Network Monitor

Network Monitor – June 2020

Network disruptions in June hinted at further work being undertaken on Iran's National Information Network.

Internet users in Iran were confronted with a further series of network disruptions in June. As before, the disruptions were largely met with silence from internet service providers and government authorities.

Despite this silence, the impacts of the disruptions were still very much felt by users. Unexplained disruptions such as these can also only fuel suspicions that changes are being made to Iran’s internet infrastructure to prepare it for even greater internet localisation.  and all without public scrutiny or the means for accountability.

Only in one case did ICT Minister Mohammad-Javad Azari Jahromi respond to a series of tweets about network disruptions on June 19, stating that a “voltage drop” was responsible for disruption on the MCI and GSM networks.

During this period we documented eight incidents of disruption, and a brief localised internet shutdown. Our day-by-day analysis of key disruption incidents in June follows.

June 1 – Brief Disruption Detected

On the first day of June, IODA data showed a very brief disruption between 11:25-11:35 UTC. It seems that AS56402 – belonging to Dadeh Gostar Asr Novin P.J.S. Co. – was the main network affected by this brief disruption. No Iranian official provided a public explanation for the outage.

June 16 – Iran’s TLD Manager Goes Offline

The Research Center of Theoretical Physics & Mathematics (IPM) network went almost completely offline from 12:00 UTC for around three hours. This is particularly important because IPM is responsible for managing top-level domains (TLDs) in Iran, including the .ir TLD. This is the second time in 2020 that IPM went offline without any explanation from either IPM or other Iranian officials. IPM previously went offline on March 26 for around 27 hours.

June 17 – IPM Disruptions Continue

IPM’s network experienced continued disruptions the following day.  

This time, disruption on the IPM network affected another provider. It seems IPM is one of the main providers of the Farhang Azma Communications Company (AS44889), which provides ICT services including data center design, fiber optic and wireless networking, VoIP, server room monitoring systems, network security, dedicated bandwidth, and digital signature provision.

In the screenshot below, we hid the other data sources of the Farhang Azma Communications Company (AS44889) on OIM to have a better understanding how IPM’s disruption affected this network.

AS49832 went offline

 

In another event, Rikeza Ltd (AS49832) went offline between 12 PM UTC until 24 June around the same time. This network constitutes the new Internet Exchange point that was introduced in February 2020.

AS49832 was restored

 

June 18 – More Disruptions on IPM

For the third time this month, OMI data showed another major disruption on the IPM network – again with a major effect upon AS44889.

June 19 – Jahromi Acknowledges Service Outages, Blames ‘Voltage Drop’

Based on the users’ reports on Twitter, the MCI and GSM networks were completely disconnected from both the global Internet and National Information Network. No explanation was given by MCI or any Iranian state officials. Iranian Twitter users vented their frustrations at ICT Minister Azari Jahromi, and eventually were able to get him to issue a statement:

“[The disruption was caused by] a voltage drop in the input feeders of MCI’s Shahid Ramezani Telecommunication Center, and a shutdown of some pieces of network equipment. The disruption has now been resolved and the network is returning to normal.”

June 25 – Shatel Disruptions in Tehran

Around 11:30 AM UTC (16:00 Tehran Local Time), Arvan Cloud’s Radar network measurement tool showed a significant disruption on the Shatel network in Tehran.

Arvan Cloud’s Radar does not provide any details, so Filterwatch cross-referenced with OMI data and discovered a major traffic shift in the Shatel network on AS48159 and AS31549. On both ASs Delta Telecom became the main source of the traffic. In the two screenshots below, we hid Delta Telecom to allow the traffic shift to be observed more clearly.

June 27 – Major Mobinnet Traffic Shift

6:55 AM UTC (11:25 Tehran local time) Arvan Cloud’s Radar network measurement tool showed a major disruption on the provider Mobinnet.

OMI data showed that Mobinnet (AS50810) was experiencing a significant shift in its traffic. AS29049 became the main traffic source, whereas other sources went offline.

In the screenshot below from OMI data we hide AS29049 to better show this disruption.

About the author

Amir Rashidi

Filterwatch