPs

Impossibly low resolution times suggest DNS

cache poisoning

Evidence of DNS Cache Poisoning

13

•  Page objects with blocked keywords or domains may fail to load and slow down page load times

•  Watch out for: –  Google: fonts, APIs, ads, Google Analytics –  Facebook –  Adobe Typekit – Marketo

•  Use the waterfall in Page Load and Transaction tests to monitor for objects that fail to load

Blocked Page Components

Read more: https://blog.thousandeyes.com/monitoring-application-delivery-china/

14

Objects from blocked sites Facebook and

Google have long wait times and fail to load

Page Load Test: Starbucks US from China

15

China-optimized webpage sees

much lower object load times

Still room for improvement:

Google object has long DNS time

Page Load Test: Starbucks China from China

16

•  Scope alerts to China agents and recalibrate thresholds

•  Consider ISP-specific Path Trace alerts

Alerting

Read more: https://blog.thousandeyes.com/monitoring-application-delivery-china/

17

q Adjust your expectations and alerts based on Network test data q Use Reports to analyze data by

country q Also benchmark: q  CDN providers q  Data center/colocation providers

q Continuously monitor important services in China’s volatile environment

Best Practices for Monitoring in China q Understand the difficulties unique

to the Chinese Internet and adjust your monitoring strategy accordingly q 2 ISPs with few peering points q  Underdeveloped and congested

q Only 10 access points q Stringent censorship q  DNS poisoning and hijacking q  Blocked page objects

18

See what you’re missing.

Watch the webinar:

https://www.thousandeyes.com/resources/network-performance-in-china-webinar