Learn more about the latest ThousandEyes innovations at Cisco Live! | June 2-6, 2024


Yandex Packet Loss: DDoS or Russian Firewall?

By Ameet Naik
| | 5 min read


Last month we wrote about Russia’s plans to build an isolation switch for the Internet. Today we learned that the proposed law passed a key second reading in parliament and is on its way to becoming the law of the land by November 1st, 2019. What does this all mean for companies doing business in Russia?

This law creates a framework whereby ISPs will be required to funnel all Internet traffic in and out of the country through well-known choke points (Internet Exchanges). This would make it easier for the authorities to expand Internet censorship, and isolate the nation from the global Internet under times of conflict. However, this would also force Internet traffic through suboptimal paths, and through performance-limiting filtering gateways. This would most likely degrade the user experience for Russian users browsing sites and apps outside the country, and provide an advantage to services hosted within the country, as we’ve seen happen in China.

Yandex is the Russian version of Google—a large technology conglomerate with a popular search engine at its core. Over the past few weeks, Yandex has been the target of many high profile DDoS attacks that were designed to cripple the Internet filtering infrastructure already in place. Over the past week, we have noticed interesting packet loss events affecting Yandex.ru. The first one happened on April 2nd at about 10 pm PDT.

Packet loss at Yandex peering point in Amsterdam
Figure 1: Packet loss at Yandex’s peering point at an Internet exchange in Amsterdam affecting reachability from Sweden and France.

This packet loss continued intermittently over the next several hours and then stabilized. The next day, on April 3rd at about 5 pm PT, we noticed another packet loss event. This event was very short-lived but much more severe than the previous event.

Packet loss at Yandex peering point in Frankfurt
Figure 2: Packet loss at Yandex’s peering point in Frankfurt, Germany affecting reachability from Poland, Israel and Korea.
Packet loss from around the world
Figure 3: Packet loss from multiple vantage points around the globe attempting to reach yandex.ru.

These incidents have the signature of one of two things. They were either a massive DDoS attack targeted at yandex.ru from around the globe, or they were a test of a new filtering infrastructure designed to create well-defined choke points into Yandex’s network, in preparation for the new regulations.

What’s also interesting here is that Russian technology companies have investments in Internet exchange points outside of Russia. What will happen to these investments after the new regulations come into effect is unclear.

Path visualization with Russian ISP in Italy
Figure 4: Russian ISPs aren’t just in Russia.

What is clear is that Russia seems firmly committed to the path of Internet sovereignty. This is likely to create a challenging operating environment for global technology companies in the near term. We will continue to follow and update as this story evolves. Subscribe to our blog to receive updates on this and other interesting news about the Internet.

Subscribe to the ThousandEyes Blog

Stay connected with blog updates and outage reports delivered while they're still fresh.

Upgrade your browser to view our website properly.

Please download the latest version of Chrome, Firefox or Microsoft Edge.

More detail