How Syria Turned Off the Internet

<!DOCTYPE html><script type="module" src="/_astro/index.astro_astro_type_script_index_0_lang.CoXd8L9s.js"></script> <html lang="en-us" dir="ltr"> <head><script async src="https://ot.www.cloudflare.com/public/vendor/onetrust/scripttemplates/otSDKStub.js" data-document-language="true" type="text/javascript" data-domain-script="b1e05d49-f072-4bae-9116-bdb78af15448"></script><meta name="HandheldFriendly" content="True"><meta name="viewport" content="width=device-width,minimum-scale=1,initial-scale=1"><meta http-equiv="X-UA-Compatible" content="IE=edge"><meta name="baidu-site-verification" content="KeThzeyMOr"><meta name="baidu-site-verification" content="code-NIlrS7gNhx"><meta charset="UTF-8"><meta name="description" content="Get the latest news on how products at Cloudflare are built, technologies used, and join the teams helping to build a better Internet."><title>How Syria Turned Off the Internet</title><meta name="title" content="How Syria Turned Off the Internet"><meta name="msvalidate.01" content="CF295E1604697F9CAD18B5A232E871F6"><meta class="swiftype" name="language" data-type="string" content="en"><script src="/static/z/i.js" type="text/javascript" referrerpolicy="origin"></script><meta name="viewport" content="width=device-width, initial-scale=1.0"><link rel="apple-touch-icon" sizes="180x180" href="/images/favicon-32x32.png"><link rel="icon" type="image/png" sizes="32x32" href="/images/favicon-32x32.png"><link rel="icon" type="image/png" sizes="16x16" href="/images/favicon-32x32.png"><link rel="mask-icon" href="/images/favicon-32x32.png" color="#f78100"><link rel="stylesheet" href="/themes/ashes.min.css"><link rel="sitemap" href="/sitemap.xml"><meta name="msapplication-TileColor" content="#da532c"><meta name="theme-color" content="#ffffff"><link rel="canonical" href="https://blog.cloudflare.com/how-syria-turned-off-the-internet/"><link rel="alternate" hreflang="en-us" href="https://blog.cloudflare.com/how-syria-turned-off-the-internet/"><meta property="article:published_time" content="2012-11-29T20:13:00.000+00:00"><meta property="article:modified_time" content="2024-10-10T00:37:19.602Z"><meta property="article:tag" content="Network"><meta property="article:tag" content="BGP"><meta property="article:tag" content="Outage"><meta property="article:tag" content="Syria"><meta property="article:publisher" content="https://www.facebook.com/cloudflare"><meta property="og:site_name" content="The Cloudflare Blog"><meta property="og:type" content="article"><meta property="og:title" content="How Syria Turned Off the Internet"><meta property="og:description" content="Today, 29 November 2012, between 1026 and 1028 (UTC), all traffic from Syria to the rest of the Internet stopped. At CloudFlare, we witnessed the drop off. We've spent the morning studying the situation to understand what happened. "><meta property="og:url" content="https://blog.cloudflare.com/how-syria-turned-off-the-internet/"><meta property="og:image:width" content="1200"><meta property="og:image:height" content="628"><meta name="twitter:title" content="How Syria Turned Off the Internet"><meta name="twitter:description" content="Today, 29 November 2012, between 1026 and 1028 (UTC), all traffic from Syria to the rest of the Internet stopped. At CloudFlare, we witnessed the drop off. We've spent the morning studying the situation to understand what happened. "><meta name="twitter:url" content="https://blog.cloudflare.com/how-syria-turned-off-the-internet/"><meta name="twitter:card" content="summary_large_image"><meta name="twitter:label1" content="Written by"><meta name="twitter:data1" content="Matthew Prince"><meta name="twitter:creator" content="@eastdakota"><meta name="twitter:label2" content="Filed under"><meta name="twitter:data2" content="Network,BGP,Outage,Syria"><meta name="twitter:site" content="@cloudflare"><meta property="og:image" content><meta name="twitter:image" content><link rel="stylesheet" href="/_astro/index.Bpd2cWaZ.css"></head><style>astro-island,astro-slot,astro-static-slot{display:contents}</style><script>(()=>{var e=async t=>{await(await t())()};(self.Astro||(self.Astro={})).only=e;window.dispatchEvent(new Event("astro:only"));})();;(()=>{var A=Object.defineProperty;var g=(i,o,a)=>o in i?A(i,o,{enumerable:!0,configurable:!0,writable:!0,value:a}):i[o]=a;var d=(i,o,a)=>g(i,typeof o!="symbol"?o+"":o,a);{let i={0:t=>m(t),1:t=>a(t),2:t=>new RegExp(t),3:t=>new Date(t),4:t=>new Map(a(t)),5:t=>new Set(a(t)),6:t=>BigInt(t),7:t=>new URL(t),8:t=>new Uint8Array(t),9:t=>new Uint16Array(t),10:t=>new Uint32Array(t),11:t=>1/0*t},o=t=>{let[l,e]=t;return l in i?i[l](e):void 0},a=t=>t.map(o),m=t=>typeof t!="object"||t===null?t:Object.fromEntries(Object.entries(t).map(([l,e])=>[l,o(e)]));class y extends HTMLElement{constructor(){super(...arguments);d(this,"Component");d(this,"hydrator");d(this,"hydrate",async()=>{var b;if(!this.hydrator||!this.isConnected)return;let e=(b=this.parentElement)==null?void 0:b.closest("astro-island[ssr]");if(e){e.addEventListener("astro:hydrate",this.hydrate,{once:!0});return}let c=this.querySelectorAll("astro-slot"),n={},h=this.querySelectorAll("template[data-astro-template]");for(let r of h){let s=r.closest(this.tagName);s!=null&&s.isSameNode(this)&&(n[r.getAttribute("data-astro-template")||"default"]=r.innerHTML,r.remove())}for(let r of c){let s=r.closest(this.tagName);s!=null&&s.isSameNode(this)&&(n[r.getAttribute("name")||"default"]=r.innerHTML)}let p;try{p=this.hasAttribute("props")?m(JSON.parse(this.getAttribute("props"))):{}}catch(r){let s=this.getAttribute("component-url")||"<unknown>",v=this.getAttribute("component-export");throw v&&(s+=` (export ${v})`),console.error(`[hydrate] Error parsing props for component ${s}`,this.getAttribute("props"),r),r}let u;await this.hydrator(this)(this.Component,p,n,{client:this.getAttribute("client")}),this.removeAttribute("ssr"),this.dispatchEvent(new CustomEvent("astro:hydrate"))});d(this,"unmount",()=>{this.isConnected||this.dispatchEvent(new CustomEvent("astro:unmount"))})}disconnectedCallback(){document.removeEventListener("astro:after-swap",this.unmount),document.addEventListener("astro:after-swap",this.unmount,{once:!0})}connectedCallback(){if(!this.hasAttribute("await-children")||document.readyState==="interactive"||document.readyState==="complete")this.childrenConnectedCallback();else{let e=()=>{document.removeEventListener("DOMContentLoaded",e),c.disconnect(),this.childrenConnectedCallback()},c=new MutationObserver(()=>{var n;((n=this.lastChild)==null?void 0:n.nodeType)===Node.COMMENT_NODE&&this.lastChild.nodeValue==="astro:end"&&(this.lastChild.remove(),e())});c.observe(this,{childList:!0}),document.addEventListener("DOMContentLoaded",e)}}async childrenConnectedCallback(){let e=this.getAttribute("before-hydration-url");e&&await import(e),this.start()}async start(){let e=JSON.parse(this.getAttribute("opts")),c=this.getAttribute("client");if(Astro[c]===void 0){window.addEventListener(`astro:${c}`,()=>this.start(),{once:!0});return}try{await Astro[c](async()=>{let n=this.getAttribute("renderer-url"),[h,{default:p}]=await Promise.all([import(this.getAttribute("component-url")),n?import(n):()=>()=>{}]),u=this.getAttribute("component-export")||"default";if(!u.includes("."))this.Component=h[u];else{this.Component=h;for(let f of u.split("."))this.Component=this.Component[f]}return this.hydrator=p,this.hydrate},e,this)}catch(n){console.error(`[astro-island] Error hydrating ${this.getAttribute("component-url")}`,n)}}attributeChangedCallback(){this.hydrate()}}d(y,"observedAttributes",["props"]),customElements.get("astro-island")||customElements.define("astro-island",y)}})();</script><astro-island uid="1peHXi" component-url="/_astro/GoogleAnalytics.LcHSkkYf.js" component-export="GoogleAnalytics" renderer-url="/_astro/client.DLO1yDVm.js" props="{"title":[0,"How Syria Turned Off the Internet"],"canonical":[0,"https://blog.cloudflare.com/how-syria-turned-off-the-internet"],"info":[0,{"id":[0,"8BPLBWT6UrAceFst1crWn"],"title":[0,"How Syria Turned Off the Internet"],"slug":[0,"how-syria-turned-off-the-internet"],"excerpt":[0,"Today, 29 November 2012, between 1026 and 1028 (UTC), all traffic from Syria to the rest of the Internet stopped. At CloudFlare, we witnessed the drop off. We've spent the morning studying the situation to understand what happened. "],"featured":[0,false],"html":[0,"<p>Today, 29 November 2012, between 1026 and 1028 (UTC), all traffic from Syria to the rest of the Internet stopped. At CloudFlare, we witnessed the drop off. We&#39;ve spent the morning studying the situation to understand what happened. The following graph shows the last several days of traffic coming to CloudFlare&#39;s network from Syria.</p>\n <figure class=\"kg-card kg-image-card \">\n \n <Image src=\"https://cf-assets.www.cloudflare.com/zkvhlag99gkb/15PG5gGBgjyWNgcGPf3m7h/8fdab987395e1c194b84270dd502cb56/cloudflare_syrian_traffic_utc.png.scaled500.png\" alt=\"How Syria Turned Off the\nInternet\" class=\"kg-image\" width=\"500\" height=\"239\" loading=\"lazy\"/>\n \n </figure><p>Since the beginning of today&#39;s outage, we have received no requests from Syrian IP space. That is a more complete blackout than we&#39;ve seen when other countries have been cut from the Internet (see, for example, Egypt where while <a href=\"/what-egypt-shutting-down-the-internet-looks-l\">most traffic was cut off some requests still trickled out)</a>.</p><p>The graph above shows two other incidents over the last week. On 25 November 2012 at approximately 0800 UTC we witnessed a 15 minute period during which Syrian traffic was cut to only 13% of normal levels. Again on 27 November 2012 at 0730 UTC, we saw a 15 minute period during which traffic dropped to only 0.2% of normal.</p>\n <div class=\"flex anchor relative\">\n <h3 id=\"what-happened\">What Happened?</h3>\n <a href=\"#what-happened\" aria-hidden=\"true\" class=\"relative sm:absolute sm:-left-5\">\n <svg width=\"16\" height=\"16\" viewBox=\"0 0 24 24\"><path fill=\"currentcolor\" d=\"m12.11 15.39-3.88 3.88a2.52 2.52 0 0 1-3.5 0 2.47 2.47 0 0 1 0-3.5l3.88-3.88a1 1 0 0 0-1.42-1.42l-3.88 3.89a4.48 4.48 0 0 0 6.33 6.33l3.89-3.88a1 1 0 1 0-1.42-1.42Zm8.58-12.08a4.49 4.49 0 0 0-6.33 0l-3.89 3.88a1 1 0 0 0 1.42 1.42l3.88-3.88a2.52 2.52 0 0 1 3.5 0 2.47 2.47 0 0 1 0 3.5l-3.88 3.88a1 1 0 1 0 1.42 1.42l3.88-3.89a4.49 4.49 0 0 0 0-6.33ZM8.83 15.17a1 1 0 0 0 1.1.22 1 1 0 0 0 .32-.22l4.92-4.92a1 1 0 0 0-1.42-1.42l-4.92 4.92a1 1 0 0 0 0 1.42Z\"></path></svg>\n </a>\n </div>\n <p>The Syrian Minister of Information is being <a href=\"http://www.jpost.com/Headlines/Article.aspx?id=294001\">reported assaying</a> that the government did not disable the Internet, but instead the outage was caused by a cable being cut. Specifically: &quot;It is not true that the state cut the Internet. The terrorists targeted the Internet lines, resulting in some regions being cut off.&quot; From our investigation, that appears unlikely to be the case.</p><p>To begin, all connectivity to Syria, not just some regions, has been cut. The exclusive provider of Internet access in Syria is the state-run Syrian Telecommunications Establishment. Their network AS number is AS29386. The following network providers typically provide connectivity from Syria to the rest of the Internet: PCCW and Turk Telekom as the primary providers with Telecom Italia and TATA for additional capacity. When the outage happened, the BGP routes to Syrian IP space were all simultaneously withdrawn from all of Syria&#39;s upstream providers. The effect of this is that networks were unable to route traffic to Syrian IP space, effectively cutting the country off the Internet.</p><p>Syria has 4 physical cables that connect it to the rest of the Internet. Three are undersea cables that land in the city of Tartous, Syria. The fourth is an over-land cable through Turkey. In order for a whole-country outage, all four of these cables would have had to been cut simultaneously. That is unlikely to have happened.</p>\n <div class=\"flex anchor relative\">\n <h3 id=\"watching-the-shutdown-happen\">Watching the Shutdown Happen</h3>\n <a href=\"#watching-the-shutdown-happen\" aria-hidden=\"true\" class=\"relative sm:absolute sm:-left-5\">\n <svg width=\"16\" height=\"16\" viewBox=\"0 0 24 24\"><path fill=\"currentcolor\" d=\"m12.11 15.39-3.88 3.88a2.52 2.52 0 0 1-3.5 0 2.47 2.47 0 0 1 0-3.5l3.88-3.88a1 1 0 0 0-1.42-1.42l-3.88 3.89a4.48 4.48 0 0 0 6.33 6.33l3.89-3.88a1 1 0 1 0-1.42-1.42Zm8.58-12.08a4.49 4.49 0 0 0-6.33 0l-3.89 3.88a1 1 0 0 0 1.42 1.42l3.88-3.88a2.52 2.52 0 0 1 3.5 0 2.47 2.47 0 0 1 0 3.5l-3.88 3.88a1 1 0 1 0 1.42 1.42l3.88-3.89a4.49 4.49 0 0 0 0-6.33ZM8.83 15.17a1 1 0 0 0 1.1.22 1 1 0 0 0 .32-.22l4.92-4.92a1 1 0 0 0-1.42-1.42l-4.92 4.92a1 1 0 0 0 0 1.42Z\"></path></svg>\n </a>\n </div>\n <p>One of our network engineers recorded the following video of network routes being withdrawn. Syrian Telecommunications (AS29386) is represented by the red dot in the middle of the video. The lines represent routes to the Syrian upstream providers.</p><p>Video created with <a href=\"http://www.dia.uniroma3.it/~compunet/www/view/tool.php?id=bgplay\">BGPlay</a> by Roma Tre University</p><p>Beginning at 1026 UTC, routes were withdrawn for PCCW. The routing shifted primarily to Turk Telekom. Routes to Telecom Italia and TATA were also withdrawn, but has less of an impact. Then, at 1028 UTC, routes were withdrawn for Turk Telekom. After that, Syria was effectively cut off from the Internet. (Note that the remaining path that appears to be present in the video is an anomaly. We have confirmed that it is not actually active.)</p><p>While we cannot know for sure, our network team estimates that Syria likely has a small number of edge routers. All the edge routers are controlled by Syrian Telecommunications. The systematic way in which routes were withdrawn suggests that this was done through updates in router configurations, not through a physical failure or cable cut.</p>\n <div class=\"flex anchor relative\">\n <h3 id=\"what-syrians-were-surfing-before-the-internet-was-turned-off\">What Syrians Were Surfing Before the Internet Was Turned Off</h3>\n <a href=\"#what-syrians-were-surfing-before-the-internet-was-turned-off\" aria-hidden=\"true\" class=\"relative sm:absolute sm:-left-5\">\n <svg width=\"16\" height=\"16\" viewBox=\"0 0 24 24\"><path fill=\"currentcolor\" d=\"m12.11 15.39-3.88 3.88a2.52 2.52 0 0 1-3.5 0 2.47 2.47 0 0 1 0-3.5l3.88-3.88a1 1 0 0 0-1.42-1.42l-3.88 3.89a4.48 4.48 0 0 0 6.33 6.33l3.89-3.88a1 1 0 1 0-1.42-1.42Zm8.58-12.08a4.49 4.49 0 0 0-6.33 0l-3.89 3.88a1 1 0 0 0 1.42 1.42l3.88-3.88a2.52 2.52 0 0 1 3.5 0 2.47 2.47 0 0 1 0 3.5l-3.88 3.88a1 1 0 1 0 1.42 1.42l3.88-3.89a4.49 4.49 0 0 0 0-6.33ZM8.83 15.17a1 1 0 0 0 1.1.22 1 1 0 0 0 .32-.22l4.92-4.92a1 1 0 0 0-1.42-1.42l-4.92 4.92a1 1 0 0 0 0 1.42Z\"></path></svg>\n </a>\n </div>\n \n <figure class=\"kg-card kg-image-card \">\n \n <Image src=\"https://cf-assets.www.cloudflare.com/zkvhlag99gkb/2hpWDo3CJCFghm0Mm82iZI/69ba5239c8e693a05aa2445d30490b55/last_site_syrians_accessed.jpg.scaled500.jpg\" alt=\"How Syria Turned Off the Internet\" class=\"kg-image\" width=\"500\" height=\"232\" loading=\"lazy\"/>\n \n </figure><p>The last four sites on CloudFlare that received requests from Syria inthe seconds before access was cut were:</p><ul><li><p>fotoobook.com - a photo sharing blog</p></li><li><p>aliqtisadi.com - a Syrian news site</p></li><li><p>madinah.com - a Muslim-oriented social network</p></li><li><p>to2.xxx - a porn site (warning: not safe for work)</p></li></ul><p>In other words, traffic from Syrians accessing the Internet in the moments before they were cut off from the rest of the world looks remarkably similar to traffic from any part of the world.</p><p>As we have posted about recently, we <a href=\"/ceasefires-dont-end-cyberwars\">don&#39;t believe our role is to take sides in political conflicts</a>. However, we do believe it is our mission to help build a better Internet where everyone can have a voice and access information. It is therefore deeply troubling to the CloudFlare team when we see an entire nation cut off from the ability to access and report information. Our thoughts are with the Syrian people and we hope connectivity, and peace, will be quickly restored.</p><hr/><p><b>UPDATE:</b> Syrian Internet access appears to be at least partiallyrestored as of 1 December 2012 at 1432 UTC. We have confirmed both thatthe BGP routes are reestablished and traffic from both wired and mobiledevices is flowing to CloudFlare&#39;s network. We&#39;ve posted a blog post with more details <a href=\"/syrian-internet-access-appears-partially-rees\">here</a>.</p>"],"published_at":[0,"2012-11-29T20:13:00.000+00:00"],"updated_at":[0,"2024-10-10T00:37:19.602Z"],"feature_image":[0,"https://cf-assets.www.cloudflare.com/zkvhlag99gkb/5Quh4EHZY3G7rN3VzSqDBd/cbca33ed5b45c02c6788ce6b703629e8/how-syria-turned-off-the-internet.png"],"tags":[1,[[0,{"id":[0,"1U6ifhBwTuaJ2w4pjNOzNT"],"name":[0,"Network"],"slug":[0,"network"]}],[0,{"id":[0,"5O7yCWW0RgXMAc5MVjwcGS"],"name":[0,"BGP"],"slug":[0,"bgp"]}],[0,{"id":[0,"4yliZlpBPZpOwBDZzo1tTh"],"name":[0,"Outage"],"slug":[0,"outage"]}],[0,{"id":[0,"QJ8Ws6c2cEInikCK2uIOC"],"name":[0,"Syria"],"slug":[0,"syria"]}]]],"relatedTags":[0],"authors":[1,[[0,{"name":[0,"Matthew Prince"],"slug":[0,"matthew-prince"],"bio":[0,"A little bit geek, wonk, and nerd. Repeat entrepreneur, recovering lawyer, and former ski instructor. Co-founder & CEO of Cloudflare (NYSE: NET)."],"profile_image":[0,"https://cf-assets.www.cloudflare.com/zkvhlag99gkb/1VD9WePJ1jvjFwuSRF0IfQ/5e4f7d5fd4825358b33b2ead623140d8/matthew-prince.jpeg"],"location":[0,"San Francisco, CA"],"website":[0,null],"twitter":[0,"@eastdakota"],"facebook":[0,null]}]]],"meta_description":[0,null],"primary_author":[0,{}],"localeList":[0,{"name":[0,"How Syria Turned Off the Internet Config"],"enUS":[0,"English for Locale"],"zhCN":[0,"No Page for Locale"],"zhHansCN":[0,"No Page for Locale"],"zhTW":[0,"No Page for Locale"],"frFR":[0,"No Page for Locale"],"deDE":[0,"No Page for Locale"],"itIT":[0,"No Page for Locale"],"jaJP":[0,"No Page for Locale"],"koKR":[0,"No Page for Locale"],"ptBR":[0,"No Page for Locale"],"esLA":[0,"No Page for Locale"],"esES":[0,"No Page for Locale"],"enAU":[0,"No Page for Locale"],"enCA":[0,"No Page for Locale"],"enIN":[0,"No Page for Locale"],"enGB":[0,"No Page for Locale"],"idID":[0,"No Page for Locale"],"ruRU":[0,"No Page for Locale"],"svSE":[0,"No Page for Locale"],"viVN":[0,"No Page for Locale"],"plPL":[0,"No Page for Locale"],"arAR":[0,"No Page for Locale"],"nlNL":[0,"No Page for Locale"],"thTH":[0,"No Page for Locale"],"trTR":[0,"No Page for Locale"],"heIL":[0,"No Page for Locale"],"lvLV":[0,"No Page for Locale"],"etEE":[0,"No Page for Locale"],"ltLT":[0,"No Page for Locale"]}],"url":[0,"https://blog.cloudflare.com/how-syria-turned-off-the-internet"],"metadata":[0,{"title":[0],"description":[0],"imgPreview":[0,""]}]}],"tagInfo":[0],"authorInfo":[0],"translatedPosts":[1,[]]}" ssr client="only" opts="{"name":"GoogleAnalytics","value":"react"}"></astro-island><script>(()=>{var l=(n,t)=>{let i=async()=>{await(await n())()},e=typeof t.value=="object"?t.value:void 0,s={timeout:e==null?void 0:e.timeout};"requestIdleCallback"in window?window.requestIdleCallback(i,s):setTimeout(i,s.timeout||200)};(self.Astro||(self.Astro={})).idle=l;window.dispatchEvent(new Event("astro:idle"));})();</script><astro-island uid="Z1lFQSj" prefix="r3" component-url="/_astro/Navigation.Ca4LVjFx.js" component-export="Navigation" renderer-url="/_astro/client.DLO1yDVm.js" props="{"title":[0,"The Cloudflare Blog"],"logo":[0,"//images.ctfassets.net/zkvhlag99gkb/69RwBidpiEHCDZ9rFVVk7T/092507edbed698420b89658e5a6d5105/CF_logo_stacked_blktype.png"],"pagesStore":[0,{"page":[0,"Post"],"slug":[0,"how-syria-turned-off-the-internet"],"translationsAvailable":[1,[]],"navData":[1,[[0,{"metadata":[0,{"tags":[1,[]],"concepts":[1,[]]}],"sys":[0,{"space":[0,{"sys":[0,{"type":[0,"Link"],"linkType":[0,"Space"],"id":[0,"zkvhlag99gkb"]}]}],"id":[0,"J61Eszqn98amrYHq4IhTx"],"type":[0,"Entry"],"createdAt":[0,"2024-10-09T19:43:46.068Z"],"updatedAt":[0,"2025-01-17T15:39:10.224Z"],"environment":[0,{"sys":[0,{"id":[0,"master"],"type":[0,"Link"],"linkType":[0,"Environment"]}]}],"publishedVersion":[0,41],"revision":[0,18],"contentType":[0,{"sys":[0,{"type":[0,"Link"],"linkType":[0,"ContentType"],"id":[0,"blogTag"]}]}],"locale":[0,"en-US"]}],"fields":[0,{"entryTitle":[0,"Zero Trust"],"name":[0,"Zero Trust"],"slug":[0,"zero-trust"],"featured":[0,true]}]}],[0,{"metadata":[0,{"tags":[1,[]],"concepts":[1,[]]}],"sys":[0,{"space":[0,{"sys":[0,{"type":[0,"Link"],"linkType":[0,"Space"],"id":[0,"zkvhlag99gkb"]}]}],"id":[0,"5kZtWqjqa7aOUoZr8NFGwI"],"type":[0,"Entry"],"createdAt":[0,"2024-10-09T19:43:26.040Z"],"updatedAt":[0,"2025-01-17T15:39:10.006Z"],"environment":[0,{"sys":[0,{"id":[0,"master"],"type":[0,"Link"],"linkType":[0,"Environment"]}]}],"publishedVersion":[0,30],"revision":[0,12],"contentType":[0,{"sys":[0,{"type":[0,"Link"],"linkType":[0,"ContentType"],"id":[0,"blogTag"]}]}],"locale":[0,"en-US"]}],"fields":[0,{"entryTitle":[0,"Cloudflare Radar"],"name":[0,"Radar"],"slug":[0,"cloudflare-radar"],"featured":[0,true]}]}],[0,{"metadata":[0,{"tags":[1,[]],"concepts":[1,[]]}],"sys":[0,{"space":[0,{"sys":[0,{"type":[0,"Link"],"linkType":[0,"Space"],"id":[0,"zkvhlag99gkb"]}]}],"id":[0,"16yk8DVbNNifxov5cWvAov"],"type":[0,"Entry"],"createdAt":[0,"2024-10-09T19:56:23.848Z"],"updatedAt":[0,"2025-01-17T15:39:09.435Z"],"environment":[0,{"sys":[0,{"id":[0,"master"],"type":[0,"Link"],"linkType":[0,"Environment"]}]}],"publishedVersion":[0,39],"revision":[0,19],"contentType":[0,{"sys":[0,{"type":[0,"Link"],"linkType":[0,"ContentType"],"id":[0,"blogTag"]}]}],"locale":[0,"en-US"]}],"fields":[0,{"entryTitle":[0,"Policy & Legal"],"name":[0,"Policy & Legal"],"slug":[0,"policy"],"featured":[0,true]}]}],[0,{"metadata":[0,{"tags":[1,[]],"concepts":[1,[]]}],"sys":[0,{"space":[0,{"sys":[0,{"type":[0,"Link"],"linkType":[0,"Space"],"id":[0,"zkvhlag99gkb"]}]}],"id":[0,"4g8tPriKOAUwdUT4jNPebe"],"type":[0,"Entry"],"createdAt":[0,"2024-10-09T19:46:40.927Z"],"updatedAt":[0,"2025-01-17T15:39:08.918Z"],"environment":[0,{"sys":[0,{"id":[0,"master"],"type":[0,"Link"],"linkType":[0,"Environment"]}]}],"publishedVersion":[0,35],"revision":[0,15],"contentType":[0,{"sys":[0,{"type":[0,"Link"],"linkType":[0,"ContentType"],"id":[0,"blogTag"]}]}],"locale":[0,"en-US"]}],"fields":[0,{"entryTitle":[0,"Life at Cloudflare"],"name":[0,"Life at Cloudflare"],"slug":[0,"life-at-cloudflare"],"featured":[0,true]}]}],[0,{"metadata":[0,{"tags":[1,[]],"concepts":[1,[]]}],"sys":[0,{"space":[0,{"sys":[0,{"type":[0,"Link"],"linkType":[0,"Space"],"id":[0,"zkvhlag99gkb"]}]}],"id":[0,"4HIPcb68qM0e26fIxyfzwQ"],"type":[0,"Entry"],"createdAt":[0,"2024-10-09T19:43:21.536Z"],"updatedAt":[0,"2025-01-17T15:39:08.624Z"],"environment":[0,{"sys":[0,{"id":[0,"master"],"type":[0,"Link"],"linkType":[0,"Environment"]}]}],"publishedVersion":[0,38],"revision":[0,16],"contentType":[0,{"sys":[0,{"type":[0,"Link"],"linkType":[0,"ContentType"],"id":[0,"blogTag"]}]}],"locale":[0,"en-US"]}],"fields":[0,{"entryTitle":[0,"Developers"],"name":[0,"Developers"],"slug":[0,"developers"],"featured":[0,true]}]}],[0,{"metadata":[0,{"tags":[1,[]],"concepts":[1,[]]}],"sys":[0,{"space":[0,{"sys":[0,{"type":[0,"Link"],"linkType":[0,"Space"],"id":[0,"zkvhlag99gkb"]}]}],"id":[0,"6QktrXeEFcl4e2dZUTZVGl"],"type":[0,"Entry"],"createdAt":[0,"2024-10-09T19:43:20.198Z"],"updatedAt":[0,"2025-01-17T15:39:08.256Z"],"environment":[0,{"sys":[0,{"id":[0,"master"],"type":[0,"Link"],"linkType":[0,"Environment"]}]}],"publishedVersion":[0,38],"revision":[0,15],"contentType":[0,{"sys":[0,{"type":[0,"Link"],"linkType":[0,"ContentType"],"id":[0,"blogTag"]}]}],"locale":[0,"en-US"]}],"fields":[0,{"entryTitle":[0,"Product News"],"name":[0,"Product News"],"slug":[0,"product-news"],"featured":[0,true]}]}],[0,{"metadata":[0,{"tags":[1,[]],"concepts":[1,[]]}],"sys":[0,{"space":[0,{"sys":[0,{"type":[0,"Link"],"linkType":[0,"Space"],"id":[0,"zkvhlag99gkb"]}]}],"id":[0,"48r7QV00gLMWOIcM1CSDRy"],"type":[0,"Entry"],"createdAt":[0,"2024-10-09T19:54:22.790Z"],"updatedAt":[0,"2025-01-17T15:39:07.000Z"],"environment":[0,{"sys":[0,{"id":[0,"master"],"type":[0,"Link"],"linkType":[0,"Environment"]}]}],"publishedVersion":[0,39],"revision":[0,17],"contentType":[0,{"sys":[0,{"type":[0,"Link"],"linkType":[0,"ContentType"],"id":[0,"blogTag"]}]}],"locale":[0,"en-US"]}],"fields":[0,{"entryTitle":[0,"Speed & Reliability"],"name":[0,"Speed & Reliability"],"slug":[0,"speed-and-reliability"],"featured":[0,true]}]}],[0,{"metadata":[0,{"tags":[1,[]],"concepts":[1,[]]}],"sys":[0,{"space":[0,{"sys":[0,{"type":[0,"Link"],"linkType":[0,"Space"],"id":[0,"zkvhlag99gkb"]}]}],"id":[0,"V86khSc459Yi1AhTlvtY7"],"type":[0,"Entry"],"createdAt":[0,"2024-10-09T19:46:53.657Z"],"updatedAt":[0,"2025-01-17T12:52:10.574Z"],"environment":[0,{"sys":[0,{"id":[0,"master"],"type":[0,"Link"],"linkType":[0,"Environment"]}]}],"publishedVersion":[0,41],"revision":[0,13],"contentType":[0,{"sys":[0,{"type":[0,"Link"],"linkType":[0,"ContentType"],"id":[0,"blogTag"]}]}],"locale":[0,"en-US"]}],"fields":[0,{"entryTitle":[0,"Partners"],"name":[0,"Partners"],"slug":[0,"partners"],"featured":[0,true]}]}],[0,{"metadata":[0,{"tags":[1,[]],"concepts":[1,[]]}],"sys":[0,{"space":[0,{"sys":[0,{"type":[0,"Link"],"linkType":[0,"Space"],"id":[0,"zkvhlag99gkb"]}]}],"id":[0,"6Mp7ouACN2rT3YjL1xaXJx"],"type":[0,"Entry"],"createdAt":[0,"2024-10-09T19:42:46.231Z"],"updatedAt":[0,"2025-01-17T12:52:09.920Z"],"environment":[0,{"sys":[0,{"id":[0,"master"],"type":[0,"Link"],"linkType":[0,"Environment"]}]}],"publishedVersion":[0,35],"revision":[0,11],"contentType":[0,{"sys":[0,{"type":[0,"Link"],"linkType":[0,"ContentType"],"id":[0,"blogTag"]}]}],"locale":[0,"en-US"]}],"fields":[0,{"entryTitle":[0,"Security"],"name":[0,"Security"],"slug":[0,"security"],"featured":[0,true]}]}],[0,{"metadata":[0,{"tags":[1,[]],"concepts":[1,[]]}],"sys":[0,{"space":[0,{"sys":[0,{"type":[0,"Link"],"linkType":[0,"Space"],"id":[0,"zkvhlag99gkb"]}]}],"id":[0,"6Foe3R8of95cWVnQwe5Toi"],"type":[0,"Entry"],"createdAt":[0,"2024-10-09T22:44:28.803Z"],"updatedAt":[0,"2025-01-17T12:52:08.444Z"],"environment":[0,{"sys":[0,{"id":[0,"master"],"type":[0,"Link"],"linkType":[0,"Environment"]}]}],"publishedVersion":[0,41],"revision":[0,14],"contentType":[0,{"sys":[0,{"type":[0,"Link"],"linkType":[0,"ContentType"],"id":[0,"blogTag"]}]}],"locale":[0,"en-US"]}],"fields":[0,{"entryTitle":[0,"AI"],"name":[0,"AI"],"slug":[0,"ai"],"featured":[0,true]}]}]]]}],"locale":[0,"en-us"],"translations":[0,{"posts.by":[0,"By"],"footer.gdpr":[0,"GDPR"],"lang_blurb1":[0,"This post is also available in {lang1}."],"lang_blurb2":[0,"This post is also available in {lang1} and {lang2}."],"lang_blurb3":[0,"This post is also available in {lang1}, {lang2} and {lang3}."],"footer.press":[0,"Press"],"header.title":[0,"The Cloudflare Blog"],"search.clear":[0,"Clear"],"search.filter":[0,"Filter"],"search.source":[0,"Source"],"footer.careers":[0,"Careers"],"footer.company":[0,"Company"],"footer.support":[0,"Support"],"footer.the_net":[0,"theNet"],"search.filters":[0,"Filters"],"footer.our_team":[0,"Our team"],"footer.webinars":[0,"Webinars"],"page.more_posts":[0,"More posts"],"posts.time_read":[0,"{time} min read"],"search.language":[0,"Language"],"footer.community":[0,"Community"],"footer.resources":[0,"Resources"],"footer.solutions":[0,"Solutions"],"footer.trademark":[0,"Trademark"],"header.subscribe":[0,"Subscribe"],"footer.compliance":[0,"Compliance"],"footer.free_plans":[0,"Free plans"],"footer.impact_ESG":[0,"Impact/ESG"],"posts.follow_on_X":[0,"Follow on X"],"footer.help_center":[0,"Help center"],"footer.network_map":[0,"Network Map"],"header.please_wait":[0,"Please Wait"],"page.related_posts":[0,"Related posts"],"search.result_stat":[0,"Results <strong>{search_range}</strong> of <strong>{search_total}</strong> for <strong>{search_keyword}</strong>"],"footer.case_studies":[0,"Case Studies"],"footer.connect_2024":[0,"Connect 2024"],"footer.terms_of_use":[0,"Terms of Use"],"footer.white_papers":[0,"White Papers"],"footer.cloudflare_tv":[0,"Cloudflare TV"],"footer.community_hub":[0,"Community Hub"],"footer.compare_plans":[0,"Compare plans"],"footer.contact_sales":[0,"Contact Sales"],"header.contact_sales":[0,"Contact Sales"],"header.email_address":[0,"Email Address"],"page.error.not_found":[0,"Page not found"],"footer.developer_docs":[0,"Developer docs"],"footer.privacy_policy":[0,"Privacy Policy"],"footer.request_a_demo":[0,"Request a demo"],"page.continue_reading":[0,"Continue reading"],"footer.analysts_report":[0,"Analyst reports"],"footer.for_enterprises":[0,"For enterprises"],"footer.getting_started":[0,"Getting Started"],"footer.learning_center":[0,"Learning Center"],"footer.project_galileo":[0,"Project Galileo"],"pagination.newer_posts":[0,"Newer Posts"],"pagination.older_posts":[0,"Older Posts"],"posts.social_buttons.x":[0,"Discuss on X"],"search.source_location":[0,"Source/Location"],"footer.about_cloudflare":[0,"About Cloudflare"],"footer.athenian_project":[0,"Athenian Project"],"footer.become_a_partner":[0,"Become a partner"],"footer.cloudflare_radar":[0,"Cloudflare Radar"],"footer.network_services":[0,"Network services"],"footer.trust_and_safety":[0,"Trust & Safety"],"header.get_started_free":[0,"Get Started Free"],"page.search.placeholder":[0,"Search Cloudflare"],"footer.cloudflare_status":[0,"Cloudflare Status"],"footer.cookie_preference":[0,"Cookie Preferences"],"header.valid_email_error":[0,"Must be valid email."],"footer.connectivity_cloud":[0,"Connectivity cloud"],"footer.developer_services":[0,"Developer services"],"footer.investor_relations":[0,"Investor relations"],"page.not_found.error_code":[0,"Error Code: 404"],"footer.logos_and_press_kit":[0,"Logos & press kit"],"footer.application_services":[0,"Application services"],"footer.get_a_recommendation":[0,"Get a recommendation"],"posts.social_buttons.reddit":[0,"Discuss on Reddit"],"footer.sse_and_sase_services":[0,"SSE and SASE services"],"page.not_found.outdated_link":[0,"You may have used an outdated link, or you may have typed the address incorrectly."],"footer.report_security_issues":[0,"Report Security Issues"],"page.error.error_message_page":[0,"Sorry, we can't find the page you are looking for."],"header.subscribe_notifications":[0,"Subscribe to receive notifications of new posts:"],"footer.cloudflare_for_campaigns":[0,"Cloudflare for Campaigns"],"header.subscription_confimation":[0,"Subscription confirmed. Thank you for subscribing!"],"posts.social_buttons.hackernews":[0,"Discuss on Hacker News"],"footer.diversity_equity_inclusion":[0,"Diversity, equity & inclusion"],"footer.critical_infrastructure_defense_project":[0,"Critical Infrastructure Defense Project"]}]}" ssr client="idle" opts="{"name":"NavigationComponent","value":true}" await-children><header class="flex flex-row flex-wrap justify-between items-flex-end mw8 center mv3 pl3 pr1"><div class="w-100 flex items-flex-end justify-between justify-start-l"><div class="w-100 tr flex justify-end"><div class="flex justify-between items-center"><span class="dn di-l pr1"><a href="https://dash.cloudflare.com/sign-up" class="f1 blue1 dn di-l b no-underline underline-hover" target="_blank" rel="noreferrer">Get Started Free</a></span><span class="f1 gray4 dn di-l pr1">|</span><span class="dn di-l"><a target="_blank" href="https://www.cloudflare.com/plans/enterprise/contact/" class="f1 gray4 no-underline underline-hover pr1" rel="noreferrer">Contact Sales</a></span></div></div></div><div class="w-100 w-50-l flex items-end nb5 nb1-l"><a href="/" class="header-logo mr4 dn db-l"><img class="header-logo" src="https://cf-assets.www.cloudflare.com/zkvhlag99gkb/69RwBidpiEHCDZ9rFVVk7T/092507edbed698420b89658e5a6d5105/CF_logo_stacked_blktype.png" alt="The Cloudflare Blog" width="170" height="57"/></a><h2 class="mt0 mb1 dn di-l"><a href="/" class="fw5 f5 gray3 no-underline"><span class="dn di-l">The Cloudflare Blog</span></a></h2></div><div class="w-100 w-50-l dn db-l"><div class="w-100 tr mkto-sub-message"><p class="f2">Subscribe to receive notifications of new posts:</p></div><div class="w-100 tr"><div class="marketo-form-container"><form id="mktoForm_1653"><div class="top-subscribe-form-container"><div class="top-subscribe-form-field"><input placeholder="Email Address" class="top-subscribe-form-input" name="email" type="email" title="Must be valid email."/></div><button class="top-subscribe-form-button" type="button">Subscribe</button></div></form></div></div></div></header><nav dir="ltr" class="bb b--black-10 db dn-l w-100 ph3 "><div class=" flex justify-between items-center" style="height:44px"><a href="/search/"><img class="h-6 w-6" src="/images/magnifier.svg" alt="magnifier icon"/></a><button type="button" style="background:transparent;border:none"><img src="/images/hamburger.svg" alt="hamburger menu"/></button></div><div class="js-mobile-nav-container dn"><div class="flex flex-column flex-wrap bg-gray9 o-95 absolute w-90 ph3 z-1"><div class="pv3 ph2 tl"><a href="/tag/zero-trust/" class="no-underline gray1 f4 fw7">Zero Trust</a></div><div class="pv3 ph2 tl"><a href="/tag/cloudflare-radar/" class="no-underline gray1 f4 fw7">Radar</a></div><div class="pv3 ph2 tl"><a href="/tag/policy/" class="no-underline gray1 f4 fw7">Policy & Legal</a></div><div class="pv3 ph2 tl"><a href="/tag/life-at-cloudflare/" class="no-underline gray1 f4 fw7">Life at Cloudflare</a></div><div class="pv3 ph2 tl"><a href="/tag/developers/" class="no-underline gray1 f4 fw7">Developers</a></div><div class="pv3 ph2 tl"><a href="/tag/product-news/" class="no-underline gray1 f4 fw7">Product News</a></div><div class="pv3 ph2 tl"><a href="/tag/speed-and-reliability/" class="no-underline gray1 f4 fw7">Speed & Reliability</a></div><div class="pv3 ph2 tl"><a href="/tag/partners/" class="no-underline gray1 f4 fw7">Partners</a></div><div class="pv3 ph2 tl"><a href="/tag/security/" class="no-underline gray1 f4 fw7">Security</a></div><div class="pv3 ph2 tl"><a href="/tag/ai/" class="no-underline gray1 f4 fw7">AI</a></div></div></div></nav><nav id="nav" class="w-100 bb-0 bb-l b--black-10 z-1"><div id="desktop-nav-items-container" class="flex flex-wrap justify-between items-center mw8 center mv3 mv0-l"><div data-tag="zero-trust" class="nav-item nav-item-desktop ml3 mr2 dn db-l pv3"><a href="/tag/zero-trust/" class="no-underline gray1 f2 fw5 pv3">Zero Trust</a></div><div data-tag="cloudflare-radar" class="nav-item nav-item-desktop ml3 mr2 dn db-l pv3"><a href="/tag/cloudflare-radar/" class="no-underline gray1 f2 fw5 pv3">Radar</a></div><div data-tag="policy" class="nav-item nav-item-desktop ml3 mr2 dn db-l pv3"><a href="/tag/policy/" class="no-underline gray1 f2 fw5 pv3">Policy & Legal</a></div><div data-tag="life-at-cloudflare" class="nav-item nav-item-desktop ml3 mr2 dn db-l pv3"><a href="/tag/life-at-cloudflare/" class="no-underline gray1 f2 fw5 pv3">Life at Cloudflare</a></div><div data-tag="developers" class="nav-item nav-item-desktop ml3 mr2 dn db-l pv3"><a href="/tag/developers/" class="no-underline gray1 f2 fw5 pv3">Developers</a></div><div data-tag="product-news" class="nav-item nav-item-desktop ml3 mr2 dn db-l pv3"><a href="/tag/product-news/" class="no-underline gray1 f2 fw5 pv3">Product News</a></div><div data-tag="speed-and-reliability" class="nav-item nav-item-desktop ml3 mr2 dn db-l pv3"><a href="/tag/speed-and-reliability/" class="no-underline gray1 f2 fw5 pv3">Speed & Reliability</a></div><div data-tag="partners" class="nav-item nav-item-desktop ml3 mr2 dn db-l pv3"><a href="/tag/partners/" class="no-underline gray1 f2 fw5 pv3">Partners</a></div><div data-tag="security" class="nav-item nav-item-desktop ml3 mr2 dn db-l pv3"><a href="/tag/security/" class="no-underline gray1 f2 fw5 pv3">Security</a></div><div data-tag="ai" class="nav-item nav-item-desktop ml3 mr2 dn db-l pv3"><a href="/tag/ai/" class="no-underline gray1 f2 fw5 pv3">AI</a></div><div class="nav-item ml2 mr3 dn db-l pv3" data-tag="search icon"><a href="/search/"><img id="search-icon" class="h-6 w-6" src="/images/magnifier.svg" alt="magnifier icon"/></a></div></div></nav></astro-island><progress class="reading-progress" value="0" max="100" aria-label="Reading progress"></progress><script>(()=>{var e=async t=>{await(await t())()};(self.Astro||(self.Astro={})).load=e;window.dispatchEvent(new Event("astro:load"));})();</script><astro-island uid="pN9BI" prefix="r1" component-url="/_astro/Post.D_M1NIKK.js" component-export="Post" renderer-url="/_astro/client.DLO1yDVm.js" props="{"post":[0,{"id":[0,"8BPLBWT6UrAceFst1crWn"],"title":[0,"How Syria Turned Off the Internet"],"slug":[0,"how-syria-turned-off-the-internet"],"excerpt":[0,"Today, 29 November 2012, between 1026 and 1028 (UTC), all traffic from Syria to the rest of the Internet stopped. At CloudFlare, we witnessed the drop off. We've spent the morning studying the situation to understand what happened. "],"featured":[0,false],"html":[0,"<p>Today, 29 November 2012, between 1026 and 1028 (UTC), all traffic from Syria to the rest of the Internet stopped. At CloudFlare, we witnessed the drop off. We&#39;ve spent the morning studying the situation to understand what happened. The following graph shows the last several days of traffic coming to CloudFlare&#39;s network from Syria.</p>\n <figure class=\"kg-card kg-image-card \">\n \n <Image src=\"https://cf-assets.www.cloudflare.com/zkvhlag99gkb/15PG5gGBgjyWNgcGPf3m7h/8fdab987395e1c194b84270dd502cb56/cloudflare_syrian_traffic_utc.png.scaled500.png\" alt=\"How Syria Turned Off the\nInternet\" class=\"kg-image\" width=\"500\" height=\"239\" loading=\"lazy\"/>\n \n </figure><p>Since the beginning of today&#39;s outage, we have received no requests from Syrian IP space. That is a more complete blackout than we&#39;ve seen when other countries have been cut from the Internet (see, for example, Egypt where while <a href=\"/what-egypt-shutting-down-the-internet-looks-l\">most traffic was cut off some requests still trickled out)</a>.</p><p>The graph above shows two other incidents over the last week. On 25 November 2012 at approximately 0800 UTC we witnessed a 15 minute period during which Syrian traffic was cut to only 13% of normal levels. Again on 27 November 2012 at 0730 UTC, we saw a 15 minute period during which traffic dropped to only 0.2% of normal.</p>\n <div class=\"flex anchor relative\">\n <h3 id=\"what-happened\">What Happened?</h3>\n <a href=\"#what-happened\" aria-hidden=\"true\" class=\"relative sm:absolute sm:-left-5\">\n <svg width=\"16\" height=\"16\" viewBox=\"0 0 24 24\"><path fill=\"currentcolor\" d=\"m12.11 15.39-3.88 3.88a2.52 2.52 0 0 1-3.5 0 2.47 2.47 0 0 1 0-3.5l3.88-3.88a1 1 0 0 0-1.42-1.42l-3.88 3.89a4.48 4.48 0 0 0 6.33 6.33l3.89-3.88a1 1 0 1 0-1.42-1.42Zm8.58-12.08a4.49 4.49 0 0 0-6.33 0l-3.89 3.88a1 1 0 0 0 1.42 1.42l3.88-3.88a2.52 2.52 0 0 1 3.5 0 2.47 2.47 0 0 1 0 3.5l-3.88 3.88a1 1 0 1 0 1.42 1.42l3.88-3.89a4.49 4.49 0 0 0 0-6.33ZM8.83 15.17a1 1 0 0 0 1.1.22 1 1 0 0 0 .32-.22l4.92-4.92a1 1 0 0 0-1.42-1.42l-4.92 4.92a1 1 0 0 0 0 1.42Z\"></path></svg>\n </a>\n </div>\n <p>The Syrian Minister of Information is being <a href=\"http://www.jpost.com/Headlines/Article.aspx?id=294001\">reported assaying</a> that the government did not disable the Internet, but instead the outage was caused by a cable being cut. Specifically: &quot;It is not true that the state cut the Internet. The terrorists targeted the Internet lines, resulting in some regions being cut off.&quot; From our investigation, that appears unlikely to be the case.</p><p>To begin, all connectivity to Syria, not just some regions, has been cut. The exclusive provider of Internet access in Syria is the state-run Syrian Telecommunications Establishment. Their network AS number is AS29386. The following network providers typically provide connectivity from Syria to the rest of the Internet: PCCW and Turk Telekom as the primary providers with Telecom Italia and TATA for additional capacity. When the outage happened, the BGP routes to Syrian IP space were all simultaneously withdrawn from all of Syria&#39;s upstream providers. The effect of this is that networks were unable to route traffic to Syrian IP space, effectively cutting the country off the Internet.</p><p>Syria has 4 physical cables that connect it to the rest of the Internet. Three are undersea cables that land in the city of Tartous, Syria. The fourth is an over-land cable through Turkey. In order for a whole-country outage, all four of these cables would have had to been cut simultaneously. That is unlikely to have happened.</p>\n <div class=\"flex anchor relative\">\n <h3 id=\"watching-the-shutdown-happen\">Watching the Shutdown Happen</h3>\n <a href=\"#watching-the-shutdown-happen\" aria-hidden=\"true\" class=\"relative sm:absolute sm:-left-5\">\n <svg width=\"16\" height=\"16\" viewBox=\"0 0 24 24\"><path fill=\"currentcolor\" d=\"m12.11 15.39-3.88 3.88a2.52 2.52 0 0 1-3.5 0 2.47 2.47 0 0 1 0-3.5l3.88-3.88a1 1 0 0 0-1.42-1.42l-3.88 3.89a4.48 4.48 0 0 0 6.33 6.33l3.89-3.88a1 1 0 1 0-1.42-1.42Zm8.58-12.08a4.49 4.49 0 0 0-6.33 0l-3.89 3.88a1 1 0 0 0 1.42 1.42l3.88-3.88a2.52 2.52 0 0 1 3.5 0 2.47 2.47 0 0 1 0 3.5l-3.88 3.88a1 1 0 1 0 1.42 1.42l3.88-3.89a4.49 4.49 0 0 0 0-6.33ZM8.83 15.17a1 1 0 0 0 1.1.22 1 1 0 0 0 .32-.22l4.92-4.92a1 1 0 0 0-1.42-1.42l-4.92 4.92a1 1 0 0 0 0 1.42Z\"></path></svg>\n </a>\n </div>\n <p>One of our network engineers recorded the following video of network routes being withdrawn. Syrian Telecommunications (AS29386) is represented by the red dot in the middle of the video. The lines represent routes to the Syrian upstream providers.</p><p>Video created with <a href=\"http://www.dia.uniroma3.it/~compunet/www/view/tool.php?id=bgplay\">BGPlay</a> by Roma Tre University</p><p>Beginning at 1026 UTC, routes were withdrawn for PCCW. The routing shifted primarily to Turk Telekom. Routes to Telecom Italia and TATA were also withdrawn, but has less of an impact. Then, at 1028 UTC, routes were withdrawn for Turk Telekom. After that, Syria was effectively cut off from the Internet. (Note that the remaining path that appears to be present in the video is an anomaly. We have confirmed that it is not actually active.)</p><p>While we cannot know for sure, our network team estimates that Syria likely has a small number of edge routers. All the edge routers are controlled by Syrian Telecommunications. The systematic way in which routes were withdrawn suggests that this was done through updates in router configurations, not through a physical failure or cable cut.</p>\n <div class=\"flex anchor relative\">\n <h3 id=\"what-syrians-were-surfing-before-the-internet-was-turned-off\">What Syrians Were Surfing Before the Internet Was Turned Off</h3>\n <a href=\"#what-syrians-were-surfing-before-the-internet-was-turned-off\" aria-hidden=\"true\" class=\"relative sm:absolute sm:-left-5\">\n <svg width=\"16\" height=\"16\" viewBox=\"0 0 24 24\"><path fill=\"currentcolor\" d=\"m12.11 15.39-3.88 3.88a2.52 2.52 0 0 1-3.5 0 2.47 2.47 0 0 1 0-3.5l3.88-3.88a1 1 0 0 0-1.42-1.42l-3.88 3.89a4.48 4.48 0 0 0 6.33 6.33l3.89-3.88a1 1 0 1 0-1.42-1.42Zm8.58-12.08a4.49 4.49 0 0 0-6.33 0l-3.89 3.88a1 1 0 0 0 1.42 1.42l3.88-3.88a2.52 2.52 0 0 1 3.5 0 2.47 2.47 0 0 1 0 3.5l-3.88 3.88a1 1 0 1 0 1.42 1.42l3.88-3.89a4.49 4.49 0 0 0 0-6.33ZM8.83 15.17a1 1 0 0 0 1.1.22 1 1 0 0 0 .32-.22l4.92-4.92a1 1 0 0 0-1.42-1.42l-4.92 4.92a1 1 0 0 0 0 1.42Z\"></path></svg>\n </a>\n </div>\n \n <figure class=\"kg-card kg-image-card \">\n \n <Image src=\"https://cf-assets.www.cloudflare.com/zkvhlag99gkb/2hpWDo3CJCFghm0Mm82iZI/69ba5239c8e693a05aa2445d30490b55/last_site_syrians_accessed.jpg.scaled500.jpg\" alt=\"How Syria Turned Off the Internet\" class=\"kg-image\" width=\"500\" height=\"232\" loading=\"lazy\"/>\n \n </figure><p>The last four sites on CloudFlare that received requests from Syria inthe seconds before access was cut were:</p><ul><li><p>fotoobook.com - a photo sharing blog</p></li><li><p>aliqtisadi.com - a Syrian news site</p></li><li><p>madinah.com - a Muslim-oriented social network</p></li><li><p>to2.xxx - a porn site (warning: not safe for work)</p></li></ul><p>In other words, traffic from Syrians accessing the Internet in the moments before they were cut off from the rest of the world looks remarkably similar to traffic from any part of the world.</p><p>As we have posted about recently, we <a href=\"/ceasefires-dont-end-cyberwars\">don&#39;t believe our role is to take sides in political conflicts</a>. However, we do believe it is our mission to help build a better Internet where everyone can have a voice and access information. It is therefore deeply troubling to the CloudFlare team when we see an entire nation cut off from the ability to access and report information. Our thoughts are with the Syrian people and we hope connectivity, and peace, will be quickly restored.</p><hr/><p><b>UPDATE:</b> Syrian Internet access appears to be at least partiallyrestored as of 1 December 2012 at 1432 UTC. We have confirmed both thatthe BGP routes are reestablished and traffic from both wired and mobiledevices is flowing to CloudFlare&#39;s network. We&#39;ve posted a blog post with more details <a href=\"/syrian-internet-access-appears-partially-rees\">here</a>.</p>"],"published_at":[0,"2012-11-29T20:13:00.000+00:00"],"updated_at":[0,"2024-10-10T00:37:19.602Z"],"feature_image":[0,"https://cf-assets.www.cloudflare.com/zkvhlag99gkb/5Quh4EHZY3G7rN3VzSqDBd/cbca33ed5b45c02c6788ce6b703629e8/how-syria-turned-off-the-internet.png"],"tags":[1,[[0,{"id":[0,"1U6ifhBwTuaJ2w4pjNOzNT"],"name":[0,"Network"],"slug":[0,"network"]}],[0,{"id":[0,"5O7yCWW0RgXMAc5MVjwcGS"],"name":[0,"BGP"],"slug":[0,"bgp"]}],[0,{"id":[0,"4yliZlpBPZpOwBDZzo1tTh"],"name":[0,"Outage"],"slug":[0,"outage"]}],[0,{"id":[0,"QJ8Ws6c2cEInikCK2uIOC"],"name":[0,"Syria"],"slug":[0,"syria"]}]]],"relatedTags":[0],"authors":[1,[[0,{"name":[0,"Matthew Prince"],"slug":[0,"matthew-prince"],"bio":[0,"A little bit geek, wonk, and nerd. Repeat entrepreneur, recovering lawyer, and former ski instructor. Co-founder & CEO of Cloudflare (NYSE: NET)."],"profile_image":[0,"https://cf-assets.www.cloudflare.com/zkvhlag99gkb/1VD9WePJ1jvjFwuSRF0IfQ/5e4f7d5fd4825358b33b2ead623140d8/matthew-prince.jpeg"],"location":[0,"San Francisco, CA"],"website":[0,null],"twitter":[0,"@eastdakota"],"facebook":[0,null]}]]],"meta_description":[0,null],"primary_author":[0,{}],"localeList":[0,{"name":[0,"How Syria Turned Off the Internet Config"],"enUS":[0,"English for Locale"],"zhCN":[0,"No Page for Locale"],"zhHansCN":[0,"No Page for Locale"],"zhTW":[0,"No Page for Locale"],"frFR":[0,"No Page for Locale"],"deDE":[0,"No Page for Locale"],"itIT":[0,"No Page for Locale"],"jaJP":[0,"No Page for Locale"],"koKR":[0,"No Page for Locale"],"ptBR":[0,"No Page for Locale"],"esLA":[0,"No Page for Locale"],"esES":[0,"No Page for Locale"],"enAU":[0,"No Page for Locale"],"enCA":[0,"No Page for Locale"],"enIN":[0,"No Page for Locale"],"enGB":[0,"No Page for Locale"],"idID":[0,"No Page for Locale"],"ruRU":[0,"No Page for Locale"],"svSE":[0,"No Page for Locale"],"viVN":[0,"No Page for Locale"],"plPL":[0,"No Page for Locale"],"arAR":[0,"No Page for Locale"],"nlNL":[0,"No Page for Locale"],"thTH":[0,"No Page for Locale"],"trTR":[0,"No Page for Locale"],"heIL":[0,"No Page for Locale"],"lvLV":[0,"No Page for Locale"],"etEE":[0,"No Page for Locale"],"ltLT":[0,"No Page for Locale"]}],"url":[0,"https://blog.cloudflare.com/how-syria-turned-off-the-internet"],"metadata":[0,{"title":[0],"description":[0],"imgPreview":[0,""]}]}],"initialReadingTime":[0,"3"],"relatedPosts":[1,[[0,{"id":[0,"6ZxrGIedGqREgTs02vpt0t"],"title":[0,"Multi-Path TCP: revolutionizing connectivity, one path at a time"],"slug":[0,"multi-path-tcp-revolutionizing-connectivity-one-path-at-a-time"],"excerpt":[0,"Multi-Path TCP (MPTCP) leverages multiple network interfaces, like Wi-Fi and cellular, to provide seamless mobility for more reliable connectivity. While promising, MPTCP is still in its early stages,"],"featured":[0,false],"html":[0,"<p></p><p>The Internet is designed to provide multiple paths between two endpoints. Attempts to exploit multi-path opportunities are almost as old as the Internet, culminating in <a href=\"https://datatracker.ietf.org/doc/html/rfc2991\"><u>RFCs</u></a> documenting some of the challenges. Still, today, virtually all end-to-end communication uses only one available path at a time. Why? It turns out that in multi-path setups, even the smallest differences between paths can harm the connection quality due to <a href=\"https://en.wikipedia.org/wiki/Equal-cost_multi-path_routing#History\"><u>packet reordering</u></a> and other issues. As a result, Internet devices usually use a single path and let the routers handle the path selection.</p><p>There is another way. Enter Multi-Path TCP (MPTCP), which exploits the presence of multiple interfaces on a device, such as a mobile phone that has both Wi-Fi and cellular antennas, to achieve multi-path connectivity.</p><p>MPTCP has had a long history — see the <a href=\"https://en.wikipedia.org/wiki/Multipath_TCP\"><u>Wikipedia article</u></a> and the <a href=\"https://datatracker.ietf.org/doc/html/rfc8684\"><u>spec (RFC 8684)</u></a> for details. It&#39;s a major extension to the TCP protocol, and historically most of the TCP changes failed to gain traction. However, MPTCP is supposed to be mostly an operating system feature, making it easy to enable. Applications should only need minor code changes to support it.</p><p>There is a caveat, however: MPTCP is still fairly immature, and while it can use multiple paths, giving it superpowers over regular TCP, it&#39;s not always strictly better than it. Whether MPTCP should be used over TCP is really a case-by-case basis.</p><p>In this blog post we show how to set up MPTCP to find out.</p>\n <div class=\"flex anchor relative\">\n <h2 id=\"subflows\">Subflows</h2>\n <a href=\"#subflows\" aria-hidden=\"true\" class=\"relative sm:absolute sm:-left-5\">\n <svg width=\"16\" height=\"16\" viewBox=\"0 0 24 24\"><path fill=\"currentcolor\" d=\"m12.11 15.39-3.88 3.88a2.52 2.52 0 0 1-3.5 0 2.47 2.47 0 0 1 0-3.5l3.88-3.88a1 1 0 0 0-1.42-1.42l-3.88 3.89a4.48 4.48 0 0 0 6.33 6.33l3.89-3.88a1 1 0 1 0-1.42-1.42Zm8.58-12.08a4.49 4.49 0 0 0-6.33 0l-3.89 3.88a1 1 0 0 0 1.42 1.42l3.88-3.88a2.52 2.52 0 0 1 3.5 0 2.47 2.47 0 0 1 0 3.5l-3.88 3.88a1 1 0 1 0 1.42 1.42l3.88-3.89a4.49 4.49 0 0 0 0-6.33ZM8.83 15.17a1 1 0 0 0 1.1.22 1 1 0 0 0 .32-.22l4.92-4.92a1 1 0 0 0-1.42-1.42l-4.92 4.92a1 1 0 0 0 0 1.42Z\"></path></svg>\n </a>\n </div>\n \n <figure class=\"kg-card kg-image-card\">\n <Image src=\"https://cf-assets.www.cloudflare.com/zkvhlag99gkb/3r8AP5BHbvtYEtXmYSXFwO/36e95cbac93cdecf2f5ee65945abf0b3/Screenshot_2024-12-23_at_3.07.37_PM.png\" alt=\"BLOG-2637 2\" class=\"kg-image\" width=\"1922\" height=\"1004\" loading=\"lazy\"/>\n </figure><p>Internally, MPTCP extends TCP by introducing &quot;subflows&quot;. When everything is working, a single TCP connection can be backed by multiple MPTCP subflows, each using different paths. This is a big deal - a single TCP byte stream is now no longer identified by a single 5-tuple. On Linux you can see the subflows with <code>ss -M</code>, like:</p>\n <pre class=\"language-Rust\"><code class=\"language-Rust\">marek$ ss -tMn dport = :443 | cat\ntcp ESTAB 0 \t0 192.168.2.143%enx2800af081bee:57756 104.28.152.1:443\ntcp ESTAB 0 \t0 192.168.1.149%wlp0s20f3:44719 104.28.152.1:443\nmptcp ESTAB 0 \t0 192.168.2.143:57756 104.28.152.1:443</pre></code>\n <p>Here you can see a single MPTCP connection, composed of two underlying TCP flows.</p>\n <div class=\"flex anchor relative\">\n <h2 id=\"mptcp-aspirations\">MPTCP aspirations</h2>\n <a href=\"#mptcp-aspirations\" aria-hidden=\"true\" class=\"relative sm:absolute sm:-left-5\">\n <svg width=\"16\" height=\"16\" viewBox=\"0 0 24 24\"><path fill=\"currentcolor\" d=\"m12.11 15.39-3.88 3.88a2.52 2.52 0 0 1-3.5 0 2.47 2.47 0 0 1 0-3.5l3.88-3.88a1 1 0 0 0-1.42-1.42l-3.88 3.89a4.48 4.48 0 0 0 6.33 6.33l3.89-3.88a1 1 0 1 0-1.42-1.42Zm8.58-12.08a4.49 4.49 0 0 0-6.33 0l-3.89 3.88a1 1 0 0 0 1.42 1.42l3.88-3.88a2.52 2.52 0 0 1 3.5 0 2.47 2.47 0 0 1 0 3.5l-3.88 3.88a1 1 0 1 0 1.42 1.42l3.88-3.89a4.49 4.49 0 0 0 0-6.33ZM8.83 15.17a1 1 0 0 0 1.1.22 1 1 0 0 0 .32-.22l4.92-4.92a1 1 0 0 0-1.42-1.42l-4.92 4.92a1 1 0 0 0 0 1.42Z\"></path></svg>\n </a>\n </div>\n <p>Being able to separate the lifetime of a connection from the lifetime of a flow allows MPTCP to address two problems present in classical TCP: aggregation and mobility.</p><ul><li><p><b>Aggregation</b>: MPTCP can aggregate the bandwidth of many network interfaces. For example, in a data center scenario, it&#39;s common to use interface bonding. A single flow can make use of just one physical interface. MPTCP, by being able to launch many subflows, can expose greater overall bandwidth. I&#39;m personally not convinced if this is a real problem. As we&#39;ll learn below, modern Linux has a <a href=\"https://dl.ifip.org/db/conf/networking/networking2016/1570234725.pdf\"><u>BLESS-like MPTCP scheduler</u></a> and macOS stack has the &quot;aggregation&quot; mode, so aggregation should work, but I&#39;m not sure how practical it is. However, there are <a href=\"https://www.openmptcprouter.com/\"><u>certainly projects that are trying to do link aggregation</u></a> using MPTCP.</p></li><li><p><b>Mobility</b>: On a customer device, a TCP stream is typically broken if the underlying network interface goes away. This is not an uncommon occurrence — consider a smartphone dropping from Wi-Fi to cellular. MPTCP can fix this — it can create and destroy many subflows over the lifetime of a single connection and survive multiple network changes.</p></li></ul><p>Improving reliability for mobile clients is a big deal. While some software can use QUIC, which also works on <a href=\"https://www.ietf.org/archive/id/draft-ietf-quic-multipath-11.html\"><u>Multipath Extensions</u></a>, a large number of classical services still use TCP. A great example is SSH: it would be very nice if you could walk around with a laptop and keep an SSH session open and switch Wi-Fi networks seamlessly, without breaking the connection.</p><p>MPTCP work was initially driven by <a href=\"https://uclouvain.be/fr/index.html\"><u>UCLouvain in Belgium</u></a>. The first serious adoption was on the iPhone. Apparently, users have a tendency to use Siri while they are walking out of their home. It&#39;s very common to lose Wi-Fi connectivity while they are doing this. (<a href=\"https://youtu.be/BucQ1lfbtd4?t=533\"><u>source</u></a>) </p>\n <div class=\"flex anchor relative\">\n <h2 id=\"implementations\">Implementations</h2>\n <a href=\"#implementations\" aria-hidden=\"true\" class=\"relative sm:absolute sm:-left-5\">\n <svg width=\"16\" height=\"16\" viewBox=\"0 0 24 24\"><path fill=\"currentcolor\" d=\"m12.11 15.39-3.88 3.88a2.52 2.52 0 0 1-3.5 0 2.47 2.47 0 0 1 0-3.5l3.88-3.88a1 1 0 0 0-1.42-1.42l-3.88 3.89a4.48 4.48 0 0 0 6.33 6.33l3.89-3.88a1 1 0 1 0-1.42-1.42Zm8.58-12.08a4.49 4.49 0 0 0-6.33 0l-3.89 3.88a1 1 0 0 0 1.42 1.42l3.88-3.88a2.52 2.52 0 0 1 3.5 0 2.47 2.47 0 0 1 0 3.5l-3.88 3.88a1 1 0 1 0 1.42 1.42l3.88-3.89a4.49 4.49 0 0 0 0-6.33ZM8.83 15.17a1 1 0 0 0 1.1.22 1 1 0 0 0 .32-.22l4.92-4.92a1 1 0 0 0-1.42-1.42l-4.92 4.92a1 1 0 0 0 0 1.42Z\"></path></svg>\n </a>\n </div>\n <p>Currently, there are only two major MPTCP implementations — Linux kernel support from v5.6, but realistically you need at least kernel v6.1 (<a href=\"https://oracle.github.io/kconfigs/?config=UTS_RELEASE&config=MPTCP\"><u>MPTCP is not supported on Android</u></a> yet) and iOS from version 7 / Mac OS X from 10.10.</p><p>Typically, Linux is used on the server side, and iOS/macOS as the client. It&#39;s possible to get Linux to work as a client-side, but it&#39;s not straightforward, as we&#39;ll learn soon. Beware — there is plenty of outdated Linux MPTCP documentation. The code has had a bumpy history and at least two different APIs were proposed. See the Linux kernel source for <a href=\"https://docs.kernel.org/networking/mptcp.html\"><u>the mainline API</u></a> and the <a href=\"https://www.mptcp.dev/\"><u>mptcp.dev</u></a> website.</p>\n <div class=\"flex anchor relative\">\n <h2 id=\"linux-as-a-server\">Linux as a server</h2>\n <a href=\"#linux-as-a-server\" aria-hidden=\"true\" class=\"relative sm:absolute sm:-left-5\">\n <svg width=\"16\" height=\"16\" viewBox=\"0 0 24 24\"><path fill=\"currentcolor\" d=\"m12.11 15.39-3.88 3.88a2.52 2.52 0 0 1-3.5 0 2.47 2.47 0 0 1 0-3.5l3.88-3.88a1 1 0 0 0-1.42-1.42l-3.88 3.89a4.48 4.48 0 0 0 6.33 6.33l3.89-3.88a1 1 0 1 0-1.42-1.42Zm8.58-12.08a4.49 4.49 0 0 0-6.33 0l-3.89 3.88a1 1 0 0 0 1.42 1.42l3.88-3.88a2.52 2.52 0 0 1 3.5 0 2.47 2.47 0 0 1 0 3.5l-3.88 3.88a1 1 0 1 0 1.42 1.42l3.88-3.89a4.49 4.49 0 0 0 0-6.33ZM8.83 15.17a1 1 0 0 0 1.1.22 1 1 0 0 0 .32-.22l4.92-4.92a1 1 0 0 0-1.42-1.42l-4.92 4.92a1 1 0 0 0 0 1.42Z\"></path></svg>\n </a>\n </div>\n <p>Conceptually, the MPTCP design is pretty sensible. After the initial TCP handshake, each peer may announce additional addresses (and ports) on which it can be reached. There are two ways of doing this. First, in the handshake TCP packet each peer specifies the &quot;<i>Do not attempt to establish new subflows to this address and port</i>&quot; bit, also known as bit [C], in the MPTCP TCP extensions header.</p>\n <figure class=\"kg-card kg-image-card\">\n <Image src=\"https://cf-assets.www.cloudflare.com/zkvhlag99gkb/bT8oz3wxpw7alftvdYg5n/b7614a4d10b6c81e18027f6785391ede/BLOG-2637_3.png\" alt=\"BLOG-2637 3\" class=\"kg-image\" width=\"1062\" height=\"252\" loading=\"lazy\"/>\n </figure><p><sup><i>Wireshark dissecting MPTCP flags from a SYN packet. </i></sup><a href=\"https://github.com/multipath-tcp/mptcp_net-next/issues/535\"><sup><i><u>Tcpdump does not report</u></i></sup></a><sup><i> this flag yet.</i></sup></p><p>With this bit cleared, the other peer is free to assume the two-tuple is fine to be reconnected to. Typically, the <b>server allows</b> the client to reuse the server IP/port address. Usually, the <b>client is not listening</b> and disallows the server to connect back to it. There are caveats though. For example, in the context of Cloudflare, where our servers are using Anycast addressing, reconnecting to the server IP/port won&#39;t work. Going twice to the IP/port pair is unlikely to reach the same server. For us it makes sense to set this flag, disallowing clients from reconnecting to our server addresses. This can be done on Linux with:</p>\n <pre class=\"language-Rust\"><code class=\"language-Rust\"># Linux server sysctl - useful for ECMP or Anycast servers\n$ sysctl -w net.mptcp.allow_join_initial_addr_port=0\n</pre></code>\n <p>There is also a second way to advertise a listening IP/port. During the lifetime of a connection, a peer can send an ADD-ADDR MPTCP signal which advertises a listening IP/port. This can be managed on Linux by <code>ip mptcp endpoint ... signal</code>, like:</p>\n <pre class=\"language-Rust\"><code class=\"language-Rust\"># Linux server - extra listening address\n$ ip mptcp endpoint add 192.51.100.1 dev eth0 port 4321 signal\n</pre></code>\n <p>With such a config, a Linux peer (typically server) will report the additional IP/port with ADD-ADDR MPTCP signal in an ACK packet, like this:</p>\n <pre class=\"language-Rust\"><code class=\"language-Rust\">host &gt; host: Flags [.], ack 1, win 8, options [mptcp 30 add-addr v1 id 1 192.51.100.1:4321 hmac 0x...,nop,nop], length 0\n</pre></code>\n <p>It&#39;s important to realize that either peer can send ADD-ADDR messages. Unusual as it might sound, it&#39;s totally fine for the client to advertise extra listening addresses. The most common scenario though, consists of either nobody, or just a server, sending ADD-ADDR.</p><p>Technically, to launch an MPTCP socket on Linux, you just need to replace IPPROTO_TCP with IPPROTO_MPTCP in the application code:</p>\n <pre class=\"language-Rust\"><code class=\"language-Rust\">IPPROTO_MPTCP = 262\nsd = socket(AF_INET, SOCK_STREAM, IPPROTO_MPTCP)\n</pre></code>\n <p>In practice, though, this introduces some changes to the sockets API. Currently not all setsockopt&#39;s work yet — like <code>TCP_USER_TIMEOUT</code>. Additionally, at this stage, MPTCP is incompatible with kTLS.</p>\n <div class=\"flex anchor relative\">\n <h2 id=\"path-manager-scheduler\">Path manager / scheduler</h2>\n <a href=\"#path-manager-scheduler\" aria-hidden=\"true\" class=\"relative sm:absolute sm:-left-5\">\n <svg width=\"16\" height=\"16\" viewBox=\"0 0 24 24\"><path fill=\"currentcolor\" d=\"m12.11 15.39-3.88 3.88a2.52 2.52 0 0 1-3.5 0 2.47 2.47 0 0 1 0-3.5l3.88-3.88a1 1 0 0 0-1.42-1.42l-3.88 3.89a4.48 4.48 0 0 0 6.33 6.33l3.89-3.88a1 1 0 1 0-1.42-1.42Zm8.58-12.08a4.49 4.49 0 0 0-6.33 0l-3.89 3.88a1 1 0 0 0 1.42 1.42l3.88-3.88a2.52 2.52 0 0 1 3.5 0 2.47 2.47 0 0 1 0 3.5l-3.88 3.88a1 1 0 1 0 1.42 1.42l3.88-3.89a4.49 4.49 0 0 0 0-6.33ZM8.83 15.17a1 1 0 0 0 1.1.22 1 1 0 0 0 .32-.22l4.92-4.92a1 1 0 0 0-1.42-1.42l-4.92 4.92a1 1 0 0 0 0 1.42Z\"></path></svg>\n </a>\n </div>\n <p>Once the peers have exchanged the address information, MPTCP is ready to kick in and perform the magic. There are two independent pieces of logic that MPTCP handles. First, given the address information, MPTCP must figure out if it should establish additional subflows. The component that decides on this is called &quot;Path Manager&quot;. Then, another component called &quot;scheduler&quot; is responsible for choosing a specific subflow to transmit the data over.</p><p>Both peers have a path manager, but typically only the client uses it. A path manager has a hard task to launch enough subflows to get the benefits, but not too many subflows which could waste resources. This is where the MPTCP stacks get complicated. </p>\n <div class=\"flex anchor relative\">\n <h2 id=\"linux-as-client\">Linux as client</h2>\n <a href=\"#linux-as-client\" aria-hidden=\"true\" class=\"relative sm:absolute sm:-left-5\">\n <svg width=\"16\" height=\"16\" viewBox=\"0 0 24 24\"><path fill=\"currentcolor\" d=\"m12.11 15.39-3.88 3.88a2.52 2.52 0 0 1-3.5 0 2.47 2.47 0 0 1 0-3.5l3.88-3.88a1 1 0 0 0-1.42-1.42l-3.88 3.89a4.48 4.48 0 0 0 6.33 6.33l3.89-3.88a1 1 0 1 0-1.42-1.42Zm8.58-12.08a4.49 4.49 0 0 0-6.33 0l-3.89 3.88a1 1 0 0 0 1.42 1.42l3.88-3.88a2.52 2.52 0 0 1 3.5 0 2.47 2.47 0 0 1 0 3.5l-3.88 3.88a1 1 0 1 0 1.42 1.42l3.88-3.89a4.49 4.49 0 0 0 0-6.33ZM8.83 15.17a1 1 0 0 0 1.1.22 1 1 0 0 0 .32-.22l4.92-4.92a1 1 0 0 0-1.42-1.42l-4.92 4.92a1 1 0 0 0 0 1.42Z\"></path></svg>\n </a>\n </div>\n <p>On Linux, path manager is an operating system feature, not an application feature. The in-kernel path manager requires some configuration — it must know which IP addresses and interfaces are okay to start new subflows. This is configured with <code>ip mptcp endpoint ... subflow</code>, like:</p>\n <pre class=\"language-Rust\"><code class=\"language-Rust\">$ ip mptcp endpoint add dev wlp1s0 192.0.2.3 subflow # Linux client\n</pre></code>\n <p>This informs the path manager that we (typically a client) own a 192.0.2.3 IP address on interface wlp1s0, and that it&#39;s fine to use it as source of a new subflow. There are two additional flags that can be passed here: &quot;backup&quot; and &quot;fullmesh&quot;. Maintaining these <code>ip mptcp endpoints</code> on a client is annoying. They need to be added and removed every time networks change. Fortunately, <a href=\"https://ubuntu.com/core/docs/networkmanager\"><u>NetworkManager</u></a> from 1.40 supports managing these by default. If you want to customize the &quot;backup&quot; or &quot;fullmesh&quot; flags, you can do this here (see <a href=\"https://networkmanager.dev/docs/api/1.44.4/settings-connection.html#:~:text=mptcp-flags\"><u>the documentation</u></a>):</p>\n <pre class=\"language-Rust\"><code class=\"language-Rust\">ubuntu$ cat /etc/NetworkManager/conf.d/95-mptcp.conf\n# set &quot;subflow&quot; on all managed &quot;ip mptcp endpoints&quot;. 0x22 is the default.\n[connection]\nconnection.mptcp-flags=0x22\n</pre></code>\n <p>Path manager also takes a &quot;limit&quot; setting, to set a cap of additional subflows per MPTCP connection, and limit the received ADD-ADDR messages, like: </p>\n <pre class=\"language-Rust\"><code class=\"language-Rust\">$ ip mptcp limits set subflow 4 add_addr_accepted 2 # Linux client\n</pre></code>\n <p>I experimented with the &quot;mobility&quot; use case on my Ubuntu 22 Linux laptop. I repeatedly enabled and disabled Wi-Fi and Ethernet. On new kernels (v6.12), it works, and I was able to hold a reliable MPTCP connection over many interface changes. I was <a href=\"https://github.com/multipath-tcp/mptcp_net-next/issues/534\"><u>less lucky with the Ubuntu v6.8</u></a> kernel. Unfortunately, the <a href=\"https://github.com/multipath-tcp/mptcp_net-next/issues/536\"><u>default path manager on Linux</u></a> client only works when the flag &quot;<i>Do not attempt to establish new subflows to this address and port</i>&quot; is cleared on the server. Server-announced ADD-ADDR don&#39;t result in new subflows created, unless <code>ip mptcp endpoint</code> has a <code>fullmesh</code> flag.</p><p>It feels like the underlying MPTCP transport code works, but the path manager requires a bit more intelligence. With a new kernel, it&#39;s possible to get the &quot;interactive&quot; case working out of the box, but not for the ADD-ADDR case. </p>\n <div class=\"flex anchor relative\">\n <h2 id=\"custom-path-manager\">Custom path manager</h2>\n <a href=\"#custom-path-manager\" aria-hidden=\"true\" class=\"relative sm:absolute sm:-left-5\">\n <svg width=\"16\" height=\"16\" viewBox=\"0 0 24 24\"><path fill=\"currentcolor\" d=\"m12.11 15.39-3.88 3.88a2.52 2.52 0 0 1-3.5 0 2.47 2.47 0 0 1 0-3.5l3.88-3.88a1 1 0 0 0-1.42-1.42l-3.88 3.89a4.48 4.48 0 0 0 6.33 6.33l3.89-3.88a1 1 0 1 0-1.42-1.42Zm8.58-12.08a4.49 4.49 0 0 0-6.33 0l-3.89 3.88a1 1 0 0 0 1.42 1.42l3.88-3.88a2.52 2.52 0 0 1 3.5 0 2.47 2.47 0 0 1 0 3.5l-3.88 3.88a1 1 0 1 0 1.42 1.42l3.88-3.89a4.49 4.49 0 0 0 0-6.33ZM8.83 15.17a1 1 0 0 0 1.1.22 1 1 0 0 0 .32-.22l4.92-4.92a1 1 0 0 0-1.42-1.42l-4.92 4.92a1 1 0 0 0 0 1.42Z\"></path></svg>\n </a>\n </div>\n <p>Linux allows for two implementations of a path manager component. It can either use built-in kernel implementation (default), or userspace netlink daemon.</p>\n <pre class=\"language-Rust\"><code class=\"language-Rust\">$ sysctl -w net.mptcp.pm_type=1 # use userspace path manager\n</pre></code>\n <p>However, from what I found there is no serious implementation of configurable userspace path manager. The existing <a href=\"https://github.com/multipath-tcp/mptcpd/blob/main/plugins/path_managers/sspi.c\"><u>implementations don&#39;t do much</u></a>, and the API <a href=\"https://github.com/multipath-tcp/mptcp_net-next/issues/533\"><u>seems</u></a> <a href=\"https://github.com/multipath-tcp/mptcp_net-next/issues/532\"><u>immature</u></a> yet.</p>\n <div class=\"flex anchor relative\">\n <h2 id=\"scheduler-and-bpf-extensions\">Scheduler and BPF extensions</h2>\n <a href=\"#scheduler-and-bpf-extensions\" aria-hidden=\"true\" class=\"relative sm:absolute sm:-left-5\">\n <svg width=\"16\" height=\"16\" viewBox=\"0 0 24 24\"><path fill=\"currentcolor\" d=\"m12.11 15.39-3.88 3.88a2.52 2.52 0 0 1-3.5 0 2.47 2.47 0 0 1 0-3.5l3.88-3.88a1 1 0 0 0-1.42-1.42l-3.88 3.89a4.48 4.48 0 0 0 6.33 6.33l3.89-3.88a1 1 0 1 0-1.42-1.42Zm8.58-12.08a4.49 4.49 0 0 0-6.33 0l-3.89 3.88a1 1 0 0 0 1.42 1.42l3.88-3.88a2.52 2.52 0 0 1 3.5 0 2.47 2.47 0 0 1 0 3.5l-3.88 3.88a1 1 0 1 0 1.42 1.42l3.88-3.89a4.49 4.49 0 0 0 0-6.33ZM8.83 15.17a1 1 0 0 0 1.1.22 1 1 0 0 0 .32-.22l4.92-4.92a1 1 0 0 0-1.42-1.42l-4.92 4.92a1 1 0 0 0 0 1.42Z\"></path></svg>\n </a>\n </div>\n <p>Thus far we&#39;ve covered Path Manager, but what about the scheduler that chooses which link to actually use? It seems that on Linux there is only one built-in &quot;default&quot; scheduler, and it can do basic failover on packet loss. The developers want to write <a href=\"https://github.com/multipath-tcp/mptcp_net-next/issues/75\"><u>MPTCP schedulers in BPF</u></a>, and this work is in-progress.</p>\n <div class=\"flex anchor relative\">\n <h2 id=\"macos\">macOS</h2>\n <a href=\"#macos\" aria-hidden=\"true\" class=\"relative sm:absolute sm:-left-5\">\n <svg width=\"16\" height=\"16\" viewBox=\"0 0 24 24\"><path fill=\"currentcolor\" d=\"m12.11 15.39-3.88 3.88a2.52 2.52 0 0 1-3.5 0 2.47 2.47 0 0 1 0-3.5l3.88-3.88a1 1 0 0 0-1.42-1.42l-3.88 3.89a4.48 4.48 0 0 0 6.33 6.33l3.89-3.88a1 1 0 1 0-1.42-1.42Zm8.58-12.08a4.49 4.49 0 0 0-6.33 0l-3.89 3.88a1 1 0 0 0 1.42 1.42l3.88-3.88a2.52 2.52 0 0 1 3.5 0 2.47 2.47 0 0 1 0 3.5l-3.88 3.88a1 1 0 1 0 1.42 1.42l3.88-3.89a4.49 4.49 0 0 0 0-6.33ZM8.83 15.17a1 1 0 0 0 1.1.22 1 1 0 0 0 .32-.22l4.92-4.92a1 1 0 0 0-1.42-1.42l-4.92 4.92a1 1 0 0 0 0 1.42Z\"></path></svg>\n </a>\n </div>\n <p>As opposed to Linux, macOS and iOS expose a raw MPTCP API. On those operating systems, path manager is not handled by the kernel, but instead can be an application responsibility. The exposed low-level API is based on <code>connectx()</code>. For example, <a href=\"https://github.com/apple-oss-distributions/network_cmds/blob/97bfa5b71464f1286b51104ba3e60db78cd832c9/mptcp_client/mptcp_client.c#L461\"><u>here&#39;s an example of obscure code</u></a> that establishes one connection with two subflows:</p>\n <pre class=\"language-Rust\"><code class=\"language-Rust\">int sock = socket(AF_MULTIPATH, SOCK_STREAM, 0);\nconnectx(sock, ..., &amp;cid1);\nconnectx(sock, ..., &amp;cid2);\n</pre></code>\n <p>This powerful API is hard to use though, as it would require every application to listen for network changes. Fortunately, macOS and iOS also expose higher-level APIs. One <a href=\"https://github.com/mptcp-apps/mptcp-hello/blob/main/c/macOS/main.c\"><u>example is nw_connection</u></a> in C, which uses nw_parameters_set_multipath_service.</p><p>Another, more common example is using <code>Network.framework</code>, and would <a href=\"https://gist.github.com/majek/cb54b537c74506164d2a7fa2d6601491\"><u>look like this</u></a>:</p>\n <pre class=\"language-Rust\"><code class=\"language-Rust\">let parameters = NWParameters.tcp\nparameters.multipathServiceType = .interactive\nlet connection = NWConnection(host: host, port: port, using: parameters) \n</pre></code>\n <p>The API supports three MPTCP service type modes:</p><ul><li><p><i>Handover Mode</i>: Tries to minimize cellular. Uses only Wi-Fi. Uses cellular only when <a href=\"https://support.apple.com/en-us/102228\"><u>Wi-Fi Assist</u></a> is enabled and makes such a decision.</p></li><li><p><i>Interactive Mode</i>: Used for Siri. Reduces latency. Only for low-bandwidth flows.</p></li><li><p><i>Aggregation Mode</i>: Enables resource pooling but it&#39;s only available for developer accounts and not deployable.</p></li></ul>\n <figure class=\"kg-card kg-image-card\">\n <Image src=\"https://cf-assets.www.cloudflare.com/zkvhlag99gkb/47MukOs6bhCMOkO1JL15sP/7dd75417b855b681bde504122d5af01e/Screenshot_2024-12-23_at_2.59.51_PM.png\" alt=\"\" class=\"kg-image\" width=\"1072\" height=\"820\" loading=\"lazy\"/>\n </figure><p>The MPTCP API is nicely integrated with the <a href=\"https://support.apple.com/en-us/102228\"><u>iPhone &quot;Wi-Fi Assist&quot; feature</u></a>. While the official documentation is lacking, it&#39;s possible to find <a href=\"https://youtu.be/BucQ1lfbtd4?t=533\"><u>sources explaining</u></a> how it actually works. I was able to successfully test both the cleared &quot;<i>Do not attempt to establish new subflows&quot;</i> bit and ADD-ADDR scenarios. Hurray!</p>\n <div class=\"flex anchor relative\">\n <h2 id=\"ipv6-caveat\">IPv6 caveat</h2>\n <a href=\"#ipv6-caveat\" aria-hidden=\"true\" class=\"relative sm:absolute sm:-left-5\">\n <svg width=\"16\" height=\"16\" viewBox=\"0 0 24 24\"><path fill=\"currentcolor\" d=\"m12.11 15.39-3.88 3.88a2.52 2.52 0 0 1-3.5 0 2.47 2.47 0 0 1 0-3.5l3.88-3.88a1 1 0 0 0-1.42-1.42l-3.88 3.89a4.48 4.48 0 0 0 6.33 6.33l3.89-3.88a1 1 0 1 0-1.42-1.42Zm8.58-12.08a4.49 4.49 0 0 0-6.33 0l-3.89 3.88a1 1 0 0 0 1.42 1.42l3.88-3.88a2.52 2.52 0 0 1 3.5 0 2.47 2.47 0 0 1 0 3.5l-3.88 3.88a1 1 0 1 0 1.42 1.42l3.88-3.89a4.49 4.49 0 0 0 0-6.33ZM8.83 15.17a1 1 0 0 0 1.1.22 1 1 0 0 0 .32-.22l4.92-4.92a1 1 0 0 0-1.42-1.42l-4.92 4.92a1 1 0 0 0 0 1.42Z\"></path></svg>\n </a>\n </div>\n <p>Sadly, MPTCP IPv6 has a caveat. Since IPv6 addresses are long, and MPTCP uses the space-constrained TCP Extensions field, there is <a href=\"https://github.com/multipath-tcp/mptcp_net-next/issues/448\"><u>not enough room for ADD-ADDR messages</u></a> if TCP timestamps are enabled. If you want to use MPTCP and IPv6, it&#39;s something to consider.</p>\n <div class=\"flex anchor relative\">\n <h2 id=\"summary\">Summary</h2>\n <a href=\"#summary\" aria-hidden=\"true\" class=\"relative sm:absolute sm:-left-5\">\n <svg width=\"16\" height=\"16\" viewBox=\"0 0 24 24\"><path fill=\"currentcolor\" d=\"m12.11 15.39-3.88 3.88a2.52 2.52 0 0 1-3.5 0 2.47 2.47 0 0 1 0-3.5l3.88-3.88a1 1 0 0 0-1.42-1.42l-3.88 3.89a4.48 4.48 0 0 0 6.33 6.33l3.89-3.88a1 1 0 1 0-1.42-1.42Zm8.58-12.08a4.49 4.49 0 0 0-6.33 0l-3.89 3.88a1 1 0 0 0 1.42 1.42l3.88-3.88a2.52 2.52 0 0 1 3.5 0 2.47 2.47 0 0 1 0 3.5l-3.88 3.88a1 1 0 1 0 1.42 1.42l3.88-3.89a4.49 4.49 0 0 0 0-6.33ZM8.83 15.17a1 1 0 0 0 1.1.22 1 1 0 0 0 .32-.22l4.92-4.92a1 1 0 0 0-1.42-1.42l-4.92 4.92a1 1 0 0 0 0 1.42Z\"></path></svg>\n </a>\n </div>\n <p>I find MPTCP very exciting, being one of a few deployable serious TCP extensions. However, current implementations are limited. My experimentation showed that the only practical scenario where currently MPTCP might be useful is:</p><ul><li><p>Linux as a server</p></li><li><p>macOS/iOS as a client</p></li><li><p>&quot;interactive&quot; use case</p></li></ul><p>With a bit of effort, Linux can be made to work as a client.</p><p>Don&#39;t get me wrong, <a href=\"https://netdevconf.info/0x14/pub/slides/59/mptcp-netdev0x14-final.pdf\"><u>Linux developers did tremendous work</u></a> to get where we are, but, in my opinion for any serious out-of-the-box use case, we&#39;re not there yet. I&#39;m optimistic that Linux can develop a good MPTCP client story relatively soon, and the possibility of implementing the Path manager and Scheduler in BPF is really enticing. </p><p>Time will tell if MPTCP succeeds — it&#39;s been 15 years in the making. In the meantime, <a href=\"https://datatracker.ietf.org/meeting/121/materials/slides-121-quic-multipath-quic-00\"><u>Multi-Path QUIC</u></a> is under active development, but it&#39;s even further from being usable at this stage.</p><p>We&#39;re not quite sure if it makes sense for Cloudflare to support MPTCP. <a href=\"https://community.cloudflare.com/c/feedback/feature-request/30\"><u>Reach out</u></a> if you have a use case in mind!</p><p><i>Shoutout to </i><a href=\"https://fosstodon.org/@matttbe\"><i><u>Matthieu Baerts</u></i></a><i> for tremendous help with this blog post.</i></p>"],"published_at":[0,"2025-01-03T14:00+00:00"],"updated_at":[0,"2025-01-03T14:00:02.285Z"],"feature_image":[0,"https://cf-assets.www.cloudflare.com/zkvhlag99gkb/1iRiEC7LY2Bm2W9o0BW9MJ/ddc3053f79278c5268c7f2f3f7db9da6/BLOG-2637_1.png"],"tags":[1,[[0,{"id":[0,"5NpgoTJYJjhgjSLaY7Gt3p"],"name":[0,"TCP"],"slug":[0,"tcp"]}],[0,{"id":[0,"1U6ifhBwTuaJ2w4pjNOzNT"],"name":[0,"Network"],"slug":[0,"network"]}],[0,{"id":[0,"383iv0UQ6Lp0GZwOAxGq2p"],"name":[0,"Linux"],"slug":[0,"linux"]}],[0,{"id":[0,"2UVIYusJwlvsmPYl2AvSuR"],"name":[0,"Deep Dive"],"slug":[0,"deep-dive"]}]]],"relatedTags":[0],"authors":[1,[[0,{"name":[0,"Marek Majkowski"],"slug":[0,"marek-majkowski"],"bio":[0,null],"profile_image":[0,"https://cf-assets.www.cloudflare.com/zkvhlag99gkb/1JuU5qavgwVeqR8BAUrd6U/3a0d0445d41c9a3c42011046efe9c37b/marek-majkowski.jpeg"],"location":[0,null],"website":[0,null],"twitter":[0,"@majek04"],"facebook":[0,null]}]]],"meta_description":[0,"Multi-Path TCP (MPTCP) leverages multiple network interfaces, like Wi-Fi and cellular, to provide seamless mobility for more reliable connectivity. While promising, MPTCP is still in its early stages,"],"primary_author":[0,{}],"localeList":[0,{"name":[0,"blog-english-only"],"enUS":[0,"English for Locale"],"zhCN":[0,"No Page for Locale"],"zhHansCN":[0,"No Page for Locale"],"zhTW":[0,"No Page for Locale"],"frFR":[0,"No Page for Locale"],"deDE":[0,"No Page for Locale"],"itIT":[0,"No Page for Locale"],"jaJP":[0,"No Page for Locale"],"koKR":[0,"No Page for Locale"],"ptBR":[0,"No Page for Locale"],"esLA":[0,"No Page for Locale"],"esES":[0,"No Page for Locale"],"enAU":[0,"No Page for Locale"],"enCA":[0,"No Page for Locale"],"enIN":[0,"No Page for Locale"],"enGB":[0,"No Page for Locale"],"idID":[0,"No Page for Locale"],"ruRU":[0,"No Page for Locale"],"svSE":[0,"No Page for Locale"],"viVN":[0,"No Page for Locale"],"plPL":[0,"No Page for Locale"],"arAR":[0,"No Page for Locale"],"nlNL":[0,"No Page for Locale"],"thTH":[0,"No Page for Locale"],"trTR":[0,"No Page for Locale"],"heIL":[0,"No Page for Locale"],"lvLV":[0,"No Page for Locale"],"etEE":[0,"No Page for Locale"],"ltLT":[0,"No Page for Locale"]}],"url":[0,"https://blog.cloudflare.com/multi-path-tcp-revolutionizing-connectivity-one-path-at-a-time"],"metadata":[0,{"title":[0,"Multi-Path TCP: Revolutionizing connectivity, one path at a time"],"description":[0,"Multi-Path TCP (MPTCP) leverages multiple network interfaces, like Wi-Fi and cellular, to provide seamless mobility for more reliable connectivity. While promising, MPTCP is still in its early stages, with limited support and practical use cases. This post explores its potential and current limitations.\n"],"imgPreview":[0,"https://cf-assets.www.cloudflare.com/zkvhlag99gkb/2YR6jQUMONkr0AAxCB0k1q/110a9298a8bc1e34fe5ca6abb7d4588f/Multi-Path_TCP-_revolutionizing_connectivity__one_path_at_a_time-OG.png"]}]}],[0,{"id":[0,"4oLkLHLIZ1vibq8dtPJP6F"],"title":[0,"Cloudflare 2024 Year in Review"],"slug":[0,"radar-2024-year-in-review"],"excerpt":[0,"The 2024 Cloudflare Radar Year in Review is our fifth annual review of Internet trends and patterns at both a global and country/region level."],"featured":[0,false],"html":[0,"<p>The <a href=\"https://radar.cloudflare.com/year-in-review/2024\">2024 Cloudflare Radar Year in Review</a> is our fifth annual review of Internet trends and patterns observed throughout the year at both a global and country/region level across a variety of metrics. In this year’s review, we have added several new traffic, adoption, connectivity, and email security metrics, as well as the ability to do year-over-year and geographic comparisons for selected metrics. </p><p>Below, we present a summary of key findings, and then explore them in more detail in subsequent sections.</p>\n <div class=\"flex anchor relative\">\n <h2 id=\"key-findings\">Key Findings</h2>\n <a href=\"#key-findings\" aria-hidden=\"true\" class=\"relative sm:absolute sm:-left-5\">\n <svg width=\"16\" height=\"16\" viewBox=\"0 0 24 24\"><path fill=\"currentcolor\" d=\"m12.11 15.39-3.88 3.88a2.52 2.52 0 0 1-3.5 0 2.47 2.47 0 0 1 0-3.5l3.88-3.88a1 1 0 0 0-1.42-1.42l-3.88 3.89a4.48 4.48 0 0 0 6.33 6.33l3.89-3.88a1 1 0 1 0-1.42-1.42Zm8.58-12.08a4.49 4.49 0 0 0-6.33 0l-3.89 3.88a1 1 0 0 0 1.42 1.42l3.88-3.88a2.52 2.52 0 0 1 3.5 0 2.47 2.47 0 0 1 0 3.5l-3.88 3.88a1 1 0 1 0 1.42 1.42l3.88-3.89a4.49 4.49 0 0 0 0-6.33ZM8.83 15.17a1 1 0 0 0 1.1.22 1 1 0 0 0 .32-.22l4.92-4.92a1 1 0 0 0-1.42-1.42l-4.92 4.92a1 1 0 0 0 0 1.42Z\"></path></svg>\n </a>\n </div>\n \n <div class=\"flex anchor relative\">\n <h3 id=\"traffic\">Traffic</h3>\n <a href=\"#traffic\" aria-hidden=\"true\" class=\"relative sm:absolute sm:-left-5\">\n <svg width=\"16\" height=\"16\" viewBox=\"0 0 24 24\"><path fill=\"currentcolor\" d=\"m12.11 15.39-3.88 3.88a2.52 2.52 0 0 1-3.5 0 2.47 2.47 0 0 1 0-3.5l3.88-3.88a1 1 0 0 0-1.42-1.42l-3.88 3.89a4.48 4.48 0 0 0 6.33 6.33l3.89-3.88a1 1 0 1 0-1.42-1.42Zm8.58-12.08a4.49 4.49 0 0 0-6.33 0l-3.89 3.88a1 1 0 0 0 1.42 1.42l3.88-3.88a2.52 2.52 0 0 1 3.5 0 2.47 2.47 0 0 1 0 3.5l-3.88 3.88a1 1 0 1 0 1.42 1.42l3.88-3.89a4.49 4.49 0 0 0 0-6.33ZM8.83 15.17a1 1 0 0 0 1.1.22 1 1 0 0 0 .32-.22l4.92-4.92a1 1 0 0 0-1.42-1.42l-4.92 4.92a1 1 0 0 0 0 1.42Z\"></path></svg>\n </a>\n </div>\n <ul><li><p>Global Internet traffic grew 17.2% in 2024. <a href=\"#global-internet-traffic-grew-17-2-in-2024\"><u>🔗</u></a></p></li><li><p>Google maintained its position as the most popular Internet service overall. OpenAI remained at the top of the Generative AI category. Binance remained at the top of the Cryptocurrency category. WhatsApp remained the top Messaging platform, and Facebook remained the top Social Media site. <a href=\"#google-maintained-its-position-as-the-most-popular-internet-service-openai-binance-whatsapp-and-facebook-led-their-respective-categories\"><u>🔗</u></a></p></li><li><p>Global traffic from Starlink grew 3.3x in 2024, in line with last year’s growth rate. After initiating service in Malawi in July 2023, Starlink traffic from that country grew 38x in 2024. As Starlink added new markets, we saw traffic grow rapidly in those locations. <a href=\"#global-traffic-from-starlink-grew-3-3x-in-2024-in-line-with-last-years-growth-rate-after-initiating-service-in-malawi-in-july-2023-starlink-traffic-from-that-country-grew-38x-in-2024\"><u>🔗</u></a></p></li><li><p>Googlebot, Google’s web crawler, was responsible for the highest volume of request traffic to Cloudflare in 2024, as it retrieved content from millions of Cloudflare customer sites for search indexing. <a href=\"#google-maintained-its-position-as-the-most-popular-internet-service-openai-binance-whatsapp-and-facebook-led-their-respective-categories\"><u>🔗</u></a></p></li><li><p>Traffic from ByteDance’s AI crawler (Bytespider) gradually declined over the course of 2024. Anthropic’s AI crawler (ClaudeBot) first started showing signs of ongoing crawling activity in April, then declined after an initial peak in May &amp; June. <a href=\"#among-ai-bots-and-crawlers-bytespider-bytedance-traffic-gradually-declined-over-the-course-of-2024-while-claudebot-anthropic-was-more-active-during-the-back-half-of-the-year\"><u>🔗</u></a></p></li><li><p>13.0% of TLS 1.3 traffic is using post-quantum encryption. <a href=\"#13-0-of-tls-1-3-traffic-is-using-post-quantum-encryption\"><u>🔗</u></a></p></li></ul>\n <div class=\"flex anchor relative\">\n <h3 id=\"adoption-usage\">Adoption & Usage</h3>\n <a href=\"#adoption-usage\" aria-hidden=\"true\" class=\"relative sm:absolute sm:-left-5\">\n <svg width=\"16\" height=\"16\" viewBox=\"0 0 24 24\"><path fill=\"currentcolor\" d=\"m12.11 15.39-3.88 3.88a2.52 2.52 0 0 1-3.5 0 2.47 2.47 0 0 1 0-3.5l3.88-3.88a1 1 0 0 0-1.42-1.42l-3.88 3.89a4.48 4.48 0 0 0 6.33 6.33l3.89-3.88a1 1 0 1 0-1.42-1.42Zm8.58-12.08a4.49 4.49 0 0 0-6.33 0l-3.89 3.88a1 1 0 0 0 1.42 1.42l3.88-3.88a2.52 2.52 0 0 1 3.5 0 2.47 2.47 0 0 1 0 3.5l-3.88 3.88a1 1 0 1 0 1.42 1.42l3.88-3.89a4.49 4.49 0 0 0 0-6.33ZM8.83 15.17a1 1 0 0 0 1.1.22 1 1 0 0 0 .32-.22l4.92-4.92a1 1 0 0 0-1.42-1.42l-4.92 4.92a1 1 0 0 0 0 1.42Z\"></path></svg>\n </a>\n </div>\n <ul><li><p>Globally, nearly one-third of mobile device traffic was from Apple iOS devices. Android had a &gt;90% share of mobile device traffic in 29 countries/regions; peak iOS mobile device traffic share was over 60% in eight countries/regions. <a href=\"#globally-nearly-one-third-of-mobile-device-traffic-was-from-apple-ios-devices-android-had-a-90-share-of-mobile-device-traffic-in-29-countries-regions-peak-ios-mobile-device-traffic-share-was-over-60-in-eight-countries-regions\"><u>🔗</u></a></p></li><li><p>Globally, nearly half of web requests used HTTP/2, with 20.5% using HTTP/3. Usage of both versions was up slightly from 2023. <a href=\"#globally-nearly-half-of-web-requests-used-http-2-with-20-5-using-http-3\"><u>🔗</u></a></p></li><li><p>React, PHP, and jQuery were among the most popular technologies used to build websites, while HubSpot, Google, and WordPress were among the most popular vendors of supporting services and platforms. <a href=\"#react-php-and-jquery-were-among-the-most-popular-technologies-used-to-build-websites-while-hubspot-google-and-wordpress-were-among-the-most-popular-vendors-of-supporting-services-and-platforms\"><u>🔗</u></a></p></li><li><p>Go surpassed NodeJS as the most popular language used for making automated API requests. <a href=\"#go-surpassed-nodejs-as-the-most-popular-language-used-for-making-automated-api-requests\"><u>🔗</u></a></p></li><li><p>Google is far and away the most popular search engine globally, across all platforms. On mobile devices and operating systems, Baidu is a distant second. Bing is a distant second across desktop and Windows devices, with DuckDuckGo second most popular on macOS. Shares vary by platform and country/region. <a href=\"#google-is-the-most-popular-search-engine-globally-across-all-platforms-on-mobile-devices-os-baidu-is-a-distant-second-bing-is-a-distant-second-across-desktop-and-windows-devices-with-duckduckgo-second-most-popular-on-macos\"><u>🔗</u></a></p></li><li><p>Google Chrome is far and away the most popular browser overall. While this is also true on macOS devices, Safari usage is well ahead of Chrome on iOS devices. On Windows, Edge is the second most popular browser as it comes preinstalled and is the initial default. <a href=\"#google-chrome-is-the-most-popular-browser-overall-while-also-true-on-macos-devices-safari-usage-is-well-ahead-of-chrome-on-ios-devices-on-windows-edge-is-the-second-most-popular-browser\"><u>🔗</u></a></p></li></ul>\n <div class=\"flex anchor relative\">\n <h3 id=\"connectivity\">Connectivity</h3>\n <a href=\"#connectivity\" aria-hidden=\"true\" class=\"relative sm:absolute sm:-left-5\">\n <svg width=\"16\" height=\"16\" viewBox=\"0 0 24 24\"><path fill=\"currentcolor\" d=\"m12.11 15.39-3.88 3.88a2.52 2.52 0 0 1-3.5 0 2.47 2.47 0 0 1 0-3.5l3.88-3.88a1 1 0 0 0-1.42-1.42l-3.88 3.89a4.48 4.48 0 0 0 6.33 6.33l3.89-3.88a1 1 0 1 0-1.42-1.42Zm8.58-12.08a4.49 4.49 0 0 0-6.33 0l-3.89 3.88a1 1 0 0 0 1.42 1.42l3.88-3.88a2.52 2.52 0 0 1 3.5 0 2.47 2.47 0 0 1 0 3.5l-3.88 3.88a1 1 0 1 0 1.42 1.42l3.88-3.89a4.49 4.49 0 0 0 0-6.33ZM8.83 15.17a1 1 0 0 0 1.1.22 1 1 0 0 0 .32-.22l4.92-4.92a1 1 0 0 0-1.42-1.42l-4.92 4.92a1 1 0 0 0 0 1.42Z\"></path></svg>\n </a>\n </div>\n <ul><li><p>225 major Internet disruptions were observed globally in 2024, with many due to government-directed regional and national shutdowns of Internet connectivity. Cable cuts and power outages were also leading causes. <a href=\"#225-major-internet-outages-were-observed-around-the-world-in-2024-with-many-due-to-government-directed-regional-and-national-shutdowns-of-internet-connectivity\"><u>🔗</u></a></p></li><li><p>Aggregated across 2024, 28.5% of IPv6-capable requests were made over IPv6. India and Malaysia were the strongest countries, at 68.9% and 59.6% IPv6 adoption respectively. <a href=\"#globally-nearly-half-of-web-requests-used-http-2-with-20-5-using-http-3\"><u>🔗</u></a></p></li><li><p>The top 10 countries ranked by Internet speed all had average download speeds above 200 Mbps. Spain was consistently among the top locations across the measured Internet quality metrics. <a href=\"#the-top-10-countries-ranked-by-internet-speed-all-had-average-download-speeds-above-200-mbps-spain-was-consistently-among-the-top-locations-across-measured-internet-quality-metrics\"><u>🔗</u></a></p></li><li><p>41.3% of global traffic comes from mobile devices. In nearly 100 countries/regions, the majority of traffic comes from mobile devices. <a href=\"#41-3-of-global-traffic-comes-from-mobile-devices-in-nearly-100-countries-regions-the-majority-of-traffic-comes-from-mobile-devices\"><u>🔗</u></a></p></li><li><p>20.7% of TCP connections are unexpectedly terminated before any useful data can be exchanged. <a href=\"#20-7-of-tcp-connections-are-unexpectedly-terminated-before-any-useful-data-can-be-exchanged\"><u>🔗</u></a></p></li></ul>\n <div class=\"flex anchor relative\">\n <h3 id=\"security\">Security</h3>\n <a href=\"#security\" aria-hidden=\"true\" class=\"relative sm:absolute sm:-left-5\">\n <svg width=\"16\" height=\"16\" viewBox=\"0 0 24 24\"><path fill=\"currentcolor\" d=\"m12.11 15.39-3.88 3.88a2.52 2.52 0 0 1-3.5 0 2.47 2.47 0 0 1 0-3.5l3.88-3.88a1 1 0 0 0-1.42-1.42l-3.88 3.89a4.48 4.48 0 0 0 6.33 6.33l3.89-3.88a1 1 0 1 0-1.42-1.42Zm8.58-12.08a4.49 4.49 0 0 0-6.33 0l-3.89 3.88a1 1 0 0 0 1.42 1.42l3.88-3.88a2.52 2.52 0 0 1 3.5 0 2.47 2.47 0 0 1 0 3.5l-3.88 3.88a1 1 0 1 0 1.42 1.42l3.88-3.89a4.49 4.49 0 0 0 0-6.33ZM8.83 15.17a1 1 0 0 0 1.1.22 1 1 0 0 0 .32-.22l4.92-4.92a1 1 0 0 0-1.42-1.42l-4.92 4.92a1 1 0 0 0 0 1.42Z\"></path></svg>\n </a>\n </div>\n <ul><li><p>6.5% of global traffic was mitigated by Cloudflare&#39;s systems as being potentially malicious or for customer-defined reasons. In the United States, the share of mitigated traffic grew to 5.1%, while in South Korea, it dropped slightly to 8.1%. In 44 countries/regions, over 10% of traffic was mitigated. <a href=\"#6-5-of-global-traffic-was-mitigated-by-cloudflares-systems-as-being-potentially-malicious-or-for-customer-defined-reasons\"><u>🔗</u></a></p></li><li><p>The United States was responsible for over a third of global bot traffic. Amazon Web Services was responsible for 12.7% of global bot traffic, and 7.8% came from Google. <a href=\"#the-united-states-was-responsible-for-over-a-third-of-global-bot-traffic-amazon-web-services-was-responsible-for-12-7-of-global-bot-traffic-and-7-8-came-from-google\"><u>🔗</u></a></p></li><li><p>Globally, Gambling/Games was the most attacked industry, slightly ahead of 2023’s most targeted industry, Finance. <a href=\"#globally-gambling-games-was-the-most-attacked-industry-slightly-ahead-of-2023s-most-targeted-industry-finance\"><u>🔗</u></a></p></li><li><p>Log4j, a vulnerability discovered in 2021, remains a persistent threat and was actively targeted throughout 2024. <a href=\"#log4j-remains-a-persistent-threat-and-was-actively-targeted-throughout-2024\"><u>🔗</u></a></p></li><li><p>Routing security, measured as the share of RPKI valid routes and the share of covered IP address space, continued to improve globally throughout 2024. We saw a 4.7% increase in RPKI valid IPv4 address space in 2024, and a 6.4% increase in RPKI valid routes in 2024. <a href=\"#routing-security-measured-as-the-share-of-rpki-valid-routes-and-the-share-of-covered-ip-address-space-continued-to-improve-globally-throughout-2024\"><u>🔗</u></a></p></li></ul>\n <div class=\"flex anchor relative\">\n <h3 id=\"email-security\">Email Security</h3>\n <a href=\"#email-security\" aria-hidden=\"true\" class=\"relative sm:absolute sm:-left-5\">\n <svg width=\"16\" height=\"16\" viewBox=\"0 0 24 24\"><path fill=\"currentcolor\" d=\"m12.11 15.39-3.88 3.88a2.52 2.52 0 0 1-3.5 0 2.47 2.47 0 0 1 0-3.5l3.88-3.88a1 1 0 0 0-1.42-1.42l-3.88 3.89a4.48 4.48 0 0 0 6.33 6.33l3.89-3.88a1 1 0 1 0-1.42-1.42Zm8.58-12.08a4.49 4.49 0 0 0-6.33 0l-3.89 3.88a1 1 0 0 0 1.42 1.42l3.88-3.88a2.52 2.52 0 0 1 3.5 0 2.47 2.47 0 0 1 0 3.5l-3.88 3.88a1 1 0 1 0 1.42 1.42l3.88-3.89a4.49 4.49 0 0 0 0-6.33ZM8.83 15.17a1 1 0 0 0 1.1.22 1 1 0 0 0 .32-.22l4.92-4.92a1 1 0 0 0-1.42-1.42l-4.92 4.92a1 1 0 0 0 0 1.42Z\"></path></svg>\n </a>\n </div>\n <ul><li><p>An average of 4.3% of emails were determined to be malicious in 2024, although this figure was likely influenced by spikes observed in March, April, and May. Deceptive links and identity deception were the two most common types of threats found in malicious email messages. <a href=\"#an-average-of-4-3-of-emails-were-determined-to-be-malicious-in-2024\"><u>🔗</u></a></p></li><li><p>Over 99% of the email messages processed by Cloudflare Email Security from the .bar, .rest, and .uno top level domains (TLDs) were found to be either spam or malicious in nature. <a href=\"#over-99-of-the-email-messages-processed-by-cloudflare-email-security-from-the-bar-rest-and-uno-top-level-domains-tlds-were-found-to-be-either-spam-or-malicious-in-nature\"><u>🔗</u></a></p></li></ul>\n <div class=\"flex anchor relative\">\n <h2 id=\"introduction\">Introduction</h2>\n <a href=\"#introduction\" aria-hidden=\"true\" class=\"relative sm:absolute sm:-left-5\">\n <svg width=\"16\" height=\"16\" viewBox=\"0 0 24 24\"><path fill=\"currentcolor\" d=\"m12.11 15.39-3.88 3.88a2.52 2.52 0 0 1-3.5 0 2.47 2.47 0 0 1 0-3.5l3.88-3.88a1 1 0 0 0-1.42-1.42l-3.88 3.89a4.48 4.48 0 0 0 6.33 6.33l3.89-3.88a1 1 0 1 0-1.42-1.42Zm8.58-12.08a4.49 4.49 0 0 0-6.33 0l-3.89 3.88a1 1 0 0 0 1.42 1.42l3.88-3.88a2.52 2.52 0 0 1 3.5 0 2.47 2.47 0 0 1 0 3.5l-3.88 3.88a1 1 0 1 0 1.42 1.42l3.88-3.89a4.49 4.49 0 0 0 0-6.33ZM8.83 15.17a1 1 0 0 0 1.1.22 1 1 0 0 0 .32-.22l4.92-4.92a1 1 0 0 0-1.42-1.42l-4.92 4.92a1 1 0 0 0 0 1.42Z\"></path></svg>\n </a>\n </div>\n <p>Over the last four years (<a href=\"https://blog.cloudflare.com/cloudflare-radar-2020-year-in-review/\"><u>2020</u></a>, <a href=\"https://blog.cloudflare.com/cloudflare-radar-2021-year-in-review/\"><u>2021</u></a>, <a href=\"https://blog.cloudflare.com/radar-2022-year-in-review/\"><u>2022</u></a>, <a href=\"https://blog.cloudflare.com/radar-2023-year-in-review/\"><u>2023</u></a>), we have aggregated perspectives from <a href=\"https://radar.cloudflare.com/\"><u>Cloudflare Radar</u></a> into an annual Year In Review, illustrating the Internet’s patterns across multiple areas over the course of that year. The <a href=\"https://radar.cloudflare.com/year-in-review/2024\"><u>Cloudflare Radar 2024 Year In Review</u></a> microsite continues that tradition, featuring interactive charts, graphs, and maps you can use to explore and compare notable Internet trends observed throughout this past year.</p><p>Cloudflare’s <a href=\"https://www.cloudflare.com/network\"><u>network</u></a> currently spans more than 330 cities in over 120 countries/regions, serving an average of over 63 million HTTP(S) requests per second for millions of Internet properties, in addition to handling over 42 million DNS requests per second on average. The resulting data generated by this usage, combined with data from other complementary Cloudflare tools, enables Radar to provide unique near-real time perspectives on the patterns and trends around security, traffic, performance, and usage that we observe across the Internet. </p><p>The 2024 Year In Review is organized into five sections: <a href=\"https://radar.cloudflare.com/year-in-review/2024#traffic\"><u>Traffic</u></a>, <a href=\"https://radar.cloudflare.com/year-in-review/2024#adoption-and-usage\"><u>Adoption &amp; Usage</u></a>, <a href=\"https://radar.cloudflare.com/year-in-review/2024#connectivity\"><u>Connectivity</u></a>, <a href=\"https://radar.cloudflare.com/year-in-review/2024#security\"><u>Security</u></a>, and <a href=\"https://radar.cloudflare.com/year-in-review/2024#email-security\"><u>Email Security</u></a> and covers the period from January 1 to December 1, 2024. We have incorporated several new metrics this year, including AI bot &amp; crawler traffic, search engine and browser market share, connection tampering, and “most dangerous” top level domains (TLDs). To ensure consistency, we have kept underlying methodologies consistent with previous years’ calculations. Trends for 200 countries/regions are available on the microsite; smaller or less populated locations are excluded due to insufficient data. Some metrics are only shown worldwide, and are not displayed if a country/region is selected. </p><p>Below, we provide an overview of the content contained within the major Year In Review sections (Traffic, Adoption &amp; Usage, Connectivity, Security, and Email Security), along with notable observations and key findings. In addition, we have also published a companion blog post that specifically explores trends seen across <a href=\"https://blog.cloudflare.com/radar-2024-year-in-review-internet-services/\"><u>Top Internet Services</u></a>.</p><p>The key findings and associated discussion within this post only provide a high-level perspective on the unique insights that can be found in the <a href=\"https://radar.cloudflare.com/year-in-review/2024\"><u>Year in Review microsite</u></a>. Visit the microsite to explore the various datasets and metrics in more detail, including trends seen in your country/region, how these trends have changed as compared to 2023, and how they compare to other countries/regions of interest. Surveying the Internet from this vantage point provides insights that can inform decisions on everything from an organization’s security posture and IT priorities to product development and strategy. </p>\n <div class=\"flex anchor relative\">\n <h2 id=\"traffic-trends\">Traffic trends</h2>\n <a href=\"#traffic-trends\" aria-hidden=\"true\" class=\"relative sm:absolute sm:-left-5\">\n <svg width=\"16\" height=\"16\" viewBox=\"0 0 24 24\"><path fill=\"currentcolor\" d=\"m12.11 15.39-3.88 3.88a2.52 2.52 0 0 1-3.5 0 2.47 2.47 0 0 1 0-3.5l3.88-3.88a1 1 0 0 0-1.42-1.42l-3.88 3.89a4.48 4.48 0 0 0 6.33 6.33l3.89-3.88a1 1 0 1 0-1.42-1.42Zm8.58-12.08a4.49 4.49 0 0 0-6.33 0l-3.89 3.88a1 1 0 0 0 1.42 1.42l3.88-3.88a2.52 2.52 0 0 1 3.5 0 2.47 2.47 0 0 1 0 3.5l-3.88 3.88a1 1 0 1 0 1.42 1.42l3.88-3.89a4.49 4.49 0 0 0 0-6.33ZM8.83 15.17a1 1 0 0 0 1.1.22 1 1 0 0 0 .32-.22l4.92-4.92a1 1 0 0 0-1.42-1.42l-4.92 4.92a1 1 0 0 0 0 1.42Z\"></path></svg>\n </a>\n </div>\n \n <figure class=\"kg-card kg-image-card\">\n <Image src=\"https://cf-assets.www.cloudflare.com/zkvhlag99gkb/4XlL4SnJROa2fArrtUheuo/822ede9708eb6e9aeeebce4331d62140/2627_Graph.png\" alt=\"2627 Graph\" class=\"kg-image\" width=\"1999\" height=\"417\" loading=\"lazy\"/>\n </figure>\n <div class=\"flex anchor relative\">\n <h3 id=\"global-internet-traffic-grew-17-2-in-2024\">Global Internet traffic grew 17.2% in 2024.</h3>\n <a href=\"#global-internet-traffic-grew-17-2-in-2024\" aria-hidden=\"true\" class=\"relative sm:absolute sm:-left-5\">\n <svg width=\"16\" height=\"16\" viewBox=\"0 0 24 24\"><path fill=\"currentcolor\" d=\"m12.11 15.39-3.88 3.88a2.52 2.52 0 0 1-3.5 0 2.47 2.47 0 0 1 0-3.5l3.88-3.88a1 1 0 0 0-1.42-1.42l-3.88 3.89a4.48 4.48 0 0 0 6.33 6.33l3.89-3.88a1 1 0 1 0-1.42-1.42Zm8.58-12.08a4.49 4.49 0 0 0-6.33 0l-3.89 3.88a1 1 0 0 0 1.42 1.42l3.88-3.88a2.52 2.52 0 0 1 3.5 0 2.47 2.47 0 0 1 0 3.5l-3.88 3.88a1 1 0 1 0 1.42 1.42l3.88-3.89a4.49 4.49 0 0 0 0-6.33ZM8.83 15.17a1 1 0 0 0 1.1.22 1 1 0 0 0 .32-.22l4.92-4.92a1 1 0 0 0-1.42-1.42l-4.92 4.92a1 1 0 0 0 0 1.42Z\"></path></svg>\n </a>\n </div>\n <p>An inflection point for Internet traffic arguably occurred thirty years ago. The World Wide Web went mainstream in 1994, thanks to the late 1993 <a href=\"https://cybercultural.com/p/1993-mosaic-launches-and-the-web-is-set-free/\"><u>release</u></a> of the <a href=\"https://www.ncsa.illinois.edu/research/project-highlights/ncsa-mosaic/\"><u>NCSA Mosaic</u></a> browser for multiple popular operating systems, which included support for embedded images. In turn, “heavier” (in contrast to text-based) Internet content became the norm, and coupled with the growth in consumption through popular online services and the emerging consumer ISP industry, <a href=\"https://blogs.cisco.com/sp/the-history-and-future-of-internet-traffic\"><u>Internet traffic began to rapidly increase</u></a>, and that trend has continued to the present.</p><p>To determine the traffic trends over time for the Year in Review, we use the average daily traffic volume (excluding bot traffic) over the second full calendar week (January 8-15) of 2024 as our baseline. (The second calendar week is used to allow time for people to get back into their “normal” school and work routines after the winter holidays and New Year’s Day. The percent change shown in the traffic trends chart is calculated relative to the baseline value — it does not represent absolute traffic volume for a country/region. The trend line represents a seven-day trailing average, which is used to smooth the sharp changes seen with data at a daily granularity. To compare 2024’s traffic trends with 2023 data and/or other locations, click the “Compare” icon at the upper right of the graph.</p><p>Throughout the first half of 2024, <a href=\"https://radar.cloudflare.com/year-in-review/2024?#internet-traffic-growth\"><u>worldwide Internet traffic growth</u></a> appeared to be fairly limited, within a percent or two on either side of the baseline value through mid-August. However, at that time growth clearly began to accelerate, climbing consistently through the end of November, growing 17.2% for the year. This trend is similar to those also seen in 2023 and 2022, as we discussed in the <a href=\"https://blog.cloudflare.com/radar-2023-year-in-review/\"><u>2023 Year in Review blog post</u></a>.</p>\n <figure class=\"kg-card kg-image-card\">\n <Image src=\"https://cf-assets.www.cloudflare.com/zkvhlag99gkb/5NjOCs902pW74OQ0bx2usy/58896c0bc06b4a9c819736bde28ed3f4/traffic_-_worldwide.png\" alt=\"Internet traffic trends in 2024, worldwide\" class=\"kg-image\" width=\"1575\" height=\"840\" loading=\"lazy\"/>\n </figure><p><sup><i>Internet traffic trends in 2024, worldwide</i></sup></p><p>The West African country of <a href=\"https://radar.cloudflare.com/year-in-review/2024/gn?previousYear=true\"><u>Guinea</u></a> experienced the most significant Internet traffic growth seen in 2024, reaching as much as 350% above baseline. Traffic growth didn’t begin in earnest until late February, and reached an initial peak in early April. It remained between 100% and 200% above baseline until September, when it experienced several multi-week periods of growth. While the September-November periods of traffic growth also occurred in 2023, they peaked at under 90% above baseline.</p><p>The impact of significant Internet outages is also clearly visible when looking at data across the year. Two significant Internet outages in <a href=\"https://radar.cloudflare.com/year-in-review/2024/cu#internet-traffic-growth\"><u>Cuba</u></a> are clearly visible as large drops in traffic in October and November. A reported “complete disconnection” of the national electricity system on the island <a href=\"https://x.com/CloudflareRadar/status/1847325224208891950\"><u>occurred on October 18</u></a>, lasting <a href=\"https://x.com/CloudflareRadar/status/1848680148813406474\"><u>just over three days</u></a>. Just a couple of weeks later, on November 6, <a href=\"https://x.com/CloudflareRadar/status/1854291286322544752\"><u>damage from Hurricane Rafael caused widespread power outages in Cuba</u></a>, resulting in another large drop in Internet traffic. Traffic has remained lower as Cuba’s electrical infrastructure <a href=\"https://x.com/CloudflareRadar/status/1864263679442567604\"><u>continues to struggle</u></a>.</p>\n <figure class=\"kg-card kg-image-card\">\n <Image src=\"https://cf-assets.www.cloudflare.com/zkvhlag99gkb/2rvK8AFYdcJAgQhJQUTiQw/8c4790fd06af8323636878977a9d712c/traffic_-_Cuba.png\" alt=\"traffic - Cuba\" class=\"kg-image\" width=\"1575\" height=\"840\" loading=\"lazy\"/>\n </figure><p><sup><i>Internet traffic trends in 2024, Cuba</i></sup></p><p>As we frequently discuss in Cloudflare Radar blog and social media posts, government-directed Internet shutdowns occur all too frequently, and the impact of these actions are also clearly visible when looking at long-term traffic data. In <a href=\"https://radar.cloudflare.com/year-in-review/2024/bd#internet-traffic-growth\"><u>Bangladesh</u></a>, the government ordered the <a href=\"https://blog.cloudflare.com/q3-2024-internet-disruption-summary/#bangladesh\"><u>shutdown of mobile Internet connectivity</u></a> on July 18, in response to student protests. Shortly after mobile networks were shut down, fixed broadband networks were taken offline as well, resulting in a near complete loss of Internet traffic from the country. Connectivity gradually returned over the course of several days, between July 23-28.</p>\n <figure class=\"kg-card kg-image-card\">\n <Image src=\"https://cf-assets.www.cloudflare.com/zkvhlag99gkb/5FvubyG6qMeZ9hv1wgFayl/91d356b23788a8f9cdd970cc7e65f8fc/traffic_-_Bangladesh.png\" alt=\"traffic - Bangladesh\" class=\"kg-image\" width=\"1575\" height=\"840\" loading=\"lazy\"/>\n </figure><p><sup><i>Internet traffic trends in 2024, Bangladesh</i></sup></p><p>As we also noted last year, the celebration of major holidays can also have a visible impact on Internet traffic at a country level. For example, in Muslim countries including <a href=\"https://radar.cloudflare.com/year-in-review/2024/ae?compareWith=ID#internet-traffic-growth\"><u>Indonesia and the United Arab Emirates</u></a>, the celebration of Eid al-Fitr, the festival marking the end of the fast of Ramadan, is visible as a noticeable drop in traffic around April 9-10. </p>\n <figure class=\"kg-card kg-image-card\">\n <Image src=\"https://cf-assets.www.cloudflare.com/zkvhlag99gkb/aFTFP2banlfW65XkjUIZM/84bfd5db1036da1b4740843575217113/traffic_-_UAE_Indonesia.png\" alt=\"traffic - UAE Indonesia\" class=\"kg-image\" width=\"1575\" height=\"840\" loading=\"lazy\"/>\n </figure><p><sup><i>Internet traffic trends in 2024, Indonesia and United Arab Emirates</i></sup></p>\n <div class=\"flex anchor relative\">\n <h3 id=\"google-maintained-its-position-as-the-most-popular-internet-service-openai-binance-whatsapp-and-facebook-led-their-respective-categories\">Google maintained its position as the most popular Internet service. OpenAI, Binance, WhatsApp, and Facebook led their respective categories. </h3>\n <a href=\"#google-maintained-its-position-as-the-most-popular-internet-service-openai-binance-whatsapp-and-facebook-led-their-respective-categories\" aria-hidden=\"true\" class=\"relative sm:absolute sm:-left-5\">\n <svg width=\"16\" height=\"16\" viewBox=\"0 0 24 24\"><path fill=\"currentcolor\" d=\"m12.11 15.39-3.88 3.88a2.52 2.52 0 0 1-3.5 0 2.47 2.47 0 0 1 0-3.5l3.88-3.88a1 1 0 0 0-1.42-1.42l-3.88 3.89a4.48 4.48 0 0 0 6.33 6.33l3.89-3.88a1 1 0 1 0-1.42-1.42Zm8.58-12.08a4.49 4.49 0 0 0-6.33 0l-3.89 3.88a1 1 0 0 0 1.42 1.42l3.88-3.88a2.52 2.52 0 0 1 3.5 0 2.47 2.47 0 0 1 0 3.5l-3.88 3.88a1 1 0 1 0 1.42 1.42l3.88-3.89a4.49 4.49 0 0 0 0-6.33ZM8.83 15.17a1 1 0 0 0 1.1.22 1 1 0 0 0 .32-.22l4.92-4.92a1 1 0 0 0-1.42-1.42l-4.92 4.92a1 1 0 0 0 0 1.42Z\"></path></svg>\n </a>\n </div>\n <p>Over the last several years, the Year In Review has ranked the <a href=\"https://radar.cloudflare.com/year-in-review/2024#internet-services\"><u>most popular Internet services</u></a>. These rankings cover an “overall” perspective, as well as a dozen more specific categories, based on analysis of anonymized query data of traffic to our <a href=\"https://1.1.1.1/dns\"><u>1.1.1.1 public DNS resolver</u></a> from millions of users around the world. For the purposes of these rankings, domains that belong to a single Internet service are grouped together.</p><p>Google once again held the top spot overall, supported by its broad portfolio of services, as well as the popularity of the Android mobile operating system (more on that <a href=\"#globally-nearly-one-third-of-mobile-device-traffic-was-from-apple-ios-devices-android-had-a-90-share-of-mobile-device-traffic-in-29-countries-regions-peak-ios-mobile-device-traffic-share-was-over-60-in-eight-countries-regions\"><u>below</u></a>). Meta properties Facebook, Instagram, and WhatsApp also held spots in the top 10.</p><p><a href=\"https://www.cloudflare.com/learning/ai/what-is-generative-ai/\"><u>Generative AI</u></a> continued to grow in popularity throughout 2024, and in this category, OpenAI again held the top spot, building on the continued success and popularity of ChatGPT. Within Social Media, the top five remained consistent with 2023’s and 2022’s ranking, including Facebook, TikTok, Instagram, X, and Snapchat.</p><p>These categorical rankings, as well as trends seen by specific services, are explored in more detail in a separate blog post, <a href=\"https://blog.cloudflare.com/radar-2024-year-in-review-internet-services/\"><i><u>From ChatGPT to Temu: ranking top Internet services in 2024</u></i></a>.</p>\n <div class=\"flex anchor relative\">\n <h3 id=\"global-traffic-from-starlink-grew-3-3x-in-2024-in-line-with-last-years-growth-rate-after-initiating-service-in-malawi-in-july-2023-starlink-traffic-from-that-country-grew-38x-in-2024\">Global traffic from Starlink grew 3.3x in 2024, in line with last year’s growth rate. After initiating service in Malawi in July 2023, Starlink traffic from that country grew 38x in 2024.</h3>\n <a href=\"#global-traffic-from-starlink-grew-3-3x-in-2024-in-line-with-last-years-growth-rate-after-initiating-service-in-malawi-in-july-2023-starlink-traffic-from-that-country-grew-38x-in-2024\" aria-hidden=\"true\" class=\"relative sm:absolute sm:-left-5\">\n <svg width=\"16\" height=\"16\" viewBox=\"0 0 24 24\"><path fill=\"currentcolor\" d=\"m12.11 15.39-3.88 3.88a2.52 2.52 0 0 1-3.5 0 2.47 2.47 0 0 1 0-3.5l3.88-3.88a1 1 0 0 0-1.42-1.42l-3.88 3.89a4.48 4.48 0 0 0 6.33 6.33l3.89-3.88a1 1 0 1 0-1.42-1.42Zm8.58-12.08a4.49 4.49 0 0 0-6.33 0l-3.89 3.88a1 1 0 0 0 1.42 1.42l3.88-3.88a2.52 2.52 0 0 1 3.5 0 2.47 2.47 0 0 1 0 3.5l-3.88 3.88a1 1 0 1 0 1.42 1.42l3.88-3.89a4.49 4.49 0 0 0 0-6.33ZM8.83 15.17a1 1 0 0 0 1.1.22 1 1 0 0 0 .32-.22l4.92-4.92a1 1 0 0 0-1.42-1.42l-4.92 4.92a1 1 0 0 0 0 1.42Z\"></path></svg>\n </a>\n </div>\n <p>SpaceX’s Starlink continues to be the leading satellite Internet service provider, bringing connectivity to unserved or underserved areas. In addition to opening up new markets in 2024, Starlink also announced relationships to provide in-flight connectivity to <a href=\"https://www.cnbc.com/2024/09/17/spacexs-starlink-has-2500-aircraft-under-contract.html\"><u>multiple airlines</u></a>, and on <a href=\"https://x.com/Starlink/status/1790426484022342081\"><u>cruise ships</u></a> and <a href=\"https://x.com/Starlink/status/1857166233969607123\"><u>trains</u></a>, as well as enabling subscribers to roam with their subscription using the <a href=\"https://www.theverge.com/2024/7/11/24196294/starlink-mini-available-us-price-specs\"><u>Starlink Mini</u></a>.</p><p>We analyzed aggregate Cloudflare traffic volumes associated with Starlink&#39;s primary <a href=\"https://www.cloudflare.com/learning/network-layer/what-is-an-autonomous-system/\"><u>autonomous system</u></a> (<a href=\"https://radar.cloudflare.com/as14593\"><u>AS14593</u></a>) to track the growth in usage of the service throughout 2024. Similar to the traffic trends discussed above, the request volume shown on the trend line in the chart represents a seven-day trailing average. Comparisons with 2023 data can be shown by clicking the “Compare” icon at the upper right of the graph. Within comparative views, the lines are scaled to the maximum value shown.</p><p>On a <a href=\"https://radar.cloudflare.com/year-in-review/2024#starlink-traffic.trends\"><u>worldwide</u></a> basis, steady, consistent growth was seen across the year, though it accelerates throughout November. This acceleration may have been driven by traffic associated with customer-specific large software updates. </p>\n <figure class=\"kg-card kg-image-card\">\n <Image src=\"https://cf-assets.www.cloudflare.com/zkvhlag99gkb/6Dy2qt4O5b3MCswkckhELA/aa29c7235497bed8c985aa9dd9b63477/traffic_-_Starlink_worldwide.png\" alt=\"traffic - Starlink worldwide\" class=\"kg-image\" width=\"1575\" height=\"840\" loading=\"lazy\"/>\n </figure><p><sup><i>Starlink traffic growth worldwide in 2024</i></sup></p><p>In many locations, there is pent-up demand for “alternative” connectivity providers such as Starlink, and in these countries/regions, we see rapid traffic growth when service becomes available, such as in <a href=\"https://radar.cloudflare.com/year-in-review/2024/zw#starlink-traffic.trends\"><u>Zimbabwe</u></a>. Service availability was <a href=\"https://x.com/Starlink/status/1832392080481563037\"><u>announced on September 7</u></a>, and traffic from the country began to grow rapidly almost immediately thereafter.</p>\n <figure class=\"kg-card kg-image-card\">\n <Image src=\"https://cf-assets.www.cloudflare.com/zkvhlag99gkb/1aLywcrB5w88flsDyK1R1q/1039d989e19dc566cf5f62e60f3f1886/traffic_-_Starlink_Zimbabwe.png\" alt=\"traffic - Starlink Zimbabwe\" class=\"kg-image\" width=\"1575\" height=\"840\" loading=\"lazy\"/>\n </figure><p><sup><i>Starlink traffic growth in Zimbabwe in 2024</i></sup></p><p>In new markets, traffic growth continues after that initial increase. For example Starlink service became available in Malawi <a href=\"https://x.com/Starlink/status/1683897037639790592\"><u>in July 2023</u></a>, and throughout 2024, Starlink traffic from the country grew 38x. While <a href=\"https://radar.cloudflare.com/year-in-review/2024/mw#starlink-traffic.trends\"><u>Malawi’s 38x increase</u></a> is impressive, other countries also experienced significant growth. In the Eastern European country of <a href=\"https://radar.cloudflare.com/year-in-review/2024/ge#starlink-traffic.trends\"><u>Georgia</u></a>, <a href=\"https://x.com/Starlink/status/1719581885200998485\"><u>service became available on November 1, 2023</u></a>. After a slow ramp, traffic began to take off growing over 100x through 2024. In <a href=\"https://radar.cloudflare.com/year-in-review/2024/py#starlink-traffic.trends\"><u>Paraguay</u></a>, <a href=\"https://x.com/Starlink/status/1737914318522581489\"><u>service availability was announced on December 21</u></a>, and began to grow at the beginning of January, registering an increase of over 900x across the year.</p>\n <figure class=\"kg-card kg-image-card\">\n <Image src=\"https://cf-assets.www.cloudflare.com/zkvhlag99gkb/6AXOON7CO7XgnWSNnezoiF/bd56192d682c574a2d242845bb0eda16/traffic_-_Starlink_Malawi.png\" alt=\"traffic - Starlink Malawi\" class=\"kg-image\" width=\"1575\" height=\"840\" loading=\"lazy\"/>\n </figure><p><sup><i>Starlink traffic growth in Malawi in 2024</i></sup></p>\n <div class=\"flex anchor relative\">\n <h3 id=\"googlebot-was-responsible-for-the-highest-volume-of-request-traffic-to-cloudflare-in-2024-as-it-retrieved-content-from-millions-of-cloudflare-customer-sites-for-search-indexing\">Googlebot was responsible for the highest volume of request traffic to Cloudflare in 2024 as it retrieved content from millions of Cloudflare customer sites for search indexing. </h3>\n <a href=\"#googlebot-was-responsible-for-the-highest-volume-of-request-traffic-to-cloudflare-in-2024-as-it-retrieved-content-from-millions-of-cloudflare-customer-sites-for-search-indexing\" aria-hidden=\"true\" class=\"relative sm:absolute sm:-left-5\">\n <svg width=\"16\" height=\"16\" viewBox=\"0 0 24 24\"><path fill=\"currentcolor\" d=\"m12.11 15.39-3.88 3.88a2.52 2.52 0 0 1-3.5 0 2.47 2.47 0 0 1 0-3.5l3.88-3.88a1 1 0 0 0-1.42-1.42l-3.88 3.89a4.48 4.48 0 0 0 6.33 6.33l3.89-3.88a1 1 0 1 0-1.42-1.42Zm8.58-12.08a4.49 4.49 0 0 0-6.33 0l-3.89 3.88a1 1 0 0 0 1.42 1.42l3.88-3.88a2.52 2.52 0 0 1 3.5 0 2.47 2.47 0 0 1 0 3.5l-3.88 3.88a1 1 0 1 0 1.42 1.42l3.88-3.89a4.49 4.49 0 0 0 0-6.33ZM8.83 15.17a1 1 0 0 0 1.1.22 1 1 0 0 0 .32-.22l4.92-4.92a1 1 0 0 0-1.42-1.42l-4.92 4.92a1 1 0 0 0 0 1.42Z\"></path></svg>\n </a>\n </div>\n <p>Cloudflare Radar shows users Internet traffic trends over a selected period of time, but at a country/region or network level. However, <a href=\"https://blog.cloudflare.com/radar-2023-year-in-review/#googlebot-was-responsible-for-the-highest-volume-of-request-traffic-to-cloudflare-in-2023\"><u>as we did in 2023</u></a>, we again wanted to look at the traffic Cloudflare saw over the course of the full year from the entire IPv4 Internet. To do so, we can use <a href=\"https://en.wikipedia.org/wiki/Hilbert_curve\"><u>Hilbert curves</u></a>, which allow us to visualize a sequence of IPv4 addresses in a two-dimensional pattern that keeps nearby IP addresses close to each other, making them <a href=\"https://xkcd.com/195/\"><u>useful</u></a> for surveying the Internet&#39;s IPv4 address space.</p><p>Using a Hilbert curve, we can <a href=\"https://radar.cloudflare.com/year-in-review/2024#ipv4-traffic-distribution\"><u>visualize aggregated IPv4 request traffic to Cloudflare</u></a> from January 1 through December 1, 2024. Within the visualization, we aggregate IPv4 addresses at a <a href=\"https://www.ripe.net/about-us/press-centre/IPv4CIDRChart_2015.pdf\"><u>/20</u></a> level, meaning that at the highest zoom level, each square represents traffic from 4,096 IPv4 addresses. This aggregation is done to keep the amount of data used for the visualization manageable. (While we would like to create a similar visualization for IPv6 traffic, the enormity of the full IPv6 address space would make associated traffic very <a href=\"https://observablehq.com/@vasturiano/hilbert-map-of-ipv6-address-space\"><u>hard to see</u></a> in such a visualization, especially as such a small amount has been <a href=\"https://www.iana.org/numbers/allocations/\"><u>allocated for assignment by the Regional Internet Registries</u></a>.)</p><p>Within the visualization, IP addresses are grouped by ownership, and for much of the IP address space shown there, a mouseover at the default zoom level will show the <a href=\"https://www.nro.net/about/rirs/\"><u>Regional Internet Registry (RIR)</u></a> that the address block belongs to. However, there are also a number of blocks that were assigned prior to the existence of the RIR system, and for these, they are labeled with the name of the organization that owns them. Progressive zooming ultimately shows the autonomous system and country/region that the IP address block is associated with, as well as its share of traffic relative to the maximum. (If a country/region is selected, only the IP address blocks associated with that location are visible.) Overall traffic shares are indicated by shading based on a color scale, and although a number of large unshaded blocks are visible, this does not necessarily mean that the associated address space is unused, but rather that it may be used in a way that does not generate traffic to Cloudflare.</p>\n <figure class=\"kg-card kg-image-card\">\n <Image src=\"https://cf-assets.www.cloudflare.com/zkvhlag99gkb/6gtrL1H2gUjSKH7AMSabgM/361d38f34860258449a914e26519a4b4/traffic_-_Hilbert_curve.png\" alt=\"traffic - Hilbert curve\" class=\"kg-image\" width=\"1578\" height=\"981\" loading=\"lazy\"/>\n </figure><p><sup><i>Hilbert curve showing aggregated 2024 traffic to Cloudflare across the IPv4 Internet</i></sup></p><p>Warmer orange/red shading within the visualization represents areas of higher request volume, and buried within one of those areas is the IP address block that had the maximum request volume to Cloudflare during 2024. As it was in 2023, this address block was <a href=\"https://radar.cloudflare.com/routing/prefix/66.249.64.0/20\"><u>66.249.64.0/20</u></a>, which belongs to Google, and is <a href=\"https://developers.google.com/static/search/apis/ipranges/googlebot.json\"><u>one of several</u></a> used by the <a href=\"https://developers.google.com/search/docs/crawling-indexing/googlebot\"><u>Googlebot</u></a> web crawler to retrieve content for search indexing. This use of that address space is a likely explanation for the high request volume, given the number of web properties on Cloudflare’s network.</p>\n <figure class=\"kg-card kg-image-card\">\n <Image src=\"https://cf-assets.www.cloudflare.com/zkvhlag99gkb/g5rQhT7r4DsgpzYdMT3QT/0d6809d96791ee7165ada170d24156e3/traffic_-_Hilbert_curve_Googlebot.png\" alt=\"traffic - Hilbert curve Googlebot\" class=\"kg-image\" width=\"1578\" height=\"981\" loading=\"lazy\"/>\n </figure><p><sup><i>Zoomed Hilbert curve view showing the IPv4 address block that generated the highest volume of requests</i></sup></p><p>In addition to Google, owners of other prefixes in the top 20 include Alibaba, Microsoft, Amazon, and Apple. To explore the IPv4 Internet in more detail, we encourage you to go to <a href=\"https://radar.cloudflare.com/year-in-review/2024/#ipv4-traffic-distribution\"><u>the Year in Review microsite</u></a> and explore it by dragging and zooming to move around IPv4 address space.</p>\n <div class=\"flex anchor relative\">\n <h3 id=\"among-ai-bots-and-crawlers-bytespider-bytedance-traffic-gradually-declined-over-the-course-of-2024-while-claudebot-anthropic-was-more-active-during-the-back-half-of-the-year\">Among AI bots and crawlers, Bytespider (ByteDance) traffic gradually declined over the course of 2024, while ClaudeBot (Anthropic) was more active during the back half of the year.</h3>\n <a href=\"#among-ai-bots-and-crawlers-bytespider-bytedance-traffic-gradually-declined-over-the-course-of-2024-while-claudebot-anthropic-was-more-active-during-the-back-half-of-the-year\" aria-hidden=\"true\" class=\"relative sm:absolute sm:-left-5\">\n <svg width=\"16\" height=\"16\" viewBox=\"0 0 24 24\"><path fill=\"currentcolor\" d=\"m12.11 15.39-3.88 3.88a2.52 2.52 0 0 1-3.5 0 2.47 2.47 0 0 1 0-3.5l3.88-3.88a1 1 0 0 0-1.42-1.42l-3.88 3.89a4.48 4.48 0 0 0 6.33 6.33l3.89-3.88a1 1 0 1 0-1.42-1.42Zm8.58-12.08a4.49 4.49 0 0 0-6.33 0l-3.89 3.88a1 1 0 0 0 1.42 1.42l3.88-3.88a2.52 2.52 0 0 1 3.5 0 2.47 2.47 0 0 1 0 3.5l-3.88 3.88a1 1 0 1 0 1.42 1.42l3.88-3.89a4.49 4.49 0 0 0 0-6.33ZM8.83 15.17a1 1 0 0 0 1.1.22 1 1 0 0 0 .32-.22l4.92-4.92a1 1 0 0 0-1.42-1.42l-4.92 4.92a1 1 0 0 0 0 1.42Z\"></path></svg>\n </a>\n </div>\n <p>AI bots and crawlers have been in the news throughout 2024 as they voraciously consume content to train ever-evolving models. Controversy has followed them, as not all bots and crawlers respect content owner directives to restrict crawling activity. In July, Cloudflare enabled customers to <a href=\"https://blog.cloudflare.com/declaring-your-aindependence-block-ai-bots-scrapers-and-crawlers-with-a-single-click/\"><u>block these bots and crawlers with a single click</u></a>, and during Birthday Week <a href=\"https://blog.cloudflare.com/cloudflare-ai-audit-control-ai-content-crawlers/\"><u>we introduced AI Audit</u></a> to give website owners even more visibility into and control over how AI platforms access their content. </p><p>Tracking traffic trends for AI bots can help us better understand their activity over time — observing which are the most aggressive and have the highest volume of requests, which perform crawls on a regular basis, etc. The new <a href=\"https://radar.cloudflare.com/traffic#ai-bot-crawler-traffic\"><u>AI bot &amp; crawler traffic graph on Radar’s Traffic page</u></a>, <a href=\"https://blog.cloudflare.com/bringing-ai-to-cloudflare/#ai-bot-traffic-insights-on-cloudflare-radar\"><u>launched in September</u></a>, provides insight into these traffic trends gathered over the selected time period for the top known AI bots. </p><p><a href=\"https://radar.cloudflare.com/year-in-review/2024#ai-bot-and-crawler-traffic\"><u>Looking at traffic trends</u></a> from two of those bots, we can see some interesting patterns. <a href=\"https://darkvisitors.com/agents/bytespider\"><u>Bytespider</u></a> is a crawler operated by ByteDance, the Chinese owner of TikTok, and is reportedly used to download training data for ByteDance’s Large Language Models (LLMs). Bytespider’s crawling activity trended generally downwards over the course of 2024, with end-of-November activity approximately 80-85% lower than that seen at the start of the year. <a href=\"https://darkvisitors.com/agents/claudebot\"><u>ClaudeBot</u></a> is Anthropic’s crawler, which downloads training data for its LLMs that power AI products like Claude. Traffic from ClaudeBot appeared to be mostly non-existent through mid-April, except for some small spikes that possibly represent test runs. Traffic became more consistently non-zero starting in late April, but after an early spike, trailed off through the remainder of the year.</p>\n <figure class=\"kg-card kg-image-card\">\n <Image src=\"https://cf-assets.www.cloudflare.com/zkvhlag99gkb/7cm0SG0GC36Z3dFu3A6p3J/10a6e32a469984b2083ee0c2ed743d53/traffic_-_AI_bots_--_NEW.png\" alt=\"traffic - AI bots\" class=\"kg-image\" width=\"1575\" height=\"840\" loading=\"lazy\"/>\n </figure><p><sup><i>Traffic trends for AI crawlers Bytespider and ClaudeBot in 2024</i></sup></p><p>Traffic trends for the full list of AI bots &amp; crawlers can be found in the <a href=\"https://radar.cloudflare.com/explorer?dataSet=ai.bots&dt=2024-01-01_2024-12-31\"><u>Cloudflare Radar Data Explorer</u></a>.</p>\n <div class=\"flex anchor relative\">\n <h3 id=\"13-0-of-tls-1-3-traffic-is-using-post-quantum-encryption\">13.0% of TLS 1.3 traffic is using post-quantum encryption.</h3>\n <a href=\"#13-0-of-tls-1-3-traffic-is-using-post-quantum-encryption\" aria-hidden=\"true\" class=\"relative sm:absolute sm:-left-5\">\n <svg width=\"16\" height=\"16\" viewBox=\"0 0 24 24\"><path fill=\"currentcolor\" d=\"m12.11 15.39-3.88 3.88a2.52 2.52 0 0 1-3.5 0 2.47 2.47 0 0 1 0-3.5l3.88-3.88a1 1 0 0 0-1.42-1.42l-3.88 3.89a4.48 4.48 0 0 0 6.33 6.33l3.89-3.88a1 1 0 1 0-1.42-1.42Zm8.58-12.08a4.49 4.49 0 0 0-6.33 0l-3.89 3.88a1 1 0 0 0 1.42 1.42l3.88-3.88a2.52 2.52 0 0 1 3.5 0 2.47 2.47 0 0 1 0 3.5l-3.88 3.88a1 1 0 1 0 1.42 1.42l3.88-3.89a4.49 4.49 0 0 0 0-6.33ZM8.83 15.17a1 1 0 0 0 1.1.22 1 1 0 0 0 .32-.22l4.92-4.92a1 1 0 0 0-1.42-1.42l-4.92 4.92a1 1 0 0 0 0 1.42Z\"></path></svg>\n </a>\n </div>\n <p>The term “<a href=\"https://en.wikipedia.org/wiki/Post-quantum_cryptography\"><u>post-quantum</u></a>” refers to a new set of cryptographic techniques designed to protect data from adversaries that have the ability to capture and store current data for decryption by sufficiently powerful quantum computers in the future. The Cloudflare Research team has been <a href=\"https://blog.cloudflare.com/sidh-go/\"><u>exploring post-quantum cryptography since 2017</u></a>.</p><p>In October 2022, we enabled <a href=\"https://blog.cloudflare.com/post-quantum-for-all/\"><u>post-quantum key agreement</u></a> on our network by default, but use of it requires that browsers and clients support it as well. In 2024, Google&#39;s <a href=\"https://developer.chrome.com/release-notes/124\"><u>Chrome 124</u></a> enabled it by default on April 17, and <a href=\"https://radar.cloudflare.com/year-in-review/2024#post-quantum-encryption\"><u>adoption grew rapidly following that release</u></a>, increasing from just over 2% of requests to around 12% within a month, and ended November at 13%. We expect that adoption will continue to grow into and during 2025 due to support in other Chromium-based browsers, growing default support in Mozilla Firefox, and initial testing in Apple Safari.</p>\n <figure class=\"kg-card kg-image-card\">\n <Image src=\"https://cf-assets.www.cloudflare.com/zkvhlag99gkb/4ipRtCowVftgad37ht9uMF/68958f72a47bbc179959c2d7ac6cdd72/traffic_-_post-quantum_worldwide.png\" alt=\"traffic - post-quantum worldwide\" class=\"kg-image\" width=\"1575\" height=\"840\" loading=\"lazy\"/>\n </figure><p><sup><i>Growth trends in post-quantum encrypted TLS 1.3 traffic during 2024</i></sup></p>\n <div class=\"flex anchor relative\">\n <h2 id=\"adoption-usage-insights\">Adoption & Usage insights</h2>\n <a href=\"#adoption-usage-insights\" aria-hidden=\"true\" class=\"relative sm:absolute sm:-left-5\">\n <svg width=\"16\" height=\"16\" viewBox=\"0 0 24 24\"><path fill=\"currentcolor\" d=\"m12.11 15.39-3.88 3.88a2.52 2.52 0 0 1-3.5 0 2.47 2.47 0 0 1 0-3.5l3.88-3.88a1 1 0 0 0-1.42-1.42l-3.88 3.89a4.48 4.48 0 0 0 6.33 6.33l3.89-3.88a1 1 0 1 0-1.42-1.42Zm8.58-12.08a4.49 4.49 0 0 0-6.33 0l-3.89 3.88a1 1 0 0 0 1.42 1.42l3.88-3.88a2.52 2.52 0 0 1 3.5 0 2.47 2.47 0 0 1 0 3.5l-3.88 3.88a1 1 0 1 0 1.42 1.42l3.88-3.89a4.49 4.49 0 0 0 0-6.33ZM8.83 15.17a1 1 0 0 0 1.1.22 1 1 0 0 0 .32-.22l4.92-4.92a1 1 0 0 0-1.42-1.42l-4.92 4.92a1 1 0 0 0 0 1.42Z\"></path></svg>\n </a>\n </div>\n \n <figure class=\"kg-card kg-image-card\">\n <Image src=\"https://cf-assets.www.cloudflare.com/zkvhlag99gkb/177RCO2sEvFJJeJeCBzZim/68acfcc309c57ef2027e9291a5f76d2f/2627_Shield.png\" alt=\"2627 Shield\" class=\"kg-image\" width=\"1999\" height=\"417\" loading=\"lazy\"/>\n </figure>\n <div class=\"flex anchor relative\">\n <h3 id=\"globally-nearly-one-third-of-mobile-device-traffic-was-from-apple-ios-devices-android-had-a-90-share-of-mobile-device-traffic-in-29-countries-regions-peak-ios-mobile-device-traffic-share-was-over-60-in-eight-countries-regions\">Globally, nearly one-third of mobile device traffic was from Apple iOS devices. Android had a >90% share of mobile device traffic in 29 countries/regions; peak iOS mobile device traffic share was over 60% in eight countries/regions.</h3>\n <a href=\"#globally-nearly-one-third-of-mobile-device-traffic-was-from-apple-ios-devices-android-had-a-90-share-of-mobile-device-traffic-in-29-countries-regions-peak-ios-mobile-device-traffic-share-was-over-60-in-eight-countries-regions\" aria-hidden=\"true\" class=\"relative sm:absolute sm:-left-5\">\n <svg width=\"16\" height=\"16\" viewBox=\"0 0 24 24\"><path fill=\"currentcolor\" d=\"m12.11 15.39-3.88 3.88a2.52 2.52 0 0 1-3.5 0 2.47 2.47 0 0 1 0-3.5l3.88-3.88a1 1 0 0 0-1.42-1.42l-3.88 3.89a4.48 4.48 0 0 0 6.33 6.33l3.89-3.88a1 1 0 1 0-1.42-1.42Zm8.58-12.08a4.49 4.49 0 0 0-6.33 0l-3.89 3.88a1 1 0 0 0 1.42 1.42l3.88-3.88a2.52 2.52 0 0 1 3.5 0 2.47 2.47 0 0 1 0 3.5l-3.88 3.88a1 1 0 1 0 1.42 1.42l3.88-3.89a4.49 4.49 0 0 0 0-6.33ZM8.83 15.17a1 1 0 0 0 1.1.22 1 1 0 0 0 .32-.22l4.92-4.92a1 1 0 0 0-1.42-1.42l-4.92 4.92a1 1 0 0 0 0 1.42Z\"></path></svg>\n </a>\n </div>\n <p>The two leading mobile device operating systems globally are <a href=\"https://en.wikipedia.org/wiki/IOS\"><u>Apple’s iOS</u></a> and <a href=\"https://en.wikipedia.org/wiki/Android_(operating_system)\"><u>Google’s Android</u></a>, and by analyzing information in the <a href=\"https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/User-Agent\"><u>user agent</u></a> reported with each request, we can get insight into the distribution of traffic by client operating system throughout the year. Again, we found that Android is responsible for the majority of mobile device traffic when aggregated globally, due to the wide distribution of price points, form factors, and capabilities.</p><p>Similar to <a href=\"https://radar.cloudflare.com/year-in-review/2023#ios-vs-android\"><u>2023’s findings</u></a>, Android was once again <a href=\"https://radar.cloudflare.com/year-in-review/2024#ios-vs-android\"><u>responsible for just over two-thirds of mobile device traffic</u></a>. Looking at the top countries for Android traffic, we find a greater than 95% share in <a href=\"https://radar.cloudflare.com/year-in-review/2024/sd#ios-vs-android\"><u>Sudan</u></a>, <a href=\"https://radar.cloudflare.com/year-in-review/2024/bd#ios-vs-android\"><u>Bangladesh</u></a>, <a href=\"https://radar.cloudflare.com/year-in-review/2024/tm#ios-vs-android\"><u>Turkmenistan</u></a>, <a href=\"https://radar.cloudflare.com/year-in-review/2024/mw#ios-vs-android\"><u>Malawi</u></a>, <a href=\"https://radar.cloudflare.com/year-in-review/2024/pg#ios-vs-android\"><u>Papua New Guinea</u></a>, <a href=\"https://radar.cloudflare.com/year-in-review/2024/sy#ios-vs-android\"><u>Syria</u></a>, and <a href=\"https://radar.cloudflare.com/year-in-review/2024/ye#ios-vs-android\"><u>Yemen</u></a>, up from just two countries in 2023. Similar to last year, we again found that countries/regions with higher levels of Android usage are largely in Africa, Oceania/Asia, and South America, and that many have lower levels of <a href=\"https://ourworldindata.org/grapher/gross-national-income-per-capita?tab=table\"><u>gross national income per capita</u></a>. In these countries/regions, the availability of lower priced “budget” Android devices supports increased adoption.</p>\n <figure class=\"kg-card kg-image-card\">\n <Image src=\"https://cf-assets.www.cloudflare.com/zkvhlag99gkb/9bsuRwzYBybYpOiKqwLja/cbdafb60eab1913a91ec916899d1e807/connectivity_-_mobile_desktop.png\" alt=\"connectivity - mobile desktop\" class=\"kg-image\" width=\"1575\" height=\"268\" loading=\"lazy\"/>\n </figure><p><sup><i>Global distribution of mobile device traffic by operating system in 2024</i></sup></p><p>In contrast, iOS adoption tops out in the 65% range in <a href=\"https://radar.cloudflare.com/year-in-review/2024/je#ios-vs-android\"><u>Jersey</u></a>, the <a href=\"https://radar.cloudflare.com/year-in-review/2024/fo#ios-vs-android\"><u>Faroe Islands</u></a>, <a href=\"https://radar.cloudflare.com/year-in-review/2024/gg#ios-vs-android\"><u>Guernsey</u></a>, and <a href=\"https://radar.cloudflare.com/year-in-review/2024/dk#ios-vs-android\"><u>Denmark</u></a>. Adoption rates of 50% or more were seen in a total of 26 countries/regions, including <a href=\"https://radar.cloudflare.com/year-in-review/2024/no#ios-vs-android\"><u>Norway</u></a>, <a href=\"https://radar.cloudflare.com/year-in-review/2024/se#ios-vs-android\"><u>Sweden</u></a>, <a href=\"https://radar.cloudflare.com/year-in-review/2024/au#ios-vs-android\"><u>Australia</u></a>, <a href=\"https://radar.cloudflare.com/year-in-review/2024/jp#ios-vs-android\"><u>Japan</u></a>, the <a href=\"https://radar.cloudflare.com/year-in-review/2024/us#ios-vs-android\"><u>United States</u></a>, and <a href=\"https://radar.cloudflare.com/year-in-review/2024/ca#ios-vs-android\"><u>Canada</u></a>. These locations likely have a greater ability to afford higher priced devices, owing to their comparatively higher gross national income per capita.</p>\n <figure class=\"kg-card kg-image-card\">\n <Image src=\"https://cf-assets.www.cloudflare.com/zkvhlag99gkb/QCfjlx0TgEotwU2wPm0hE/af1359f249aec86894b681249fe7ee70/adoption_-_Android_iOS_top_5.png\" alt=\"adoption - Android iOS top 5\" class=\"kg-image\" width=\"967\" height=\"556\" loading=\"lazy\"/>\n </figure><p><sup><i>Countries/regions with the largest share of iOS traffic in 2024</i></sup></p>\n <div class=\"flex anchor relative\">\n <h3 id=\"globally-nearly-half-of-web-requests-used-http-2-with-20-5-using-http-3\">Globally, nearly half of web requests used HTTP/2, with 20.5% using HTTP/3.</h3>\n <a href=\"#globally-nearly-half-of-web-requests-used-http-2-with-20-5-using-http-3\" aria-hidden=\"true\" class=\"relative sm:absolute sm:-left-5\">\n <svg width=\"16\" height=\"16\" viewBox=\"0 0 24 24\"><path fill=\"currentcolor\" d=\"m12.11 15.39-3.88 3.88a2.52 2.52 0 0 1-3.5 0 2.47 2.47 0 0 1 0-3.5l3.88-3.88a1 1 0 0 0-1.42-1.42l-3.88 3.89a4.48 4.48 0 0 0 6.33 6.33l3.89-3.88a1 1 0 1 0-1.42-1.42Zm8.58-12.08a4.49 4.49 0 0 0-6.33 0l-3.89 3.88a1 1 0 0 0 1.42 1.42l3.88-3.88a2.52 2.52 0 0 1 3.5 0 2.47 2.47 0 0 1 0 3.5l-3.88 3.88a1 1 0 1 0 1.42 1.42l3.88-3.89a4.49 4.49 0 0 0 0-6.33ZM8.83 15.17a1 1 0 0 0 1.1.22 1 1 0 0 0 .32-.22l4.92-4.92a1 1 0 0 0-1.42-1.42l-4.92 4.92a1 1 0 0 0 0 1.42Z\"></path></svg>\n </a>\n </div>\n <p>HTTP (HyperText Transfer Protocol) is the core protocol that the web relies upon. <a href=\"https://datatracker.ietf.org/doc/html/rfc1945\"><u>HTTP/1.0</u></a> was first standardized in 1996, <a href=\"https://www.rfc-editor.org/rfc/rfc2616.html\"><u>HTTP/1.1</u></a> in 1999, and <a href=\"https://www.rfc-editor.org/rfc/rfc7540.html\"><u>HTTP/2</u></a> in 2015. The most recent version, <a href=\"https://www.rfc-editor.org/rfc/rfc9114.html\"><u>HTTP/3</u></a>, was completed in 2022, and runs on top of a new transport protocol known as <a href=\"https://blog.cloudflare.com/the-road-to-quic/\"><u>QUIC</u></a>. By running on top of QUIC, <a href=\"https://www.cloudflare.com/learning/performance/what-is-http3/\"><u>HTTP/3</u></a> can deliver improved performance by mitigating the effects of packet loss and network changes, as well as establishing connections more quickly. HTTP/3 also provides encryption by default, which mitigates the risk of attacks. </p><p>Current versions of desktop and mobile Google Chrome (and Chromium-based variants), Mozilla Firefox, and Apple Safari <a href=\"https://caniuse.com/?search=http%2F3\"><u>all support HTTP/3 by default</u></a>. Cloudflare makes HTTP/3 <a href=\"https://developers.cloudflare.com/speed/optimization/protocol/http3/\"><u>available for free</u></a> to all of our customers, although not every customer chooses to enable it.</p><p>Analysis of the HTTP version negotiated for each request provides insight into the distribution of traffic by the various versions of the protocol aggregated across the year. (“HTTP/1.x” aggregates requests made over HTTP/1.0 and HTTP/1.1.) At a <a href=\"https://radar.cloudflare.com/year-in-review/2024#http-versions\"><u>global</u></a> level, 20.5% of requests in 2024 were made using HTTP/3. Another 29.9% of requests were made over the older HTTP/1.x versions, while HTTP/2 remained dominant, accounting for the remaining 49.6%.</p>\n <figure class=\"kg-card kg-image-card\">\n <Image src=\"https://cf-assets.www.cloudflare.com/zkvhlag99gkb/r7KQkjdsXXEtxHoEkFQbO/efb19d1bbd58bef3d657b96555d70103/adoption_-_HTTP_versions_global.png\" alt=\"adoption - HTTP versions global\" class=\"kg-image\" width=\"1575\" height=\"375\" loading=\"lazy\"/>\n </figure><p><sup><i>Global distribution of traffic by HTTP version in 2024</i></sup></p><p>Looking at version distribution geographically, we found eight countries/regions sending more than a third of their requests over HTTP/3, with <a href=\"https://radar.cloudflare.com/year-in-review/2024/re#http-versions\"><u>Reunion</u></a>, <a href=\"https://radar.cloudflare.com/year-in-review/2024/lk#http-versions\"><u>Sri Lanka</u></a>, <a href=\"https://radar.cloudflare.com/year-in-review/2024/mn#http-versions\"><u>Mongolia</u></a>, <a href=\"https://radar.cloudflare.com/year-in-review/2024/gr#http-versions\"><u>Greece</u></a>, and <a href=\"https://radar.cloudflare.com/year-in-review/2024/mk#http-versions\"><u>North Macedonia</u></a> comprising the top five as shown below. Eight other countries/regions, including <a href=\"https://radar.cloudflare.com/year-in-review/2024/ir#http-versions\"><u>Iran</u></a>, <a href=\"https://radar.cloudflare.com/year-in-review/2024/ie#http-versions\"><u>Ireland</u></a>, <a href=\"https://radar.cloudflare.com/year-in-review/2024/hk#http-versions\"><u>Hong Kong</u></a>, and <a href=\"https://radar.cloudflare.com/year-in-review/2024/cn#http-versions\"><u>China</u></a>, sent more than half of their requests over HTTP/1.x throughout 2024. More than half of requests were made over HTTP/2 in a total of 147 countries/regions.</p>\n <figure class=\"kg-card kg-image-card\">\n <Image src=\"https://cf-assets.www.cloudflare.com/zkvhlag99gkb/2Zq4mMgbvw6jT6pb6LLdF7/401b98731302233b6f9674e74196e819/adoption_-_HTTP_versions_top_5.png\" alt=\"adoption - HTTP versions top 5\" class=\"kg-image\" width=\"967\" height=\"556\" loading=\"lazy\"/>\n </figure><p><sup><i>Countries/regions with the largest shares of HTTP/3 traffic in 2024</i></sup></p>\n <div class=\"flex anchor relative\">\n <h3 id=\"react-php-and-jquery-were-among-the-most-popular-technologies-used-to-build-websites-while-hubspot-google-and-wordpress-were-among-the-most-popular-vendors-of-supporting-services-and-platforms\">React, PHP, and jQuery were among the most popular technologies used to build websites, while Hubspot, Google, and WordPress were among the most popular vendors of supporting services and platforms.</h3>\n <a href=\"#react-php-and-jquery-were-among-the-most-popular-technologies-used-to-build-websites-while-hubspot-google-and-wordpress-were-among-the-most-popular-vendors-of-supporting-services-and-platforms\" aria-hidden=\"true\" class=\"relative sm:absolute sm:-left-5\">\n <svg width=\"16\" height=\"16\" viewBox=\"0 0 24 24\"><path fill=\"currentcolor\" d=\"m12.11 15.39-3.88 3.88a2.52 2.52 0 0 1-3.5 0 2.47 2.47 0 0 1 0-3.5l3.88-3.88a1 1 0 0 0-1.42-1.42l-3.88 3.89a4.48 4.48 0 0 0 6.33 6.33l3.89-3.88a1 1 0 1 0-1.42-1.42Zm8.58-12.08a4.49 4.49 0 0 0-6.33 0l-3.89 3.88a1 1 0 0 0 1.42 1.42l3.88-3.88a2.52 2.52 0 0 1 3.5 0 2.47 2.47 0 0 1 0 3.5l-3.88 3.88a1 1 0 1 0 1.42 1.42l3.88-3.89a4.49 4.49 0 0 0 0-6.33ZM8.83 15.17a1 1 0 0 0 1.1.22 1 1 0 0 0 .32-.22l4.92-4.92a1 1 0 0 0-1.42-1.42l-4.92 4.92a1 1 0 0 0 0 1.42Z\"></path></svg>\n </a>\n </div>\n <p>Modern websites and applications are extremely complex, built on and integrating on a mix of frameworks, platforms, services, and tools. In order to deliver a seamless user experience, developers must ensure that all of these components happily coexist with each other. Using <a href=\"https://radar.cloudflare.com/scan\"><u>Cloudflare Radar’s URL Scanner</u></a>, we again scanned websites associated with the <a href=\"https://radar.cloudflare.com/domains\"><u>top 5000 domains</u></a> to identify the <a href=\"https://radar.cloudflare.com/year-in-review/2024#website-technologies\"><u>most popular technologies and services</u></a> used across a dozen different categories. </p><p>In looking at core technologies used to build websites, <a href=\"https://react.dev/\"><u>React</u></a> had a commanding lead over <a href=\"https://vuejs.org/\"><u>Vue.js</u></a> and other JavaScript frameworks, <a href=\"https://www.php.net/\"><u>PHP</u></a> was the most popular programming technology, and <a href=\"https://jquery.com/\"><u>jQuery</u></a>’s share was 10x other popular JavaScript libraries.</p><p>Third-party services and platforms are also used by websites and applications to support things like analytics, content management, and marketing automation. Google Analytics remained the most widely used analytics provider, WordPress had a greater than 50% share among content management systems, and for marketing automation providers, category leader HubSpot had nearly twice the usage share of Marketo and MailChimp.</p>\n <figure class=\"kg-card kg-image-card\">\n <Image src=\"https://cf-assets.www.cloudflare.com/zkvhlag99gkb/2fJS1OpqRlVCsZ9VOXdU89/c01320ff9d20da4ad2471de780a86033/adoption_-_top_website_technologies.png\" alt=\"adoption - top website technologies\" class=\"kg-image\" width=\"1575\" height=\"902\" loading=\"lazy\"/>\n </figure><p><sup><i>Top website technologies, JavaScript frameworks category in 2024</i></sup></p>\n <div class=\"flex anchor relative\">\n <h3 id=\"go-surpassed-nodejs-as-the-most-popular-language-used-for-making-automated-api-requests\">Go surpassed NodeJS as the most popular language used for making automated API requests.</h3>\n <a href=\"#go-surpassed-nodejs-as-the-most-popular-language-used-for-making-automated-api-requests\" aria-hidden=\"true\" class=\"relative sm:absolute sm:-left-5\">\n <svg width=\"16\" height=\"16\" viewBox=\"0 0 24 24\"><path fill=\"currentcolor\" d=\"m12.11 15.39-3.88 3.88a2.52 2.52 0 0 1-3.5 0 2.47 2.47 0 0 1 0-3.5l3.88-3.88a1 1 0 0 0-1.42-1.42l-3.88 3.89a4.48 4.48 0 0 0 6.33 6.33l3.89-3.88a1 1 0 1 0-1.42-1.42Zm8.58-12.08a4.49 4.49 0 0 0-6.33 0l-3.89 3.88a1 1 0 0 0 1.42 1.42l3.88-3.88a2.52 2.52 0 0 1 3.5 0 2.47 2.47 0 0 1 0 3.5l-3.88 3.88a1 1 0 1 0 1.42 1.42l3.88-3.89a4.49 4.49 0 0 0 0-6.33ZM8.83 15.17a1 1 0 0 0 1.1.22 1 1 0 0 0 .32-.22l4.92-4.92a1 1 0 0 0-1.42-1.42l-4.92 4.92a1 1 0 0 0 0 1.42Z\"></path></svg>\n </a>\n </div>\n <p>Many dynamic websites and applications are built on <a href=\"https://blog.cloudflare.com/2024-api-security-report/\"><u>automated API calls</u></a>, and we can use our unique visibility into Web traffic to identify the top languages these API clients are written in. Applying heuristics to API-related requests determined to not be coming from a person using a browser or native mobile application helps us to identify the language used to build the API client.</p><p><a href=\"https://radar.cloudflare.com/year-in-review/2024#api-client-language-popularity\"><u>Our analysis</u></a> found that almost 12% of automated API requests are made by <a href=\"https://go.dev/\"><u>Go</u></a>-based clients, with <a href=\"https://nodejs.org/en/\"><u>NodeJS</u></a>, <a href=\"https://www.python.org/\"><u>Python</u></a>, <a href=\"https://www.java.com/\"><u>Java</u></a>, and <a href=\"https://dotnet.microsoft.com/\"><u>.NET</u></a> holding smaller shares. Compared to <a href=\"https://radar.cloudflare.com/year-in-review/2023#api-client-language-popularity\"><u>2023</u></a>, Go’s share increased by approximately 40%, allowing it to capture the top spot, while NodeJS’s share fell by just over 30%. Python and Java also saw their shares increase, while .NET’s fell.</p>\n <figure class=\"kg-card kg-image-card\">\n <Image src=\"https://cf-assets.www.cloudflare.com/zkvhlag99gkb/7oq8vCSsDq57HNYCbEV59n/9373b727f7f7da45be317ba34d23dcab/adoption_-_api_client_languages.png\" alt=\"adoption - api client languages\" class=\"kg-image\" width=\"1575\" height=\"521\" loading=\"lazy\"/>\n </figure><p><sup><i>Most popular API client languages in 2024</i></sup></p>\n <div class=\"flex anchor relative\">\n <h3 id=\"google-is-the-most-popular-search-engine-globally-across-all-platforms-on-mobile-devices-os-baidu-is-a-distant-second-bing-is-a-distant-second-across-desktop-and-windows-devices-with-duckduckgo-second-most-popular-on-macos\">Google is the most popular search engine globally, across all platforms. On mobile devices/OS, Baidu is a distant second. Bing is a distant second across desktop and Windows devices, with DuckDuckGo second most popular on macOS. </h3>\n <a href=\"#google-is-the-most-popular-search-engine-globally-across-all-platforms-on-mobile-devices-os-baidu-is-a-distant-second-bing-is-a-distant-second-across-desktop-and-windows-devices-with-duckduckgo-second-most-popular-on-macos\" aria-hidden=\"true\" class=\"relative sm:absolute sm:-left-5\">\n <svg width=\"16\" height=\"16\" viewBox=\"0 0 24 24\"><path fill=\"currentcolor\" d=\"m12.11 15.39-3.88 3.88a2.52 2.52 0 0 1-3.5 0 2.47 2.47 0 0 1 0-3.5l3.88-3.88a1 1 0 0 0-1.42-1.42l-3.88 3.89a4.48 4.48 0 0 0 6.33 6.33l3.89-3.88a1 1 0 1 0-1.42-1.42Zm8.58-12.08a4.49 4.49 0 0 0-6.33 0l-3.89 3.88a1 1 0 0 0 1.42 1.42l3.88-3.88a2.52 2.52 0 0 1 3.5 0 2.47 2.47 0 0 1 0 3.5l-3.88 3.88a1 1 0 1 0 1.42 1.42l3.88-3.89a4.49 4.49 0 0 0 0-6.33ZM8.83 15.17a1 1 0 0 0 1.1.22 1 1 0 0 0 .32-.22l4.92-4.92a1 1 0 0 0-1.42-1.42l-4.92 4.92a1 1 0 0 0 0 1.42Z\"></path></svg>\n </a>\n </div>\n <p>Protecting and accelerating websites and applications for millions of customers, Cloudflare is in a unique position to measure search engine market share data. Our methodology uses HTTP’s <a href=\"https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Referer\"><u>referer header</u></a> to identify the search engine sending traffic to customer sites and applications. The market share data is presented as an overall aggregate, as well as broken out by device type and operating system. (Device type and operating system data is derived from the <a href=\"https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/User-Agent\"><u>User-Agent</u></a> and <a href=\"https://developer.mozilla.org/en-US/docs/Web/HTTP/Client_hints\"><u>Client Hints</u></a> headers accompanying a content request.)</p><p>Aggregated at a <a href=\"https://radar.cloudflare.com/year-in-review/2024#search-engine-market-share\"><u>global</u></a> level, Google referred the most traffic to Cloudflare customers, with a greater than 88% share across 2024. Yandex, Baidu, Bing, and DuckDuckGo round out the top five, all with single digit percentage shares. </p>\n <figure class=\"kg-card kg-image-card\">\n <Image src=\"https://cf-assets.www.cloudflare.com/zkvhlag99gkb/7bwTSu9NktZ9chotEmTQhs/fd231b3f13fe4709ca7480546276d2e0/adoption_-_search_engine_overall_worldwide.png\" alt=\"adoption - search engine overall worldwide\" class=\"kg-image\" width=\"1575\" height=\"840\" loading=\"lazy\"/>\n </figure><p><sup><i>Overall worldwide search engine market share in 2024</i></sup></p><p>However, when drilling down by location or platform, differences are apparent in the top search engines and their shares. For example, in <a href=\"https://radar.cloudflare.com/year-in-review/2024/kr#search-engine-market-share\"><u>South Korea</u></a>, Google is responsible for only two-thirds of referrals, while local platform <a href=\"https://www.naver.com/\"><u>Naver</u></a> drives 29.2%, with local portal <a href=\"https://www.daum.net/\"><u>Daum</u></a> also in the top five at 1.3%.</p>\n <figure class=\"kg-card kg-image-card\">\n <Image src=\"https://cf-assets.www.cloudflare.com/zkvhlag99gkb/rxOIPPwpJSt73X1GXH8t4/5597fd261ec7fda2cf357c70479be13f/adoption_-_search_engine_overall_South_Korea.png\" alt=\"adoption - search engine overall South Korea\" class=\"kg-image\" width=\"1575\" height=\"840\" loading=\"lazy\"/>\n </figure><p><sup><i>Overall search engine market share in South Korea in 2024</i></sup></p><p>Google’s dominance is also blunted a bit on Windows devices, where it drives only 80% of referrals globally. Unsurprisingly, Bing holds the second spot for Windows users, with a 10.4% share. Yandex, Yahoo, and DuckDuckGo round out the top 5, all with shares below 5%.</p>\n <figure class=\"kg-card kg-image-card\">\n <Image src=\"https://cf-assets.www.cloudflare.com/zkvhlag99gkb/4sKOs50fTPbchv55J7gQrM/1ce8b0c1287bbd5b35d9e987e2061207/adoption_-_search_engine_overall_worldwide_Windows.png\" alt=\"adoption - search engine overall worldwide Windows\" class=\"kg-image\" width=\"1575\" height=\"840\" loading=\"lazy\"/>\n </figure><p><sup><i>Overall worldwide search engine market share for Windows devices in 2024</i></sup></p><p>For additional details, including search engines aggregated under “Other”, please refer to the quarterly <a href=\"https://radar.cloudflare.com/reports/search-engines\"><u>Search Engine Referral Reports</u></a> on Cloudflare Radar.</p>\n <div class=\"flex anchor relative\">\n <h3 id=\"google-chrome-is-the-most-popular-browser-overall-while-also-true-on-macos-devices-safari-usage-is-well-ahead-of-chrome-on-ios-devices-on-windows-edge-is-the-second-most-popular-browser\">Google Chrome is the most popular browser overall. While also true on MacOS devices, Safari usage is well ahead of Chrome on iOS devices. On Windows, Edge is the second most popular browser. </h3>\n <a href=\"#google-chrome-is-the-most-popular-browser-overall-while-also-true-on-macos-devices-safari-usage-is-well-ahead-of-chrome-on-ios-devices-on-windows-edge-is-the-second-most-popular-browser\" aria-hidden=\"true\" class=\"relative sm:absolute sm:-left-5\">\n <svg width=\"16\" height=\"16\" viewBox=\"0 0 24 24\"><path fill=\"currentcolor\" d=\"m12.11 15.39-3.88 3.88a2.52 2.52 0 0 1-3.5 0 2.47 2.47 0 0 1 0-3.5l3.88-3.88a1 1 0 0 0-1.42-1.42l-3.88 3.89a4.48 4.48 0 0 0 6.33 6.33l3.89-3.88a1 1 0 1 0-1.42-1.42Zm8.58-12.08a4.49 4.49 0 0 0-6.33 0l-3.89 3.88a1 1 0 0 0 1.42 1.42l3.88-3.88a2.52 2.52 0 0 1 3.5 0 2.47 2.47 0 0 1 0 3.5l-3.88 3.88a1 1 0 1 0 1.42 1.42l3.88-3.89a4.49 4.49 0 0 0 0-6.33ZM8.83 15.17a1 1 0 0 0 1.1.22 1 1 0 0 0 .32-.22l4.92-4.92a1 1 0 0 0-1.42-1.42l-4.92 4.92a1 1 0 0 0 0 1.42Z\"></path></svg>\n </a>\n </div>\n <p>Similar to our ability to measure search engine market share, Cloudflare is also in a unique position to measure browser market share. Our methodology uses information from the <a href=\"https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/User-Agent\"><u>User-Agent</u></a> and <a href=\"https://developer.mozilla.org/en-US/docs/Web/HTTP/Client_hints\"><u>Client Hints</u></a> headers to identify the browser making content requests, along with the associated operating system. Browser market share data is presented as an overall aggregate, as well as broken out by device type and operating system. Note that the shares of browsers available on both desktop and mobile devices, such as Chrome or Safari, are presented in aggregate.</p><p><a href=\"https://radar.cloudflare.com/year-in-review/2024#browser-market-share\"><u>Globally</u></a>, we found that 65.8% of requests came from Google’s Chrome browser across 2024, and that just 15.5% came from Apple’s Safari browser. Microsoft Edge, Mozilla Firefox, and the <a href=\"https://www.samsung.com/us/support/owners/app/samsung-internet\"><u>Samsung Internet browser</u></a> rounded out the top five, all with shares below 10%.</p>\n <figure class=\"kg-card kg-image-card\">\n <Image src=\"https://cf-assets.www.cloudflare.com/zkvhlag99gkb/1bEuEbqSrAqe57gnBTeL6c/4426dc0dbc8869d05344433535e0698a/adoption_-_browser_overall_worldwide.png\" alt=\"adoption - browser overall worldwide\" class=\"kg-image\" width=\"1575\" height=\"840\" loading=\"lazy\"/>\n </figure><p><sup><i>Overall worldwide web browser market share in 2024</i></sup></p><p>Similar to the search engine statistics discussed above, differences are clearly visible when drilling down by location or platform. In some countries where iOS holds a larger market share than Android, Chrome remains the leading browser, but by a much lower margin. For example, in <a href=\"https://radar.cloudflare.com/year-in-review/2024/se#browser-market-share\"><u>Sweden</u></a>, Chrome’s share fell to 56.2%, while Safari’s increased to 22.5%. In <a href=\"https://radar.cloudflare.com/year-in-review/2024/no#browser-market-share\"><u>Norway</u></a>, Chrome fell to just 50%, while Safari grew to 25.6%.</p>\n <figure class=\"kg-card kg-image-card\">\n <Image src=\"https://cf-assets.www.cloudflare.com/zkvhlag99gkb/2Dkt8A1HuUpg61G8GYkEXs/5c2649e96d2959a2606afa9d932d5b82/adoption_-_browser_overall_Norway.png\" alt=\"adoption - browser overall Norway\" class=\"kg-image\" width=\"1575\" height=\"840\" loading=\"lazy\"/>\n </figure><p><sup><i>Overall web browser market share in Norway in 2024</i></sup></p><p>As the default browser on devices running iOS, Apple Safari was the most popular browser for iOS devices, commanding an 81.7% market share across the year, with Chrome at just 16.1%. And despite being the preinstalled default browser on Windows devices, Edge held just a 17.3% share, in comparison to Chrome’s 68.5%</p>\n <figure class=\"kg-card kg-image-card\">\n <Image src=\"https://cf-assets.www.cloudflare.com/zkvhlag99gkb/5Hvnf7VPBuVTjba0P1bGRU/6d6e31c609a54c8248afe120576210aa/adoption_-_browser_overall_worldwide_iOS.png\" alt=\"adoption - browser overall worldwide iOS\" class=\"kg-image\" width=\"1575\" height=\"840\" loading=\"lazy\"/>\n </figure><p><sup><i>Overall worldwide web browser market share for iOS devices in 2024</i></sup></p><p>For additional details, including browsers aggregated under “Other”, please refer to the quarterly <u>Browser Market Share Reports</u> on Cloudflare Radar.</p>\n <div class=\"flex anchor relative\">\n <h2 id=\"connectivity\">Connectivity</h2>\n <a href=\"#connectivity\" aria-hidden=\"true\" class=\"relative sm:absolute sm:-left-5\">\n <svg width=\"16\" height=\"16\" viewBox=\"0 0 24 24\"><path fill=\"currentcolor\" d=\"m12.11 15.39-3.88 3.88a2.52 2.52 0 0 1-3.5 0 2.47 2.47 0 0 1 0-3.5l3.88-3.88a1 1 0 0 0-1.42-1.42l-3.88 3.89a4.48 4.48 0 0 0 6.33 6.33l3.89-3.88a1 1 0 1 0-1.42-1.42Zm8.58-12.08a4.49 4.49 0 0 0-6.33 0l-3.89 3.88a1 1 0 0 0 1.42 1.42l3.88-3.88a2.52 2.52 0 0 1 3.5 0 2.47 2.47 0 0 1 0 3.5l-3.88 3.88a1 1 0 1 0 1.42 1.42l3.88-3.89a4.49 4.49 0 0 0 0-6.33ZM8.83 15.17a1 1 0 0 0 1.1.22 1 1 0 0 0 .32-.22l4.92-4.92a1 1 0 0 0-1.42-1.42l-4.92 4.92a1 1 0 0 0 0 1.42Z\"></path></svg>\n </a>\n </div>\n \n <figure class=\"kg-card kg-image-card\">\n <Image src=\"https://cf-assets.www.cloudflare.com/zkvhlag99gkb/7xC8lBdDHpahlvkJrf1nI9/7b050dc62c1628e3a5ab3a9418e572d3/2627_Rocket.png\" alt=\"2627 Rocket\" class=\"kg-image\" width=\"1999\" height=\"417\" loading=\"lazy\"/>\n </figure>\n <div class=\"flex anchor relative\">\n <h3 id=\"225-major-internet-outages-were-observed-around-the-world-in-2024-with-many-due-to-government-directed-regional-and-national-shutdowns-of-internet-connectivity\">225 major Internet outages were observed around the world in 2024, with many due to government-directed regional and national shutdowns of Internet connectivity.</h3>\n <a href=\"#225-major-internet-outages-were-observed-around-the-world-in-2024-with-many-due-to-government-directed-regional-and-national-shutdowns-of-internet-connectivity\" aria-hidden=\"true\" class=\"relative sm:absolute sm:-left-5\">\n <svg width=\"16\" height=\"16\" viewBox=\"0 0 24 24\"><path fill=\"currentcolor\" d=\"m12.11 15.39-3.88 3.88a2.52 2.52 0 0 1-3.5 0 2.47 2.47 0 0 1 0-3.5l3.88-3.88a1 1 0 0 0-1.42-1.42l-3.88 3.89a4.48 4.48 0 0 0 6.33 6.33l3.89-3.88a1 1 0 1 0-1.42-1.42Zm8.58-12.08a4.49 4.49 0 0 0-6.33 0l-3.89 3.88a1 1 0 0 0 1.42 1.42l3.88-3.88a2.52 2.52 0 0 1 3.5 0 2.47 2.47 0 0 1 0 3.5l-3.88 3.88a1 1 0 1 0 1.42 1.42l3.88-3.89a4.49 4.49 0 0 0 0-6.33ZM8.83 15.17a1 1 0 0 0 1.1.22 1 1 0 0 0 .32-.22l4.92-4.92a1 1 0 0 0-1.42-1.42l-4.92 4.92a1 1 0 0 0 0 1.42Z\"></path></svg>\n </a>\n </div>\n <p>Throughout 2024, as we have over the last several years, we have written frequently about observed Internet outages, whether due to <a href=\"https://blog.cloudflare.com/east-african-internet-connectivity-again-impacted-by-submarine-cable-cuts\"><u>cable cuts</u></a>, <a href=\"https://blog.cloudflare.com/impact-of-verizons-september-30-outage-on-internet-traffic/\"><u>unspecified technical issues</u></a>, <a href=\"https://blog.cloudflare.com/syria-iraq-algeria-exam-internet-shutdown\"><u>government-directed shutdowns</u></a>, or a number of other reasons covered in our quarterly summary posts (<a href=\"https://blog.cloudflare.com/q1-2024-internet-disruption-summary\"><u>Q1</u></a>, <a href=\"https://blog.cloudflare.com/q2-2024-internet-disruption-summary\"><u>Q2</u></a>, <a href=\"https://blog.cloudflare.com/q3-2024-internet-disruption-summary\"><u>Q3</u></a>). The impacts of these outages can be significant, including significant economic losses and severely limited communications. The <a href=\"https://radar.cloudflare.com/outage-center\"><u>Cloudflare Radar Outage Center</u></a> tracks these Internet outages, and uses Cloudflare traffic data for insights into their scope and duration.</p><p>Some of the outages seen through the year were short-lived, lasting just a few hours, while others stretched on for days or weeks. In the latter category, an Internet outage in <a href=\"https://blog.cloudflare.com/q3-2024-internet-disruption-summary/#haiti\"><u>Haiti</u></a> dragged on for eight days in September because repair crews were barred from accessing a damaged submarine cable due to a business dispute, while shutdowns of mobile and fixed Internet providers in <a href=\"https://blog.cloudflare.com/q3-2024-internet-disruption-summary/#bangladesh\"><u>Bangladesh</u></a> lasted for approximately 10 days in July. In the former category, <a href=\"https://blog.cloudflare.com/q3-2024-internet-disruption-summary/#iraqi-kurdistan\"><u>Iraq</u></a> frequently experienced multi-hour nationwide Internet shutdowns intended to prevent cheating on academic exams — these contribute to the clustering visible in the timeline during June, July, August, and September.</p><p>Within the <a href=\"https://radar.cloudflare.com/year-in-review/2024#internet-outages\"><u>timeline</u></a> on the Year in Review microsite, hovering over a dot will display metadata about that outage, and clicking on it will open a page with additional information. Below the map and timeline, we have added a bar graph illustrating the recorded reasons associated with the observed outages. In 2024, over half were due to government-directed shutdowns. If a country/region is selected, only outages and reasons for that country/region will be displayed.</p>\n <figure class=\"kg-card kg-image-card\">\n <Image src=\"https://cf-assets.www.cloudflare.com/zkvhlag99gkb/VDxaH2IkD28RXrcStCn8j/39ce7ad40f6a3d59e155ff09664f80e0/connectivity_-_Internet_outage_map.png\" alt=\"connectivity - Internet outage map\" class=\"kg-image\" width=\"1575\" height=\"1151\" loading=\"lazy\"/>\n </figure><p><sup><i>Over 200 Internet outages were observed around the world during 2024</i></sup></p>\n <div class=\"flex anchor relative\">\n <h3 id=\"aggregated-across-2024-28-5-of-ipv6-capable-requests-were-made-over-ipv6-india-and-malaysia-were-the-strongest-countries-at-68-9-and-59-6-ipv6-adoption-respectively\">Aggregated across 2024, 28.5% of IPv6-capable requests were made over IPv6. India and Malaysia were the strongest countries, at 68.9% and 59.6% IPv6 adoption respectively.</h3>\n <a href=\"#aggregated-across-2024-28-5-of-ipv6-capable-requests-were-made-over-ipv6-india-and-malaysia-were-the-strongest-countries-at-68-9-and-59-6-ipv6-adoption-respectively\" aria-hidden=\"true\" class=\"relative sm:absolute sm:-left-5\">\n <svg width=\"16\" height=\"16\" viewBox=\"0 0 24 24\"><path fill=\"currentcolor\" d=\"m12.11 15.39-3.88 3.88a2.52 2.52 0 0 1-3.5 0 2.47 2.47 0 0 1 0-3.5l3.88-3.88a1 1 0 0 0-1.42-1.42l-3.88 3.89a4.48 4.48 0 0 0 6.33 6.33l3.89-3.88a1 1 0 1 0-1.42-1.42Zm8.58-12.08a4.49 4.49 0 0 0-6.33 0l-3.89 3.88a1 1 0 0 0 1.42 1.42l3.88-3.88a2.52 2.52 0 0 1 3.5 0 2.47 2.47 0 0 1 0 3.5l-3.88 3.88a1 1 0 1 0 1.42 1.42l3.88-3.89a4.49 4.49 0 0 0 0-6.33ZM8.83 15.17a1 1 0 0 0 1.1.22 1 1 0 0 0 .32-.22l4.92-4.92a1 1 0 0 0-1.42-1.42l-4.92 4.92a1 1 0 0 0 0 1.42Z\"></path></svg>\n </a>\n </div>\n <p>The IPv4 protocol still used by many Internet-connected devices was developed in the 1970s, and was never meant to handle the vast and growing scale of the modern Internet. An <a href=\"https://www.rfc-editor.org/rfc/rfc1883\"><u>initial specification for its successor</u></a>, IPv6, was published in December 1995, evolving to a <a href=\"https://www.rfc-editor.org/rfc/rfc2460\"><u>draft standard</u></a> three years later, offering an expanded address space intended to better support the expected growth in the number of Internet-connected devices. At this point, available IPv4 space has long since been <a href=\"https://ipv4.potaroo.net/\"><u>exhausted</u></a>, and connectivity providers use solutions like <a href=\"https://en.wikipedia.org/wiki/Network_address_translation\"><u>Network Address Translation</u></a> to stretch limited IPv4 resources. Hungry for IPv4 address space as their businesses and infrastructure grow, cloud and hosting providers are acquiring blocks of IPv4 address space for <a href=\"https://auctions.ipv4.global/\"><u>as much as \\$30 - \\$50 per address</u></a>. </p><p>Cloudflare has been a vocal and active advocate for IPv6 since 2011, when we announced our <a href=\"https://blog.cloudflare.com/introducing-cloudflares-automatic-ipv6-gatewa/\"><u>Automatic IPv6 Gateway</u></a>, which enabled free IPv6 support for all of our customers. In 2014, we enabled <a href=\"https://blog.cloudflare.com/i-joined-cloudflare-on-monday-along-with-5-000-others\"><u>IPv6 support by default for all of our customers</u></a>, but not all customers choose to keep it enabled for a variety of reasons. Note that server-side support is only half of the equation for driving IPv6 adoption, as end user connections need to support it as well. (In reality, it is a bit more complex than that, but server and client side support across applications, operating systems, and network environments are the two primary requirements. From a network perspective, implementing IPv6 also brings a number of other <a href=\"https://www.catchpoint.com/benefits-of-ipv6\"><u>benefits</u></a>.) By analyzing the IP version used for each request made to Cloudflare, aggregated throughout the year, we can get insight into the distribution of traffic by the various versions of the protocol.</p><p>At a <a href=\"https://radar.cloudflare.com/year-in-review/2024#ipv6-adoption\"><u>global</u></a> level, 28.5% of IPv6-capable (“<a href=\"https://www.techopedia.com/definition/19025/dual-stack-network\"><u>dual-stack</u></a>”) requests were made over IPv6, up from 26.4% in <a href=\"https://radar.cloudflare.com/year-in-review/2024?previousYear=true\"><u>2023</u></a>. <a href=\"https://radar.cloudflare.com/year-in-review/2024/in#ipv6-adoption\"><u>India</u></a> was again the country with the highest level of IPv6 adoption, at 68.9%, carried in large part by <a href=\"https://radar.cloudflare.com/adoption-and-usage/as55836?dateStart=2024-01-01&dateEnd=2024-12-01\"><u>94% IPv6 adoption at Reliance Jio</u></a>, one of the country’s largest Internet service providers. India was followed closely by <a href=\"https://radar.cloudflare.com/year-in-review/2024/my#ipv6-adoption\"><u>Malaysia</u></a>, where 59.6% of dual-stacked requests were made over IPv6 during 2024, thanks to <a href=\"https://radar.cloudflare.com/explorer?dataSet=http&groupBy=ases&loc=MY&dt=14d&metric=ip_version%2FIPv6\"><u>strong IPv6 adoption rates across leading Internet providers</u></a> within the country. IPv6 adoption in India was up from 66% in <a href=\"https://radar.cloudflare.com/year-in-review/2024/in?previousYear=true#ipv6-adoption\"><u>2023</u></a>, and in Malaysia, it was up from 57.3% <a href=\"https://radar.cloudflare.com/year-in-review/2024/my?previousYear=true#ipv6-adoption\"><u>last year</u></a>. <a href=\"https://radar.cloudflare.com/year-in-review/2024/sa#ipv6-adoption\"><u>Saudi Arabia</u></a> was the only other country with an IPv6 adoption rate above 50% this year, at 51.8%, whereas that list also included <a href=\"https://radar.cloudflare.com/year-in-review/2023/vn#ipv6-adoption\"><u>Vietnam</u></a>, <a href=\"https://radar.cloudflare.com/year-in-review/2023/gr#ipv6-adoption\"><u>Greece</u></a>, <a href=\"https://radar.cloudflare.com/year-in-review/2023/fr#ipv6-adoption\"><u>France</u></a>, <a href=\"https://radar.cloudflare.com/year-in-review/2023/uy#ipv6-adoption\"><u>Uruguay</u></a>, and <a href=\"https://radar.cloudflare.com/year-in-review/2023/th#ipv6-adoption\"><u>Thailand</u></a> in 2023. Thirty four countries/regions, including many in Africa, still have IPv6 adoption rates below 1%, while a total of 96 countries/regions have adoption rates below 10%.</p>\n <figure class=\"kg-card kg-image-card\">\n <Image src=\"https://cf-assets.www.cloudflare.com/zkvhlag99gkb/48L0qRLujnWQRuJ8ZMa8Ed/ac5209577812dd556d275279d4740041/connectivity_-_IPv6_adoption.png\" alt=\"connectivity - IPv6 adoption\" class=\"kg-image\" width=\"1575\" height=\"268\" loading=\"lazy\"/>\n </figure><p><sup><i>Global distribution of traffic by IP version in 2024</i></sup></p>\n <figure class=\"kg-card kg-image-card\">\n <Image src=\"https://cf-assets.www.cloudflare.com/zkvhlag99gkb/NjeXm7lfs7ZGM3Gn5ToZM/3b401894664cb22347db1a8d8a2bfdc8/connectivity_-_IPv6_adoption_top_5.png\" alt=\"connectivity - IPv6 adoption top 5\" class=\"kg-image\" width=\"967\" height=\"556\" loading=\"lazy\"/>\n </figure><p><sup><i>Countries/regions with the largest shares of IPv6 traffic in 2024</i></sup></p>\n <div class=\"flex anchor relative\">\n <h3 id=\"the-top-10-countries-ranked-by-internet-speed-all-had-average-download-speeds-above-200-mbps-spain-was-consistently-among-the-top-locations-across-measured-internet-quality-metrics\">The top 10 countries ranked by Internet speed all had average download speeds above 200 Mbps. Spain was consistently among the top locations across measured Internet quality metrics.</h3>\n <a href=\"#the-top-10-countries-ranked-by-internet-speed-all-had-average-download-speeds-above-200-mbps-spain-was-consistently-among-the-top-locations-across-measured-internet-quality-metrics\" aria-hidden=\"true\" class=\"relative sm:absolute sm:-left-5\">\n <svg width=\"16\" height=\"16\" viewBox=\"0 0 24 24\"><path fill=\"currentcolor\" d=\"m12.11 15.39-3.88 3.88a2.52 2.52 0 0 1-3.5 0 2.47 2.47 0 0 1 0-3.5l3.88-3.88a1 1 0 0 0-1.42-1.42l-3.88 3.89a4.48 4.48 0 0 0 6.33 6.33l3.89-3.88a1 1 0 1 0-1.42-1.42Zm8.58-12.08a4.49 4.49 0 0 0-6.33 0l-3.89 3.88a1 1 0 0 0 1.42 1.42l3.88-3.88a2.52 2.52 0 0 1 3.5 0 2.47 2.47 0 0 1 0 3.5l-3.88 3.88a1 1 0 1 0 1.42 1.42l3.88-3.89a4.49 4.49 0 0 0 0-6.33ZM8.83 15.17a1 1 0 0 0 1.1.22 1 1 0 0 0 .32-.22l4.92-4.92a1 1 0 0 0-1.42-1.42l-4.92 4.92a1 1 0 0 0 0 1.42Z\"></path></svg>\n </a>\n </div>\n <p>As more and more of our everyday lives move online, including entertainment, work, education, finance, shopping, and even basic social and personal interaction, the quality of our Internet connections is arguably more important than ever, necessitating higher connection speeds and lower latency. Although Internet providers continue to evolve their service portfolios to offer increased connection speeds and reduced latency in order to support growth in use cases like videoconferencing, live streaming, and online gaming, consumer adoption is often mixed due to cost, availability, or other issues. By aggregating the results of <a href=\"https://speed.cloudflare.com/\"><u>speed.cloudflare.com</u></a> tests taken during 2024, we can get a geographic perspective on <a href=\"https://developers.cloudflare.com/radar/glossary/#connection-quality\"><u>connection quality</u></a> metrics including average download and upload speeds, and average idle and loaded latencies, as well as the distribution of the measurements.</p><p>In <a href=\"https://radar.cloudflare.com/year-in-review/2024#internet-quality\"><u>2024</u></a>, Spain was a leader in download speed (292.6 Mbps) and upload speed (192.6 Mbps) metrics, and placed second globally for loaded latency (78.6 ms). (Loaded latency is the round-trip time when data-heavy applications are being used on the network.) Spain’s leadership in these connection quality metrics is supported by the strong progress that the country has made <a href=\"https://ec.europa.eu/newsroom/dae/redirection/document/106695\"><u>towards achieving the EU’s “Digital Decade” objectives</u></a>, including fixed very high capacity network (VHCN) deployment, fiber-to-the-premises (FTTP) coverage, and 5G coverage with the latter two <a href=\"https://www.trade.gov/country-commercial-guides/spain-digital-economy\"><u>reaching</u></a> 95.2% and 92.3% respectively. High speed fiber broadband connections are also relatively affordable, with research showing major providers offering 100 Mbps, 300 Mbps, 600 Mbps, and 1 Gbps packages, with the latter priced between €30 and €46 per month. The figures below for <a href=\"https://radar.cloudflare.com/year-in-review/2024/es#internet-quality\"><u>Spain</u></a> show the largest clusters of speed measurements around the 100 Mbps mark, with slight bumps also visible around 300 Mbps, suggesting that the former package has the highest subscription rate, followed by the latter. Further, they show these connections are also relatively low latency, with 87% of idle latency measurements below 50 ms and 65% of loaded latency measurements below 100 ms, providing users with good <a href=\"https://www.screenbeam.com/wifihelp/wifibooster/how-to-reduce-latency-or-lag-in-gaming-2/#:~:text=Latency%20is%20measured%20in%20milliseconds,%2C%2020%2D40ms%20is%20optimal.\"><u>gaming</u></a> and <a href=\"https://www.haivision.com/glossary/video-latency/#:~:text=Low%20latency%20is%20typically%20defined,and%20streaming%20previously%20recorded%20events.\"><u>videoconferencing/streaming</u></a> experiences.</p>\n <figure class=\"kg-card kg-image-card\">\n <Image src=\"https://cf-assets.www.cloudflare.com/zkvhlag99gkb/51PcbNyPpAQX79gYg0SxIU/a784aaadd65822d3384f1463570a6129/connectivity_-_Spain_bandwidth.png\" alt=\"connectivity - Spain bandwidth\" class=\"kg-image\" width=\"1575\" height=\"485\" loading=\"lazy\"/>\n </figure><p><sup><i>Measured download/upload speed distribution in Spain in 2024</i></sup></p>\n <figure class=\"kg-card kg-image-card\">\n <Image src=\"https://cf-assets.www.cloudflare.com/zkvhlag99gkb/3Refsg6ctWdHNzscsoIDDF/75da3336fa1e31fd71a2188787944a57/connectivity_-_Spain_latency.png\" alt=\"connectivity - Spain latency\" class=\"kg-image\" width=\"1575\" height=\"485\" loading=\"lazy\"/>\n </figure><p><sup><i>Measured idle/loaded latency distribution in Spain in 2024</i></sup></p>\n <div class=\"flex anchor relative\">\n <h3 id=\"41-3-of-global-traffic-comes-from-mobile-devices-in-nearly-100-countries-regions-the-majority-of-traffic-comes-from-mobile-devices\">41.3% of global traffic comes from mobile devices. In nearly 100 countries/regions, the majority of traffic comes from mobile devices.</h3>\n <a href=\"#41-3-of-global-traffic-comes-from-mobile-devices-in-nearly-100-countries-regions-the-majority-of-traffic-comes-from-mobile-devices\" aria-hidden=\"true\" class=\"relative sm:absolute sm:-left-5\">\n <svg width=\"16\" height=\"16\" viewBox=\"0 0 24 24\"><path fill=\"currentcolor\" d=\"m12.11 15.39-3.88 3.88a2.52 2.52 0 0 1-3.5 0 2.47 2.47 0 0 1 0-3.5l3.88-3.88a1 1 0 0 0-1.42-1.42l-3.88 3.89a4.48 4.48 0 0 0 6.33 6.33l3.89-3.88a1 1 0 1 0-1.42-1.42Zm8.58-12.08a4.49 4.49 0 0 0-6.33 0l-3.89 3.88a1 1 0 0 0 1.42 1.42l3.88-3.88a2.52 2.52 0 0 1 3.5 0 2.47 2.47 0 0 1 0 3.5l-3.88 3.88a1 1 0 1 0 1.42 1.42l3.88-3.89a4.49 4.49 0 0 0 0-6.33ZM8.83 15.17a1 1 0 0 0 1.1.22 1 1 0 0 0 .32-.22l4.92-4.92a1 1 0 0 0-1.42-1.42l-4.92 4.92a1 1 0 0 0 0 1.42Z\"></path></svg>\n </a>\n </div>\n <p>With approximately <a href=\"https://www.statista.com/topics/840/smartphones/#topicOverview\"><u>70% of the world’s population using smartphones</u></a>, and <a href=\"https://www.pewresearch.org/internet/fact-sheet/mobile/\"><u>91% of Americans owning a smartphone</u></a>, these mobile devices have become an integral part of both our personal and professional lives, providing us with Internet access from nearly any place at any time. In some countries/regions, mobile devices primarily connect to the Internet via Wi-Fi, while other countries/regions are “mobile first”, where 4G/5G services are the primary means of Internet access.</p><p>Analysis of information contained with the user agent reported with each request to Cloudflare enables us to categorize it as coming from a mobile, desktop, or other type of device. Aggregating this categorization throughout the year at a <a href=\"https://radar.cloudflare.com/year-in-review/2024#mobile-vs-desktop\"><u>global</u></a> level, we found that 41.3% of traffic came from mobile devices, with 58.7% coming from desktop devices such as laptops and “classic” PCs. These traffic shares were in line with those measured in both <a href=\"https://radar.cloudflare.com/year-in-review/2023#mobile-vs-desktop\"><u>2023</u></a> and 2022, suggesting that mobile device usage has achieved a “steady state”. Over 77% of traffic came from mobile devices in <a href=\"https://radar.cloudflare.com/year-in-review/2024/sd#mobile-vs-desktop\"><u>Sudan</u></a>, <a href=\"https://radar.cloudflare.com/year-in-review/2024/cu#mobile-vs-desktop\"><u>Cuba</u></a>, and <a href=\"https://radar.cloudflare.com/year-in-review/2024/sy#mobile-vs-desktop\"><u>Syria</u></a>, making them the countries/regions with the largest mobile device traffic share in 2024. Other countries/regions that had more than 50% of traffic come from mobile devices were concentrated in the Middle East/Africa, the Asia Pacific region, and South/Central America. </p>\n <figure class=\"kg-card kg-image-card\">\n <Image src=\"https://cf-assets.www.cloudflare.com/zkvhlag99gkb/9bsuRwzYBybYpOiKqwLja/cbdafb60eab1913a91ec916899d1e807/connectivity_-_mobile_desktop.png\" alt=\"connectivity - mobile desktop\" class=\"kg-image\" width=\"1575\" height=\"268\" loading=\"lazy\"/>\n </figure><p><sup><i>Global distribution of traffic by device type in 2024</i></sup></p>\n <figure class=\"kg-card kg-image-card\">\n <Image src=\"https://cf-assets.www.cloudflare.com/zkvhlag99gkb/KRujuREGMTBvLHVAHonuU/ad575fdd822ee3ee0bcabd41a96ef736/connectivity_-_mobile_desktop_top_5.png\" alt=\"connectivity - mobile desktop top 5\" class=\"kg-image\" width=\"967\" height=\"556\" loading=\"lazy\"/>\n </figure><p><sup><i>Countries/regions with the largest shares of mobile device usage in 2024</i></sup></p>\n <div class=\"flex anchor relative\">\n <h3 id=\"20-7-of-tcp-connections-are-unexpectedly-terminated-before-any-useful-data-can-be-exchanged\">20.7% of TCP connections are unexpectedly terminated before any useful data can be exchanged.</h3>\n <a href=\"#20-7-of-tcp-connections-are-unexpectedly-terminated-before-any-useful-data-can-be-exchanged\" aria-hidden=\"true\" class=\"relative sm:absolute sm:-left-5\">\n <svg width=\"16\" height=\"16\" viewBox=\"0 0 24 24\"><path fill=\"currentcolor\" d=\"m12.11 15.39-3.88 3.88a2.52 2.52 0 0 1-3.5 0 2.47 2.47 0 0 1 0-3.5l3.88-3.88a1 1 0 0 0-1.42-1.42l-3.88 3.89a4.48 4.48 0 0 0 6.33 6.33l3.89-3.88a1 1 0 1 0-1.42-1.42Zm8.58-12.08a4.49 4.49 0 0 0-6.33 0l-3.89 3.88a1 1 0 0 0 1.42 1.42l3.88-3.88a2.52 2.52 0 0 1 3.5 0 2.47 2.47 0 0 1 0 3.5l-3.88 3.88a1 1 0 1 0 1.42 1.42l3.88-3.89a4.49 4.49 0 0 0 0-6.33ZM8.83 15.17a1 1 0 0 0 1.1.22 1 1 0 0 0 .32-.22l4.92-4.92a1 1 0 0 0-1.42-1.42l-4.92 4.92a1 1 0 0 0 0 1.42Z\"></path></svg>\n </a>\n </div>\n <p>Cloudflare is in a unique position to help measure the health and behaviors of Internet networks around the world. One way we do this is passively measuring rates of connections to Cloudflare that appear <i>anomalous</i>, meaning that they are unexpectedly terminated before any useful data exchange occurs. The underlying causes of connection anomalies are varied and range from DoS attacks to quirky client behavior to third-party connection tampering (e.g., when a network monitors and selectively disrupts connections to filter content).</p><p>Connection anomalies are symptoms — visible signs that “something abnormal” is happening in a network, but the underlying root cause is not always clear from the outset. However, we can gain a better understanding by incorporating previously-reported network behaviors, active measurements and on-the-ground reports, and macro trends across networks. Additional details on such analysis can be found in the blog posts <a href=\"https://blog.cloudflare.com/connection-tampering/\"><i><u>A global assessment of third-party connection tampering</u></i></a> and<a href=\"https://blog.cloudflare.com/tcp-resets-timeouts/\"> <i><u>Bringing insights into TCP resets and timeouts to Cloudflare Radar</u></i></a>.</p><p>Insights into TCP connection anomalies were <a href=\"https://blog.cloudflare.com/tcp-resets-timeouts/\"><u>launched on Cloudflare Radar</u></a> in September, with the plot lines in the associated graph corresponding to the stage of the TCP connection in which the connection anomalously closed (using shorthand, the first three messages we typically receive from the client in a TCP connection are “SYN” and “ACK” packets to establish a connection, and then a “PSH” packet indicating the requested resource). In aggregate <a href=\"https://radar.cloudflare.com/year-in-review/2024#tcp-connection-anomalies\"><u>globally</u></a>, over 20% of connections to Cloudflare were terminated unexpectedly, with the largest share (nearly half) being closed “Post SYN” — that is, after our server has received a client’s SYN packet, but before we have received a subsequent acknowledgement (ACK) from the client or any useful data that would follow the acknowledgement. These terminations can often be attributed to DoS attacks or Internet scanning. Post-ACK (3.1% globally) and Post-PSH (1.4% globally) anomalies are more often associated with connection tampering, especially when they occur at high rates in specific networks.</p>\n <figure class=\"kg-card kg-image-card\">\n <Image src=\"https://cf-assets.www.cloudflare.com/zkvhlag99gkb/11XcEAXkMgOhytTbCsf21J/159fa2459ebc6b9c268bd5d8455213ba/connectivity_-_TCP_connection_anomalies.png\" alt=\"connectivity - TCP connection anomalies\" class=\"kg-image\" width=\"1575\" height=\"840\" loading=\"lazy\"/>\n </figure><p><sup><i>Trends in TCP connection anomalies by stage in 2024</i></sup></p>\n <div class=\"flex anchor relative\">\n <h2 id=\"security\">Security</h2>\n <a href=\"#security\" aria-hidden=\"true\" class=\"relative sm:absolute sm:-left-5\">\n <svg width=\"16\" height=\"16\" viewBox=\"0 0 24 24\"><path fill=\"currentcolor\" d=\"m12.11 15.39-3.88 3.88a2.52 2.52 0 0 1-3.5 0 2.47 2.47 0 0 1 0-3.5l3.88-3.88a1 1 0 0 0-1.42-1.42l-3.88 3.89a4.48 4.48 0 0 0 6.33 6.33l3.89-3.88a1 1 0 1 0-1.42-1.42Zm8.58-12.08a4.49 4.49 0 0 0-6.33 0l-3.89 3.88a1 1 0 0 0 1.42 1.42l3.88-3.88a2.52 2.52 0 0 1 3.5 0 2.47 2.47 0 0 1 0 3.5l-3.88 3.88a1 1 0 1 0 1.42 1.42l3.88-3.89a4.49 4.49 0 0 0 0-6.33ZM8.83 15.17a1 1 0 0 0 1.1.22 1 1 0 0 0 .32-.22l4.92-4.92a1 1 0 0 0-1.42-1.42l-4.92 4.92a1 1 0 0 0 0 1.42Z\"></path></svg>\n </a>\n </div>\n \n <figure class=\"kg-card kg-image-card\">\n <Image src=\"https://cf-assets.www.cloudflare.com/zkvhlag99gkb/4CkCPZHGlR8gQQQrXt0b5H/cfd3faabbe406fd348b8751825bc43e5/2627_Shield_Globe.png\" alt=\"2627 Shield Globe\" class=\"kg-image\" width=\"1999\" height=\"417\" loading=\"lazy\"/>\n </figure>\n <div class=\"flex anchor relative\">\n <h3 id=\"6-5-of-global-traffic-was-mitigated-by-cloudflares-systems-as-being-potentially-malicious-or-for-customer-defined-reasons\">6.5% of global traffic was mitigated by Cloudflare's systems as being potentially malicious or for customer-defined reasons.</h3>\n <a href=\"#6-5-of-global-traffic-was-mitigated-by-cloudflares-systems-as-being-potentially-malicious-or-for-customer-defined-reasons\" aria-hidden=\"true\" class=\"relative sm:absolute sm:-left-5\">\n <svg width=\"16\" height=\"16\" viewBox=\"0 0 24 24\"><path fill=\"currentcolor\" d=\"m12.11 15.39-3.88 3.88a2.52 2.52 0 0 1-3.5 0 2.47 2.47 0 0 1 0-3.5l3.88-3.88a1 1 0 0 0-1.42-1.42l-3.88 3.89a4.48 4.48 0 0 0 6.33 6.33l3.89-3.88a1 1 0 1 0-1.42-1.42Zm8.58-12.08a4.49 4.49 0 0 0-6.33 0l-3.89 3.88a1 1 0 0 0 1.42 1.42l3.88-3.88a2.52 2.52 0 0 1 3.5 0 2.47 2.47 0 0 1 0 3.5l-3.88 3.88a1 1 0 1 0 1.42 1.42l3.88-3.89a4.49 4.49 0 0 0 0-6.33ZM8.83 15.17a1 1 0 0 0 1.1.22 1 1 0 0 0 .32-.22l4.92-4.92a1 1 0 0 0-1.42-1.42l-4.92 4.92a1 1 0 0 0 0 1.42Z\"></path></svg>\n </a>\n </div>\n <p>To <a href=\"https://www.cloudflare.com/products/zero-trust/threat-defense/\"><u>protect customers from threats</u></a> posed by malicious bots used to attack websites and applications, Cloudflare mitigates this attack traffic using <a href=\"https://www.cloudflare.com/learning/ddos/what-is-a-ddos-attack/\"><u>DDoS</u></a> mitigation techniques or <a href=\"https://developers.cloudflare.com/waf/managed-rules/\"><u>Web Application Firewall (WAF) Managed Rules</u></a>. For a variety of other reasons, customers may also want Cloudflare to mitigate traffic using techniques like <a href=\"https://developers.cloudflare.com/waf/rate-limiting-rules/\"><u>rate-limiting</u></a> requests, or <a href=\"https://developers.cloudflare.com/waf/tools/ip-access-rules/\"><u>blocking all traffic from a given location</u></a>, even if it isn’t malicious. Analyzing traffic to Cloudflare’s network throughout 2024, we looked at the overall share that was mitigated for any reason, as well as the share that was blocked as a DDoS attack or by WAF Managed Rules. </p><p>In 2024, <a href=\"https://radar.cloudflare.com/year-in-review/2024#mitigated-traffic\"><u>6.5% of global traffic was mitigated</u></a>, up almost one percentage point from <a href=\"https://radar.cloudflare.com/year-in-review/2023#mitigated-traffic\"><u>2023</u></a>. Just 3.2% was mitigated as a DDoS attack, or by WAF Managed Rules, a rate slightly higher than in 2023. More than 10% of the traffic originating from 44 countries/regions had mitigations generally applied, while DDoS/WAF mitigations were applied to more than 10% of the traffic originating from just seven countries/regions.</p><p>At a country/region level, <a href=\"https://radar.cloudflare.com/year-in-review/2024/al?#mitigated-traffic\"><u>Albania</u></a> had one of the highest mitigated traffic shares throughout the year, at 42.9%, while <a href=\"https://radar.cloudflare.com/year-in-review/2024/ly#mitigated-traffic\"><u>Libya</u></a> had one of the highest shares of traffic that was mitigated as a DDoS attack or by WAF Managed Rules, at 19.2%. In <a href=\"https://blog.cloudflare.com/radar-2023-year-in-review/#just-under-6-of-global-traffic-was-mitigated-by-cloudflares-systems-as-being-potentially-malicious-or-for-customer-defined-reasons-in-the-united-states-3-65-of-traffic-was-mitigated-while-in-south-korea-it-was-8-36\"><u>2023’s Year in Review blog post</u></a>, we highlighted the United States and Korea. This year, the share of mitigated traffic grew to 5.0% in the <a href=\"https://radar.cloudflare.com/year-in-review/2024/us?#mitigated-traffic\"><u>United States</u></a> (up from 3.65% in 2023), while in <a href=\"https://radar.cloudflare.com/year-in-review/2024/kr?#mitigated-traffic\"><u>South Korea</u></a>, it dropped slightly to 8.1%, down from 8.36%.</p>\n <figure class=\"kg-card kg-image-card\">\n <Image src=\"https://cf-assets.www.cloudflare.com/zkvhlag99gkb/3GJ5r18m6Tpor4n2scVRQ5/cc85d08dc2aa496d677d8bfc9439417d/security_-_mitigated_traffic_worldwide.png\" alt=\"security - mitigated traffic worldwide\" class=\"kg-image\" width=\"1575\" height=\"840\" loading=\"lazy\"/>\n </figure><p><sup><i>Trends in mitigated traffic worldwide in 2024</i></sup></p>\n <div class=\"flex anchor relative\">\n <h3 id=\"the-united-states-was-responsible-for-over-a-third-of-global-bot-traffic-amazon-web-services-was-responsible-for-12-7-of-global-bot-traffic-and-7-8-came-from-google\">The United States was responsible for over a third of global bot traffic. Amazon Web Services was responsible for 12.7% of global bot traffic, and 7.8% came from Google.</h3>\n <a href=\"#the-united-states-was-responsible-for-over-a-third-of-global-bot-traffic-amazon-web-services-was-responsible-for-12-7-of-global-bot-traffic-and-7-8-came-from-google\" aria-hidden=\"true\" class=\"relative sm:absolute sm:-left-5\">\n <svg width=\"16\" height=\"16\" viewBox=\"0 0 24 24\"><path fill=\"currentcolor\" d=\"m12.11 15.39-3.88 3.88a2.52 2.52 0 0 1-3.5 0 2.47 2.47 0 0 1 0-3.5l3.88-3.88a1 1 0 0 0-1.42-1.42l-3.88 3.89a4.48 4.48 0 0 0 6.33 6.33l3.89-3.88a1 1 0 1 0-1.42-1.42Zm8.58-12.08a4.49 4.49 0 0 0-6.33 0l-3.89 3.88a1 1 0 0 0 1.42 1.42l3.88-3.88a2.52 2.52 0 0 1 3.5 0 2.47 2.47 0 0 1 0 3.5l-3.88 3.88a1 1 0 1 0 1.42 1.42l3.88-3.89a4.49 4.49 0 0 0 0-6.33ZM8.83 15.17a1 1 0 0 0 1.1.22 1 1 0 0 0 .32-.22l4.92-4.92a1 1 0 0 0-1.42-1.42l-4.92 4.92a1 1 0 0 0 0 1.42Z\"></path></svg>\n </a>\n </div>\n <p><a href=\"https://www.cloudflare.com/learning/bots/what-is-a-bot/\"><u>Bot</u></a> traffic describes any non-human Internet traffic, and by monitoring traffic suspected to be from bots site and application owners can spot and, if necessary, block potentially malicious activity. However, not all bots are malicious — bots can also be helpful, and Cloudflare maintains a list of <a href=\"https://radar.cloudflare.com/traffic/verified-bots\"><u>verified bots</u></a> that includes those used for things like search engine indexing, performance testing, and <a href=\"https://www.cloudflare.com/application-services/solutions/app-performance-monitoring/\"><u>availability monitoring</u></a>. Regardless of intent, we analyzed where bot traffic was originating from in 2024, using the IP address of a request to identify the network (<a href=\"https://www.cloudflare.com/learning/network-layer/what-is-an-autonomous-system/\"><u>autonomous system</u></a>) and country/region associated with the bot making the request. Cloud platforms remained among the leading sources of bot traffic due to a number of factors. These include the ease of using automated tools to quickly provision compute resources, the relatively low cost of using these compute resources in an ephemeral manner, the broadly distributed geographic footprint of cloud platforms, and the platforms’ high-bandwidth Internet connectivity.</p><p><a href=\"https://radar.cloudflare.com/year-in-review/2024#bot-traffic-sources\"><u>Globally</u></a>, we found that 68.5% of observed bot traffic came from the top 10 countries in 2024, with the United States responsible for half of that total, over 5x the share of second place Germany. (In comparison to 2023, the US share was up slightly, while Germany’s was down slightly.) Among cloud platforms that originate bot traffic, Amazon Web Services was responsible for 12.7% of global bot traffic, and 7.8% came from Google. Microsoft, Hetzner, Digital Ocean, and OVH all also contributed more than a percent each.</p>\n <figure class=\"kg-card kg-image-card\">\n <Image src=\"https://cf-assets.www.cloudflare.com/zkvhlag99gkb/3qlyS355w5LDtoBDtb1qXE/8354c2b07c0af46121a0c667e6d687e4/security_-_bot_distribution_by_source_country.png\" alt=\"security - bot distribution by source country\" class=\"kg-image\" width=\"1578\" height=\"860\" loading=\"lazy\"/>\n </figure><p><sup><i>Global bot traffic distribution by source country in 2024</i></sup></p>\n <figure class=\"kg-card kg-image-card\">\n <Image src=\"https://cf-assets.www.cloudflare.com/zkvhlag99gkb/6euMUlCDcfOInLiCpssg2t/54eb345624346f24ab984bbe6b1c9f67/security_-_bot_distribution_by_source_network.png\" alt=\"security - bot distribution by source network\" class=\"kg-image\" width=\"1578\" height=\"821\" loading=\"lazy\"/>\n </figure><p><sup><i>Global bot traffic distribution by source network in 2024</i></sup></p>\n <div class=\"flex anchor relative\">\n <h3 id=\"globally-gambling-games-was-the-most-attacked-industry-slightly-ahead-of-2023s-most-targeted-industry-finance\">Globally, Gambling/Games was the most attacked industry, slightly ahead of 2023’s most targeted industry, Finance.</h3>\n <a href=\"#globally-gambling-games-was-the-most-attacked-industry-slightly-ahead-of-2023s-most-targeted-industry-finance\" aria-hidden=\"true\" class=\"relative sm:absolute sm:-left-5\">\n <svg width=\"16\" height=\"16\" viewBox=\"0 0 24 24\"><path fill=\"currentcolor\" d=\"m12.11 15.39-3.88 3.88a2.52 2.52 0 0 1-3.5 0 2.47 2.47 0 0 1 0-3.5l3.88-3.88a1 1 0 0 0-1.42-1.42l-3.88 3.89a4.48 4.48 0 0 0 6.33 6.33l3.89-3.88a1 1 0 1 0-1.42-1.42Zm8.58-12.08a4.49 4.49 0 0 0-6.33 0l-3.89 3.88a1 1 0 0 0 1.42 1.42l3.88-3.88a2.52 2.52 0 0 1 3.5 0 2.47 2.47 0 0 1 0 3.5l-3.88 3.88a1 1 0 1 0 1.42 1.42l3.88-3.89a4.49 4.49 0 0 0 0-6.33ZM8.83 15.17a1 1 0 0 0 1.1.22 1 1 0 0 0 .32-.22l4.92-4.92a1 1 0 0 0-1.42-1.42l-4.92 4.92a1 1 0 0 0 0 1.42Z\"></path></svg>\n </a>\n </div>\n <p>The industries targeted by attacks often shift over time, depending on the intent of the attackers. They may be trying to cause financial harm by attacking ecommerce sites during a busy shopping period, gain an advantage against opponents by attacking an online game, or make a political statement by attacking government-related sites. To identify industry-targeted attack activity during 2024, we analyzed mitigated traffic for customers that had an associated industry and vertical within their customer record. Mitigated traffic was aggregated weekly by source country/region across 19 target industries.</p><p>Companies in the Gambling/Games industry were, in aggregate, the <a href=\"https://radar.cloudflare.com/year-in-review/2024#most-attacked-industries\"><u>most attacked during 2024</u></a>, with 6.6% of global mitigated traffic targeting the industry. The industry was slightly ahead of Finance, which led 2023’s aggregate list. (Both industries are shown at 6.6% in the Summary view due to rounding.) Gambling/Games sites saw the largest shares of mitigated traffic in January and the first week of February, possibly related to National Football League playoffs in the United States, heading into the <a href=\"https://blog.cloudflare.com/super-bowl-lviii/\"><u>Super Bowl</u></a>.</p><p>Attacks targeting Finance organizations were most active in May, reaching a peak of 15.3% of mitigated traffic the week of May 13. This is in line with the figure in our <a href=\"https://radar.cloudflare.com/reports/ddos-2024-q2#id-9-top-attacked-industries\"><i><u>DDoS threat report for Q2 2024</u></i></a> that shows that Financial Services was the most attacked industry by request volume during the quarter in South America and the Middle East region.</p><p>As we have seen in the past, peak attack activity varied by industry on a weekly basis. The highest peaks for the year were seen in attacks targeting People &amp; Society organizations (19.6% of mitigated traffic, week of January 1), the Autos &amp; Vehicles industry (29.7% of mitigated traffic, week of January 15), and the Real Estate industry (27.5% of mitigated traffic, week of August 26).</p>\n <figure class=\"kg-card kg-image-card\">\n <Image src=\"https://cf-assets.www.cloudflare.com/zkvhlag99gkb/4qjMffdMn6uV7OEFhE5l0F/397672a455b62f712946e30130969657/security_-_targeted_industries.png\" alt=\"security - targeted industries\" class=\"kg-image\" width=\"1124\" height=\"659\" loading=\"lazy\"/>\n </figure><p><sup><i>Global mitigated traffic share by industry in 2024, summary view</i></sup></p>\n <div class=\"flex anchor relative\">\n <h3 id=\"log4j-remains-a-persistent-threat-and-was-actively-targeted-throughout-2024\">Log4j remains a persistent threat and was actively targeted throughout 2024.</h3>\n <a href=\"#log4j-remains-a-persistent-threat-and-was-actively-targeted-throughout-2024\" aria-hidden=\"true\" class=\"relative sm:absolute sm:-left-5\">\n <svg width=\"16\" height=\"16\" viewBox=\"0 0 24 24\"><path fill=\"currentcolor\" d=\"m12.11 15.39-3.88 3.88a2.52 2.52 0 0 1-3.5 0 2.47 2.47 0 0 1 0-3.5l3.88-3.88a1 1 0 0 0-1.42-1.42l-3.88 3.89a4.48 4.48 0 0 0 6.33 6.33l3.89-3.88a1 1 0 1 0-1.42-1.42Zm8.58-12.08a4.49 4.49 0 0 0-6.33 0l-3.89 3.88a1 1 0 0 0 1.42 1.42l3.88-3.88a2.52 2.52 0 0 1 3.5 0 2.47 2.47 0 0 1 0 3.5l-3.88 3.88a1 1 0 1 0 1.42 1.42l3.88-3.89a4.49 4.49 0 0 0 0-6.33ZM8.83 15.17a1 1 0 0 0 1.1.22 1 1 0 0 0 .32-.22l4.92-4.92a1 1 0 0 0-1.42-1.42l-4.92 4.92a1 1 0 0 0 0 1.42Z\"></path></svg>\n </a>\n </div>\n <p>In December 2021, we published a <a href=\"https://blog.cloudflare.com/tag/log4j/\"><u>series of blog posts about the Log4j vulnerability</u></a>, highlighting the threat that it posed, our observations of attempted exploitation, and the steps we took to protect customers. Two years on, in our <a href=\"https://blog.cloudflare.com/radar-2023-year-in-review/\"><u>2023 Year in Review</u></a>, we <a href=\"https://blog.cloudflare.com/radar-2023-year-in-review/#even-as-an-older-vulnerability-log4j-remained-a-top-target-for-attacks-during-2023-however-http-2-rapid-reset-emerged-as-a-significant-new-vulnerability-beginning-with-a-flurry-of-record-breaking-attacks\"><u>noted</u></a> that even as an older vulnerability, Log4j remained a top target for attacks during 2023, with related attack activity significantly higher than other commonly exploited vulnerabilities.</p><p>In 2024, three years after the initial Log4j disclosure, we found that Log4j remains an active threat. This year, we compared normalized daily attack activity for Log4j with attack activity for Atlassian Confluence Code Injection, a vulnerability we <a href=\"https://radar.cloudflare.com/year-in-review/2023#commonly-exploited-vulnerabilities\"><u>examined in the 2023 Year in Review</u></a>, as well as aggregated daily attack activity for multiple <a href=\"https://en.wikipedia.org/wiki/Common_Vulnerabilities_and_Exposures\"><u>CVEs</u></a> related to <a href=\"https://capec.mitre.org/data/definitions/115.html\"><u>Authentication Bypass</u></a> and <a href=\"https://www.cloudflare.com/en-gb/learning/security/what-is-remote-code-execution/\"><u>Remote Code Execution</u></a> vulnerabilities published in 2024.</p><p><a href=\"https://radar.cloudflare.com/year-in-review/2024#commonly-exploited-vulnerabilities\"><u>Log4j attack activity</u></a> appeared to trend generally upwards across the year, with several significant spikes visible during the first half of the year, and then again in October and November. In terms of the difference in activity, Log4j ranges from approximately 4x to over 20x the activity seen for Atlassian Confluence Code Injection, and as much as 100x the aggregated activity seen for Authentication Bypass or Remote Code Injection vulnerabilities. </p>\n <figure class=\"kg-card kg-image-card\">\n <Image src=\"https://cf-assets.www.cloudflare.com/zkvhlag99gkb/2YdyQ3qMUh10zLAHLefcdU/8a723a1970652c293a1f6c59efe51a99/security_-_vulnerabilities_Log4J.png\" alt=\"security - vulnerabilities Log4J\" class=\"kg-image\" width=\"1575\" height=\"840\" loading=\"lazy\"/>\n </figure><p><sup><i>Global attack activity trends for commonly exploited vulnerabilities in 2024</i></sup></p>\n <div class=\"flex anchor relative\">\n <h3 id=\"routing-security-measured-as-the-share-of-rpki-valid-routes-and-the-share-of-covered-ip-address-space-continued-to-improve-globally-throughout-2024\">Routing security, measured as the share of RPKI valid routes and the share of covered IP address space, continued to improve globally throughout 2024. </h3>\n <a href=\"#routing-security-measured-as-the-share-of-rpki-valid-routes-and-the-share-of-covered-ip-address-space-continued-to-improve-globally-throughout-2024\" aria-hidden=\"true\" class=\"relative sm:absolute sm:-left-5\">\n <svg width=\"16\" height=\"16\" viewBox=\"0 0 24 24\"><path fill=\"currentcolor\" d=\"m12.11 15.39-3.88 3.88a2.52 2.52 0 0 1-3.5 0 2.47 2.47 0 0 1 0-3.5l3.88-3.88a1 1 0 0 0-1.42-1.42l-3.88 3.89a4.48 4.48 0 0 0 6.33 6.33l3.89-3.88a1 1 0 1 0-1.42-1.42Zm8.58-12.08a4.49 4.49 0 0 0-6.33 0l-3.89 3.88a1 1 0 0 0 1.42 1.42l3.88-3.88a2.52 2.52 0 0 1 3.5 0 2.47 2.47 0 0 1 0 3.5l-3.88 3.88a1 1 0 1 0 1.42 1.42l3.88-3.89a4.49 4.49 0 0 0 0-6.33ZM8.83 15.17a1 1 0 0 0 1.1.22 1 1 0 0 0 .32-.22l4.92-4.92a1 1 0 0 0-1.42-1.42l-4.92 4.92a1 1 0 0 0 0 1.42Z\"></path></svg>\n </a>\n </div>\n <p>As the routing protocol that underpins the Internet, <a href=\"https://www.cloudflare.com/learning/security/glossary/what-is-bgp/\"><u>Border Gateway Protocol (BGP)</u></a> communicates routes between networks, enabling traffic to flow between source and destination. BGP, however, relies on trust between networks, and incorrect information shared between peers, whether or not it was shared intentionally, can send traffic to the wrong place, potentially with <a href=\"https://blog.cloudflare.com/bgp-leaks-and-crypto-currencies/\"><u>malicious results</u></a>. <a href=\"https://blog.cloudflare.com/rpki/\"><u>Resource Public Key Infrastructure (RPKI)</u></a> is a cryptographic method of signing records that associate a BGP route announcement with the correct originating autonomous system (AS) number, providing a way of ensuring that the information being shared originally came from a network that is allowed to do so. (It is important to note that this is only half of the challenge of implementing routing security, because network providers also need to validate these signatures and filter out invalid announcements to prevent sharing them further.)</p><p>Cloudflare has long been an advocate for routing security, including being a founding participant in the <a href=\"https://www.manrs.org/2020/03/new-category-of-cdns-and-cloud-providers-join-manrs-to-improve-routing-security/\"><u>MANRS CDN and Cloud Programme</u></a> and providing a <a href=\"https://isbgpsafeyet.com/\"><u>public tool</u></a> that enables users to test whether their Internet provider has implemented BGP safely. Building on insights available in the <a href=\"https://radar.cloudflare.com/routing\"><u>Routing page</u></a> on Cloudflare Radar, we analyzed data from <a href=\"https://ftp.ripe.net/rpki/\"><u>RIPE NCC&#39;s RPKI daily archive</u></a> to determine the share of RPKI valid routes (as opposed to those route announcements that are <a href=\"https://rpki.readthedocs.io/en/latest/about/help.html\"><u>invalid or whose status is unknown</u></a>) and how that share has changed over the course of 2024, as well as determining the share of IP address space covered by valid routes. The latter metric is of interest because a route announcement covering a significant amount of IP address space (millions of IPv4 addresses, for example) has a greater potential impact than an announcement covering a small block of IP address space (hundreds of IPv4 addresses, for example).</p><p>At a <a href=\"https://radar.cloudflare.com/year-in-review/2024#routing-security\"><u>global</u></a> level during 2024, we saw a 6.4 percentage point increase (from 43.4% to 49.8%) in valid IPv4 routes, and a 3.2 percentage point increase (from 53.7% to 56.9%) in valid IPv6 routes. Given the trajectory, it is likely that over half of IPv4 routes will be RPKI valid by the end of calendar year 2024. Looking at the global share of IP address space covered by valid routes, we saw a 4.7 percentage point increase (from 38.9% to 43.6%) for IPv4, and a 3.3 percentage point increase (from 57.6% to 60.9%) for IPv6.</p>\n <figure class=\"kg-card kg-image-card\">\n <Image src=\"https://cf-assets.www.cloudflare.com/zkvhlag99gkb/2ojjIa2U45vvsbha8v6ITk/2c61631ded62b80481d47e1da8a5d2cc/security_-_routing_global_valid_routes.png\" alt=\"security - routing global valid routes\" class=\"kg-image\" width=\"1575\" height=\"840\" loading=\"lazy\"/>\n </figure><p><sup><i>Shares of global RPKI valid routing entries by IP version in 2024</i></sup></p>\n <figure class=\"kg-card kg-image-card\">\n <Image src=\"https://cf-assets.www.cloudflare.com/zkvhlag99gkb/2rCCmsaqULazLsBgoXZLLC/9aa265e9658d71bd7ee113423c6945ca/security_-_routing_global_valid_ip_address_space.png\" alt=\"security - routing global valid ip address space\" class=\"kg-image\" width=\"1575\" height=\"840\" loading=\"lazy\"/>\n </figure><p><sup><i>Shares of globally announced IP address space covered by RPKI valid routes in 2024</i></sup></p><p><a href=\"https://radar.cloudflare.com/year-in-review/2024/es#routing-security\"><u>Spain</u></a> started 2024 with less than half of its routes (both IPv4 and IPv6) RPKI valid. However, the share of valid routes grew significantly on February 15, when <a href=\"https://radar.cloudflare.com/as12479\"><u>AS12479 (Orange Espagne)</u></a> signed records associated with 98% of their IP address prefixes that were previously in an <a href=\"https://www.ripe.net/manage-ips-and-asns/resource-management/rpki/bgp-origin-validation/\"><u>“unknown” (or NotFound) state of RPKI validity</u></a>, thus converting these prefixes from unknown to valid. That drove an immediate increase for IPv4 to 76%, reaching 81% validity by December 1, and an immediate increase for IPv6 to 91%, reaching 92.9% validity by December 1. A notable change in covered IP address space was observed in <a href=\"https://radar.cloudflare.com/year-in-review/2024/cm#routing-security\"><u>Cameroon</u></a>, where covered IPv4 space more than doubled at the end of January, growing from 32% to 82%. This was due to <a href=\"https://radar.cloudflare.com/as36912\"><u>AS36912 (Orange Cameroun)</u></a> signing records associated with all of their IPv4 address prefixes, changing the associated IP address space to RPKI valid. </p>\n <figure class=\"kg-card kg-image-card\">\n <Image src=\"https://cf-assets.www.cloudflare.com/zkvhlag99gkb/5e7SUVIju8fidAEBkIOSq4/2085f3237411eca0816a3d2862e9e3df/security_-_routing_Spain_valid_routes.png\" alt=\"security - routing Spain valid routes\" class=\"kg-image\" width=\"1575\" height=\"840\" loading=\"lazy\"/>\n </figure><p><sup><i>IPv4 and IPv6 shares of RPKI valid routes for Spain in 2024</i></sup></p>\n <figure class=\"kg-card kg-image-card\">\n <Image src=\"https://cf-assets.www.cloudflare.com/zkvhlag99gkb/G9adlberrdCmDnB3MupQa/6c866261fc478334673115d6dd01fd76/security_-_routing_Cameroon_valid_ipv4_address_space.png\" alt=\"security - routing Cameroon valid ipv4 address space\" class=\"kg-image\" width=\"1575\" height=\"840\" loading=\"lazy\"/>\n </figure><p><sup><i>Share of IPv4 address space covered by RPKI valid routes for Cameroon in 2024</i></sup></p>\n <div class=\"flex anchor relative\">\n <h2 id=\"email-security\">Email Security</h2>\n <a href=\"#email-security\" aria-hidden=\"true\" class=\"relative sm:absolute sm:-left-5\">\n <svg width=\"16\" height=\"16\" viewBox=\"0 0 24 24\"><path fill=\"currentcolor\" d=\"m12.11 15.39-3.88 3.88a2.52 2.52 0 0 1-3.5 0 2.47 2.47 0 0 1 0-3.5l3.88-3.88a1 1 0 0 0-1.42-1.42l-3.88 3.89a4.48 4.48 0 0 0 6.33 6.33l3.89-3.88a1 1 0 1 0-1.42-1.42Zm8.58-12.08a4.49 4.49 0 0 0-6.33 0l-3.89 3.88a1 1 0 0 0 1.42 1.42l3.88-3.88a2.52 2.52 0 0 1 3.5 0 2.47 2.47 0 0 1 0 3.5l-3.88 3.88a1 1 0 1 0 1.42 1.42l3.88-3.89a4.49 4.49 0 0 0 0-6.33ZM8.83 15.17a1 1 0 0 0 1.1.22 1 1 0 0 0 .32-.22l4.92-4.92a1 1 0 0 0-1.42-1.42l-4.92 4.92a1 1 0 0 0 0 1.42Z\"></path></svg>\n </a>\n </div>\n \n <figure class=\"kg-card kg-image-card\">\n <Image src=\"https://cf-assets.www.cloudflare.com/zkvhlag99gkb/7vC1TSUDDHpepgs2Yv3Lpx/eb43b5c0a203d7ec0a74939c23684ae5/2627_Shield_Plane.png\" alt=\"2627 Shield Plane\" class=\"kg-image\" width=\"1999\" height=\"417\" loading=\"lazy\"/>\n </figure>\n <div class=\"flex anchor relative\">\n <h3 id=\"an-average-of-4-3-of-emails-were-determined-to-be-malicious-in-2024\">An average of 4.3% of emails were determined to be malicious in 2024. </h3>\n <a href=\"#an-average-of-4-3-of-emails-were-determined-to-be-malicious-in-2024\" aria-hidden=\"true\" class=\"relative sm:absolute sm:-left-5\">\n <svg width=\"16\" height=\"16\" viewBox=\"0 0 24 24\"><path fill=\"currentcolor\" d=\"m12.11 15.39-3.88 3.88a2.52 2.52 0 0 1-3.5 0 2.47 2.47 0 0 1 0-3.5l3.88-3.88a1 1 0 0 0-1.42-1.42l-3.88 3.89a4.48 4.48 0 0 0 6.33 6.33l3.89-3.88a1 1 0 1 0-1.42-1.42Zm8.58-12.08a4.49 4.49 0 0 0-6.33 0l-3.89 3.88a1 1 0 0 0 1.42 1.42l3.88-3.88a2.52 2.52 0 0 1 3.5 0 2.47 2.47 0 0 1 0 3.5l-3.88 3.88a1 1 0 1 0 1.42 1.42l3.88-3.89a4.49 4.49 0 0 0 0-6.33ZM8.83 15.17a1 1 0 0 0 1.1.22 1 1 0 0 0 .32-.22l4.92-4.92a1 1 0 0 0-1.42-1.42l-4.92 4.92a1 1 0 0 0 0 1.42Z\"></path></svg>\n </a>\n </div>\n <p>Despite the growing enterprise use of collaboration/messaging apps, email remains an important business application and is a very attractive entry point into enterprise networks for attackers. Attackers will send targeted malicious emails that attempt to impersonate an otherwise legitimate sender (such as a corporate executive), that try to get the user to click on a deceptive link, or that contain a dangerous attachment, among other types of threats. <a href=\"https://www.cloudflare.com/zero-trust/products/email-security/\"><u>Cloudflare Email Security</u></a> protects customers from email-based attacks, including those carried out through targeted malicious email messages. During<a href=\"https://radar.cloudflare.com/year-in-review/2024#malicious-emails\"><u> 2024</u></a>, an average of 4.3% of emails analyzed by Cloudflare were found to be malicious. Aggregated at a weekly level, spikes above 14% were seen in late March, early April, and mid-May. We believe that these spikes were related to targeted “backscatter” attacks, where the attacker flooded a target with undeliverable messages, which then bounced the messages to the victim, whose email had been set as the reply-to: address.</p>\n <figure class=\"kg-card kg-image-card\">\n <Image src=\"https://cf-assets.www.cloudflare.com/zkvhlag99gkb/693EaEyePShBH8CZ7cZWv1/c08e0acd6f8a6a15b730b1cd90bf6283/email_-_malicious_worldwide.png\" alt=\"email - malicious worldwide\" class=\"kg-image\" width=\"1575\" height=\"840\" loading=\"lazy\"/>\n </figure><p><sup><i>Global malicious email share trends in 2024</i></sup></p>\n <div class=\"flex anchor relative\">\n <h3 id=\"deceptive-links-and-identity-deception-were-the-two-most-common-types-of-threats-found-in-malicious-email-messages\">Deceptive links and identity deception were the two most common types of threats found in malicious email messages. </h3>\n <a href=\"#deceptive-links-and-identity-deception-were-the-two-most-common-types-of-threats-found-in-malicious-email-messages\" aria-hidden=\"true\" class=\"relative sm:absolute sm:-left-5\">\n <svg width=\"16\" height=\"16\" viewBox=\"0 0 24 24\"><path fill=\"currentcolor\" d=\"m12.11 15.39-3.88 3.88a2.52 2.52 0 0 1-3.5 0 2.47 2.47 0 0 1 0-3.5l3.88-3.88a1 1 0 0 0-1.42-1.42l-3.88 3.89a4.48 4.48 0 0 0 6.33 6.33l3.89-3.88a1 1 0 1 0-1.42-1.42Zm8.58-12.08a4.49 4.49 0 0 0-6.33 0l-3.89 3.88a1 1 0 0 0 1.42 1.42l3.88-3.88a2.52 2.52 0 0 1 3.5 0 2.47 2.47 0 0 1 0 3.5l-3.88 3.88a1 1 0 1 0 1.42 1.42l3.88-3.89a4.49 4.49 0 0 0 0-6.33ZM8.83 15.17a1 1 0 0 0 1.1.22 1 1 0 0 0 .32-.22l4.92-4.92a1 1 0 0 0-1.42-1.42l-4.92 4.92a1 1 0 0 0 0 1.42Z\"></path></svg>\n </a>\n </div>\n <p>Attackers use a variety of techniques, which we refer to as threat categories, when they use malicious email messages as an attack vector. These categories are defined and explored in detail in our <a href=\"https://blog.cloudflare.com/2023-phishing-report/\"><u>phishing threats report</u></a>. In our analysis of malicious emails, we have found that such messages may contain multiple types of threats. In reviewing a weekly aggregation of threat activity trends for these categories, we found that, <a href=\"https://radar.cloudflare.com/year-in-review/2024#top-email-threats\"><u>averaged across 2024</u></a>, 42.9% of malicious email messages contained deceptive links, with the share reaching 70% at times throughout the year. Activity for this thread category was spiky, with low points seen in the March to May timeframe, and a general downward trend visible from July through November.</p><p>Identity deception was a similarly active threat category, with such threats also found in up to 70% of analyzed emails several weeks throughout the year. Averaged across 2024, 35.1% of emails contained attempted identity deception. The activity pattern for this threat category appears to be somewhat similar to deceptive links, with a number of the peaks and valleys occurring during the same weeks. At times, identity deception was a more prevalent threat in analyzed emails than deceptive links, as seen in the graph below.</p><p>Among other threat categories, extortion saw the most significant change throughout the year. After being found in 86% of malicious emails during the first week of January, its share gradually trended lower throughout the year, finishing November under 10%.</p>\n <figure class=\"kg-card kg-image-card\">\n <Image src=\"https://cf-assets.www.cloudflare.com/zkvhlag99gkb/47EGZSEcRbUY67bsnYTSip/81ce3c89beefe1ddbe66f68710366c87/email_-_threat_category.png\" alt=\"email - threat category\" class=\"kg-image\" width=\"1575\" height=\"840\" loading=\"lazy\"/>\n </figure><p><sup><i>Global malicious email threat category trends for Deceptive Links and Identity Deception in 2024</i></sup></p>\n <div class=\"flex anchor relative\">\n <h3 id=\"over-99-of-the-email-messages-processed-by-cloudflare-email-security-from-the-bar-rest-and-uno-top-level-domains-tlds-were-found-to-be-either-spam-or-malicious-in-nature\">Over 99% of the email messages processed by Cloudflare Email Security from the .bar, .rest, and .uno top level domains (TLDs) were found to be either spam or malicious in nature.</h3>\n <a href=\"#over-99-of-the-email-messages-processed-by-cloudflare-email-security-from-the-bar-rest-and-uno-top-level-domains-tlds-were-found-to-be-either-spam-or-malicious-in-nature\" aria-hidden=\"true\" class=\"relative sm:absolute sm:-left-5\">\n <svg width=\"16\" height=\"16\" viewBox=\"0 0 24 24\"><path fill=\"currentcolor\" d=\"m12.11 15.39-3.88 3.88a2.52 2.52 0 0 1-3.5 0 2.47 2.47 0 0 1 0-3.5l3.88-3.88a1 1 0 0 0-1.42-1.42l-3.88 3.89a4.48 4.48 0 0 0 6.33 6.33l3.89-3.88a1 1 0 1 0-1.42-1.42Zm8.58-12.08a4.49 4.49 0 0 0-6.33 0l-3.89 3.88a1 1 0 0 0 1.42 1.42l3.88-3.88a2.52 2.52 0 0 1 3.5 0 2.47 2.47 0 0 1 0 3.5l-3.88 3.88a1 1 0 1 0 1.42 1.42l3.88-3.89a4.49 4.49 0 0 0 0-6.33ZM8.83 15.17a1 1 0 0 0 1.1.22 1 1 0 0 0 .32-.22l4.92-4.92a1 1 0 0 0-1.42-1.42l-4.92 4.92a1 1 0 0 0 0 1.42Z\"></path></svg>\n </a>\n </div>\n <p>In March 2024, we <a href=\"https://blog.cloudflare.com/email-security-insights-on-cloudflare-radar/\"><u>launched a set of email security insights on Cloudflare Radar</u></a>, including visibility into so-called “dangerous domains” — those top level domains (TLDs) that were found to be the sources of the most spam or malicious email among messages analyzed by Cloudflare Email Security. The analysis is based on the sending domain’s TLD, found in the <code>From</code>: header of an email message. For example, if a message came from <code>sender@example.com</code>, then <code>example.com</code> is the sending domain, and .com is the associated TLD.</p><p><a href=\"https://radar.cloudflare.com/year-in-review/2024?#most-observed-tlds\"><u>In aggregate across 2024</u></a>, we found that the <a href=\"https://icannwiki.org/.bar\"><code><u>.bar</u></code></a>, <a href=\"https://icannwiki.org/.rest\"><code><u>.rest</u></code></a>, and <a href=\"https://icannwiki.org/.uno\"><code><u>.uno</u></code></a> TLDs were the “most dangerous”, each with over 99% of analyzed email messages characterized as either spam or malicious. (These TLDs are all at least a decade old, and each sees at least some usage, with <a href=\"https://research.domaintools.com/statistics/tld-counts/\"><u>between 20,000 and 60,000 registered domain names</u></a>.) Sorting by malicious email share, the <a href=\"https://icannwiki.org/.ws\"><code><u>.ws</u></code></a> ccTLD (country code top level domain) belonging to Western Samoa came out on top, with over 90% of analyzed emails categorized as malicious. Sorting by spam email share, <a href=\"https://icannwiki.org/.quest\"><code><u>.quest</u></code></a> is the biggest offender, with over 88% of emails originating from associated domains characterized as spam.</p>\n <figure class=\"kg-card kg-image-card\">\n <Image src=\"https://cf-assets.www.cloudflare.com/zkvhlag99gkb/30rfi3V9NkY31itUpHQ9is/d1cbb9fce0ecf5a1c3a237f2694c5a13/email_-_dangerous_tlds.png\" alt=\"email - dangerous tlds\" class=\"kg-image\" width=\"1578\" height=\"860\" loading=\"lazy\"/>\n </figure><p><sup><i>TLDs originating the largest total shares of malicious and spam email in 2024</i></sup></p>\n <div class=\"flex anchor relative\">\n <h2 id=\"conclusion\">Conclusion</h2>\n <a href=\"#conclusion\" aria-hidden=\"true\" class=\"relative sm:absolute sm:-left-5\">\n <svg width=\"16\" height=\"16\" viewBox=\"0 0 24 24\"><path fill=\"currentcolor\" d=\"m12.11 15.39-3.88 3.88a2.52 2.52 0 0 1-3.5 0 2.47 2.47 0 0 1 0-3.5l3.88-3.88a1 1 0 0 0-1.42-1.42l-3.88 3.89a4.48 4.48 0 0 0 6.33 6.33l3.89-3.88a1 1 0 1 0-1.42-1.42Zm8.58-12.08a4.49 4.49 0 0 0-6.33 0l-3.89 3.88a1 1 0 0 0 1.42 1.42l3.88-3.88a2.52 2.52 0 0 1 3.5 0 2.47 2.47 0 0 1 0 3.5l-3.88 3.88a1 1 0 1 0 1.42 1.42l3.88-3.89a4.49 4.49 0 0 0 0-6.33ZM8.83 15.17a1 1 0 0 0 1.1.22 1 1 0 0 0 .32-.22l4.92-4.92a1 1 0 0 0-1.42-1.42l-4.92 4.92a1 1 0 0 0 0 1.42Z\"></path></svg>\n </a>\n </div>\n <p>The Internet is an amazingly complex and dynamic organism, constantly changing, growing, and evolving.</p><p>With the <a href=\"https://radar.cloudflare.com/year-in-review/2024\"><u>Cloudflare Radar 2024 Year In Review</u></a>, we are providing insights into the change, growth, and evolution that we have measured and observed throughout the year. Trend graphs, maps, tables, and summary statistics provide our unique perspectives on Internet traffic, Internet quality, and Internet security, and how key metrics across these areas vary around the world and over time.</p><p>We strongly encourage you to visit the <a href=\"https://radar.cloudflare.com/year-in-review/2024\"><u>Cloudflare Radar 2024 Year In Review microsite</u></a> and explore the trends for your country/region, and to consider how they impact your organization so that you are appropriately prepared for 2025. In addition, for insights into the top Internet services across multiple industry categories, we encourage you to read the companion Year in Review blog post, <a href=\"https://blog.cloudflare.com/radar-2024-year-in-review-internet-services/\"><i><u>From ChatGPT to Temu: ranking top Internet services in 2024</u></i></a>.</p><p>If you have any questions, you can contact the Cloudflare Radar team at radar@cloudflare.com or on social media at <a href=\"https://twitter.com/CloudflareRadar\"><u>@CloudflareRadar</u></a> (X), <a href=\"https://noc.social/@cloudflareradar\"><u>https://noc.social/@cloudflareradar</u></a> (Mastodon), and <a href=\"https://bsky.app/profile/radar.cloudflare.com\"><u>radar.cloudflare.com</u></a> (Bluesky).</p>\n <div class=\"flex anchor relative\">\n <h2 id=\"acknowledgements\">Acknowledgements</h2>\n <a href=\"#acknowledgements\" aria-hidden=\"true\" class=\"relative sm:absolute sm:-left-5\">\n <svg width=\"16\" height=\"16\" viewBox=\"0 0 24 24\"><path fill=\"currentcolor\" d=\"m12.11 15.39-3.88 3.88a2.52 2.52 0 0 1-3.5 0 2.47 2.47 0 0 1 0-3.5l3.88-3.88a1 1 0 0 0-1.42-1.42l-3.88 3.89a4.48 4.48 0 0 0 6.33 6.33l3.89-3.88a1 1 0 1 0-1.42-1.42Zm8.58-12.08a4.49 4.49 0 0 0-6.33 0l-3.89 3.88a1 1 0 0 0 1.42 1.42l3.88-3.88a2.52 2.52 0 0 1 3.5 0 2.47 2.47 0 0 1 0 3.5l-3.88 3.88a1 1 0 1 0 1.42 1.42l3.88-3.89a4.49 4.49 0 0 0 0-6.33ZM8.83 15.17a1 1 0 0 0 1.1.22 1 1 0 0 0 .32-.22l4.92-4.92a1 1 0 0 0-1.42-1.42l-4.92 4.92a1 1 0 0 0 0 1.42Z\"></path></svg>\n </a>\n </div>\n <p>As it is every year, it truly is a team effort to produce the data, microsite, and content for our annual Year in Review, and I’d like to acknowledge those team members that contributed to this year’s effort. Thank you to: Jorge Pacheco, Sabina Zejnilovic, Carlos Azevedo, Mingwei Zhang (Data Analysis); André Jesus, Nuno Pereira (Front End Development); João Tomé (Most popular Internet services); Jackie Dutton, Kari Linder, Guille Lasarte (Communications); Eunice Giles (Brand Design); Jason Kincaid (blog editing); and Paula Tavares (Engineering Management), as well as countless other colleagues for their answers, edits, support, and ideas.</p>"],"published_at":[0,"2024-12-09T14:05+00:00"],"updated_at":[0,"2025-01-03T17:15:59.515Z"],"feature_image":[0,"https://cf-assets.www.cloudflare.com/zkvhlag99gkb/2nWfStnBrKwLWixhTVnzoT/7b206bb56a5335d9a36981890e0c626c/image8.png"],"tags":[1,[[0,{"id":[0,"231XTGyX1Pw7Huv9D0rhMS"],"name":[0,"Year in Review"],"slug":[0,"year-in-review"]}],[0,{"id":[0,"5kZtWqjqa7aOUoZr8NFGwI"],"name":[0,"Radar"],"slug":[0,"cloudflare-radar"]}],[0,{"id":[0,"3yArjf0gLKZy8ObEDxbNNi"],"name":[0,"Trends"],"slug":[0,"trends"]}],[0,{"id":[0,"0kgHdg1ytbdWl5BNo6bEa"],"name":[0,"Internet Traffic"],"slug":[0,"internet-traffic"]}],[0,{"id":[0,"4yliZlpBPZpOwBDZzo1tTh"],"name":[0,"Outage"],"slug":[0,"outage"]}],[0,{"id":[0,"5DD7GZ0oxjP3NGOaJMwyWq"],"name":[0,"Internet Quality"],"slug":[0,"internet-quality"]}],[0,{"id":[0,"6Mp7ouACN2rT3YjL1xaXJx"],"name":[0,"Security"],"slug":[0,"security"]}]]],"relatedTags":[0],"authors":[1,[[0,{"name":[0,"David Belson"],"slug":[0,"david-belson"],"bio":[0,null],"profile_image":[0,"https://cf-assets.www.cloudflare.com/zkvhlag99gkb/en7vkXf6rLBm4F8IcNHXT/645022bf841fabff7732aa3be3949808/david-belson.jpeg"],"location":[0,null],"website":[0,null],"twitter":[0,"@dbelson"],"facebook":[0,null]}]]],"meta_description":[0,"The 2024 Cloudflare Radar Year in Review is our fifth annual review of Internet trends and patterns at both a global and country/region level. For 2024, we added several new metrics, as well as the ability to do year-over-year and geographic comparisons for selected metrics. \n"],"primary_author":[0,{}],"localeList":[0,{"name":[0,"Cloudflare 2024 Year in Review: Loc"],"enUS":[0,"English for Locale"],"zhCN":[0,"Translated for Locale"],"zhHansCN":[0,"No Page for Locale"],"zhTW":[0,"Translated for Locale"],"frFR":[0,"English for Locale"],"deDE":[0,"English for Locale"],"itIT":[0,"English for Locale"],"jaJP":[0,"English for Locale"],"koKR":[0,"English for Locale"],"ptBR":[0,"Translated for Locale"],"esLA":[0,"Translated for Locale"],"esES":[0,"Translated for Locale"],"enAU":[0,"No Page for Locale"],"enCA":[0,"No Page for Locale"],"enIN":[0,"No Page for Locale"],"enGB":[0,"No Page for Locale"],"idID":[0,"Translated for Locale"],"ruRU":[0,"No Page for Locale"],"svSE":[0,"No Page for Locale"],"viVN":[0,"Translated for Locale"],"plPL":[0,"English for Locale"],"arAR":[0,"English for Locale"],"nlNL":[0,"English for Locale"],"thTH":[0,"Translated for Locale"],"trTR":[0,"English for Locale"],"heIL":[0,"English for Locale"],"lvLV":[0,"English for Locale"],"etEE":[0,"English for Locale"],"ltLT":[0,"English for Locale"]}],"url":[0,"https://blog.cloudflare.com/radar-2024-year-in-review"],"metadata":[0,{"title":[0,"Cloudflare 2024 Year in Review"],"description":[0,"The 2024 Cloudflare Radar Year in Review is our fifth annual review of Internet trends and patterns at both a global and country/region level. For 2024, we added several new metrics, as well as the ability to do year-over-year and geographic comparisons for selected metrics. \n"],"imgPreview":[0,"https://cf-assets.www.cloudflare.com/zkvhlag99gkb/Xw63gQRdZSUjMoaW6oFyy/190bd0fc341de1277929e0ce620ffe7a/Cloudflare_2024_Year_in_Review-OG.png"]}]}],[0,{"id":[0,"5DP2F9GATeUBYyfl6pQMej"],"title":[0,"Resilient Internet connectivity in Europe mitigates impact from multiple cable cuts"],"slug":[0,"resilient-internet-connectivity-baltic-cable-cuts"],"excerpt":[0,"Two recent cable cuts that occurred in the Baltic Sea resulted in little-to-no observable impact to the affected countries, in large part because of the significant redundancy and resilience of Internet infrastructure in Europe.\n"],"featured":[0,false],"html":[0,"<p></p><p>When cable cuts occur, whether submarine or terrestrial, they often result in observable disruptions to Internet connectivity, knocking a network, city, or country offline. This is especially true when there is insufficient resilience or alternative paths — that is, when a cable is effectively a single point of failure. Associated observations of traffic loss resulting from these disruptions are frequently covered by Cloudflare Radar in social media and blog posts. However, two recent cable cuts that occurred in the Baltic Sea resulted in little-to-no observable impact to the affected countries, as we discuss below, in large part because of the significant redundancy and resilience of Internet infrastructure in Europe.</p>\n <div class=\"flex anchor relative\">\n <h2 id=\"bcs-east-west-interlink\">BCS East-West Interlink</h2>\n <a href=\"#bcs-east-west-interlink\" aria-hidden=\"true\" class=\"relative sm:absolute sm:-left-5\">\n <svg width=\"16\" height=\"16\" viewBox=\"0 0 24 24\"><path fill=\"currentcolor\" d=\"m12.11 15.39-3.88 3.88a2.52 2.52 0 0 1-3.5 0 2.47 2.47 0 0 1 0-3.5l3.88-3.88a1 1 0 0 0-1.42-1.42l-3.88 3.89a4.48 4.48 0 0 0 6.33 6.33l3.89-3.88a1 1 0 1 0-1.42-1.42Zm8.58-12.08a4.49 4.49 0 0 0-6.33 0l-3.89 3.88a1 1 0 0 0 1.42 1.42l3.88-3.88a2.52 2.52 0 0 1 3.5 0 2.47 2.47 0 0 1 0 3.5l-3.88 3.88a1 1 0 1 0 1.42 1.42l3.88-3.89a4.49 4.49 0 0 0 0-6.33ZM8.83 15.17a1 1 0 0 0 1.1.22 1 1 0 0 0 .32-.22l4.92-4.92a1 1 0 0 0-1.42-1.42l-4.92 4.92a1 1 0 0 0 0 1.42Z\"></path></svg>\n </a>\n </div>\n \n <div class=\"flex anchor relative\">\n <h3 id=\"traffic-volume-indicators\">Traffic volume indicators</h3>\n <a href=\"#traffic-volume-indicators\" aria-hidden=\"true\" class=\"relative sm:absolute sm:-left-5\">\n <svg width=\"16\" height=\"16\" viewBox=\"0 0 24 24\"><path fill=\"currentcolor\" d=\"m12.11 15.39-3.88 3.88a2.52 2.52 0 0 1-3.5 0 2.47 2.47 0 0 1 0-3.5l3.88-3.88a1 1 0 0 0-1.42-1.42l-3.88 3.89a4.48 4.48 0 0 0 6.33 6.33l3.89-3.88a1 1 0 1 0-1.42-1.42Zm8.58-12.08a4.49 4.49 0 0 0-6.33 0l-3.89 3.88a1 1 0 0 0 1.42 1.42l3.88-3.88a2.52 2.52 0 0 1 3.5 0 2.47 2.47 0 0 1 0 3.5l-3.88 3.88a1 1 0 1 0 1.42 1.42l3.88-3.89a4.49 4.49 0 0 0 0-6.33ZM8.83 15.17a1 1 0 0 0 1.1.22 1 1 0 0 0 .32-.22l4.92-4.92a1 1 0 0 0-1.42-1.42l-4.92 4.92a1 1 0 0 0 0 1.42Z\"></path></svg>\n </a>\n </div>\n <p>On Sunday, November 17 2024, the <a href=\"https://www.submarinecablemap.com/submarine-cable/bcs-east-west-interlink\"><u>BCS East-West Interlink submarine cable</u></a> connecting Sventoji, Lithuania and Katthammarsvik, Sweden was <a href=\"https://www.datacenterdynamics.com/en/news/lithuania-sweden-subsea-cable-cut-was-10m-from-severed-finnish-german-cable/\"><u>reportedly damaged</u></a> around 10:00 local (Lithuania) time (08:00 UTC). A <a href=\"https://www.datacenterdynamics.com/en/news/lithuania-sweden-subsea-cable-cut-was-10m-from-severed-finnish-german-cable/\"><u>Data Center Dynamics article about the cable cut</u></a> quotes the CTO of Telia Lietuva, the telecommunications provider that operates the cable, and notes “<i>The Lithuanian cable carried about a third of the nation&#39;s Internet capacity, but capacity was carried via other routes.</i>”</p><p>As the Cloudflare Radar graphs below show, there was no apparent impact to traffic volumes in either country at the time that the cables were damaged. The NetFlows graphs represent the number of bytes that Cloudflare sends to users and clients in response to their requests.</p>\n <figure class=\"kg-card kg-image-card\">\n <Image src=\"https://cf-assets.www.cloudflare.com/zkvhlag99gkb/7xDllSeyPtet5ovpXI3GMH/6bc5680bbd8219f417e891102c4ffb0e/BLOG-2626_2.png\" alt=\"BLOG-2626 2\" class=\"kg-image\" width=\"1600\" height=\"1072\" loading=\"lazy\"/>\n </figure>\n <figure class=\"kg-card kg-image-card\">\n <Image src=\"https://cf-assets.www.cloudflare.com/zkvhlag99gkb/2RE0V8M2CFPt1uxsOjhSBz/dc5c261808c021fc9ff0ab65963fce0b/BLOG-2626_3.png\" alt=\"BLOG-2626 3\" class=\"kg-image\" width=\"1600\" height=\"1072\" loading=\"lazy\"/>\n </figure>\n <figure class=\"kg-card kg-image-card\">\n <Image src=\"https://cf-assets.www.cloudflare.com/zkvhlag99gkb/6wjHy79iHDqcuzknxcK14o/a4526787c3fdde54a6627b16717aaec0/BLOG-2626_4.png\" alt=\"BLOG-2626 4\" class=\"kg-image\" width=\"1600\" height=\"1072\" loading=\"lazy\"/>\n </figure>\n <figure class=\"kg-card kg-image-card\">\n <Image src=\"https://cf-assets.www.cloudflare.com/zkvhlag99gkb/2zPi0GZ54gGDjCMyivhH0C/f6e50728ae7dc110fd15edc40f43b694/BLOG-2626_5.png\" alt=\"BLOG-2626 5\" class=\"kg-image\" width=\"1600\" height=\"1072\" loading=\"lazy\"/>\n </figure>\n <div class=\"flex anchor relative\">\n <h3 id=\"internet-quality\">Internet quality</h3>\n <a href=\"#internet-quality\" aria-hidden=\"true\" class=\"relative sm:absolute sm:-left-5\">\n <svg width=\"16\" height=\"16\" viewBox=\"0 0 24 24\"><path fill=\"currentcolor\" d=\"m12.11 15.39-3.88 3.88a2.52 2.52 0 0 1-3.5 0 2.47 2.47 0 0 1 0-3.5l3.88-3.88a1 1 0 0 0-1.42-1.42l-3.88 3.89a4.48 4.48 0 0 0 6.33 6.33l3.89-3.88a1 1 0 1 0-1.42-1.42Zm8.58-12.08a4.49 4.49 0 0 0-6.33 0l-3.89 3.88a1 1 0 0 0 1.42 1.42l3.88-3.88a2.52 2.52 0 0 1 3.5 0 2.47 2.47 0 0 1 0 3.5l-3.88 3.88a1 1 0 1 0 1.42 1.42l3.88-3.89a4.49 4.49 0 0 0 0-6.33ZM8.83 15.17a1 1 0 0 0 1.1.22 1 1 0 0 0 .32-.22l4.92-4.92a1 1 0 0 0-1.42-1.42l-4.92 4.92a1 1 0 0 0 0 1.42Z\"></path></svg>\n </a>\n </div>\n <p>Internet quality metrics for both countries show changes in measured bandwidth and latency throughout the day on Sunday, but with no sudden anomalous shifts visible around the time of the cable cut. (The loss of connectivity associated with a cable cut potentially manifests itself as an increase in latency and concurrent decrease in bandwidth due to loss of capacity.) The latency graph for Sweden does show an increase in latency, but it began before the cable cut occurred, is similar to a pattern visible several hours earlier, and is matched by an increase in measured bandwidth, so it is unlikely to be related to the cable cut event.</p>\n <figure class=\"kg-card kg-image-card\">\n <Image src=\"https://cf-assets.www.cloudflare.com/zkvhlag99gkb/3aXlBjU08WKKT0OSnWBsIP/eb32b937d1729160dec83204bba06e91/BLOG-2626_6.png\" alt=\"BLOG-2626 6\" class=\"kg-image\" width=\"1600\" height=\"900\" loading=\"lazy\"/>\n </figure>\n <figure class=\"kg-card kg-image-card\">\n <Image src=\"https://cf-assets.www.cloudflare.com/zkvhlag99gkb/5eeR8OlwA5CHROGkqKn1KJ/e372a25ad2a93aaa38339f360f3a7b0e/BLOG-2626_7.png\" alt=\"BLOG-2626 7\" class=\"kg-image\" width=\"1600\" height=\"900\" loading=\"lazy\"/>\n </figure>\n <figure class=\"kg-card kg-image-card\">\n <Image src=\"https://cf-assets.www.cloudflare.com/zkvhlag99gkb/6wGJFP5K0LkEjw8DXbQ45z/516cf3b04ac5c5f2f82398be508fe4b0/BLOG-2626_8.png\" alt=\"BLOG-2626 8\" class=\"kg-image\" width=\"1600\" height=\"900\" loading=\"lazy\"/>\n </figure>\n <figure class=\"kg-card kg-image-card\">\n <Image src=\"https://cf-assets.www.cloudflare.com/zkvhlag99gkb/2ZLyXG9lCsfazoMm1b6c4z/1af296913ff00da991c04d1422bd49fd/BLOG-2626_9.png\" alt=\"BLOG-2626 9\" class=\"kg-image\" width=\"1600\" height=\"900\" loading=\"lazy\"/>\n </figure>\n <div class=\"flex anchor relative\">\n <h3 id=\"visibility-in-bgp-events-announced-ip-address-space-unaffected\">Visibility in BGP events, announced IP address space unaffected</h3>\n <a href=\"#visibility-in-bgp-events-announced-ip-address-space-unaffected\" aria-hidden=\"true\" class=\"relative sm:absolute sm:-left-5\">\n <svg width=\"16\" height=\"16\" viewBox=\"0 0 24 24\"><path fill=\"currentcolor\" d=\"m12.11 15.39-3.88 3.88a2.52 2.52 0 0 1-3.5 0 2.47 2.47 0 0 1 0-3.5l3.88-3.88a1 1 0 0 0-1.42-1.42l-3.88 3.89a4.48 4.48 0 0 0 6.33 6.33l3.89-3.88a1 1 0 1 0-1.42-1.42Zm8.58-12.08a4.49 4.49 0 0 0-6.33 0l-3.89 3.88a1 1 0 0 0 1.42 1.42l3.88-3.88a2.52 2.52 0 0 1 3.5 0 2.47 2.47 0 0 1 0 3.5l-3.88 3.88a1 1 0 1 0 1.42 1.42l3.88-3.89a4.49 4.49 0 0 0 0-6.33ZM8.83 15.17a1 1 0 0 0 1.1.22 1 1 0 0 0 .32-.22l4.92-4.92a1 1 0 0 0-1.42-1.42l-4.92 4.92a1 1 0 0 0 0 1.42Z\"></path></svg>\n </a>\n </div>\n <p><a href=\"https://developers.cloudflare.com/radar/glossary/#bgp-announcements\"><u>BGP announcements</u></a> are a way for network providers to communicate routing information to other networks, and announcement activity observed on Telia Lietuva’s <a href=\"https://www.cloudflare.com/learning/network-layer/what-is-an-autonomous-system/\"><u>autonomous systems</u></a> around the time of the cable cut may be related to the re-routing referenced in the article. No change in announced IP address space was visible for any of these autonomous systems, suggesting no loss of connectivity as the capacity was re-routed.</p>\n <figure class=\"kg-card kg-image-card\">\n <Image src=\"https://cf-assets.www.cloudflare.com/zkvhlag99gkb/7dWHQYn0cJ3PdivPgI2sDI/696207021bf5e75d061040c33505923a/BLOG-2626_10.png\" alt=\"BLOG-2626 10\" class=\"kg-image\" width=\"1600\" height=\"900\" loading=\"lazy\"/>\n </figure>\n <figure class=\"kg-card kg-image-card\">\n <Image src=\"https://cf-assets.www.cloudflare.com/zkvhlag99gkb/5QPU28IyaW3QPCqaIzTZec/19b3ed7675d23441c9493c2313134a41/BLOG-2626_11.png\" alt=\"BLOG-2626 11\" class=\"kg-image\" width=\"1600\" height=\"900\" loading=\"lazy\"/>\n </figure>\n <figure class=\"kg-card kg-image-card\">\n <Image src=\"https://cf-assets.www.cloudflare.com/zkvhlag99gkb/4zSx3b14HwaBIFX5qc59bq/4f8e2b4951498a2edcae846068927350/BLOG-2626_12.png\" alt=\"BLOG-2626 12\" class=\"kg-image\" width=\"1600\" height=\"900\" loading=\"lazy\"/>\n </figure>\n <figure class=\"kg-card kg-image-card\">\n <Image src=\"https://cf-assets.www.cloudflare.com/zkvhlag99gkb/1P04AQZbfZOTisBPutbLZa/5e6520bfd1782976538c98914134fe94/BLOG-2626_13.png\" alt=\"BLOG-2626 13\" class=\"kg-image\" width=\"1600\" height=\"900\" loading=\"lazy\"/>\n </figure><p>Telegeography’s <a href=\"http://submarinecablemap.com\"><u>submarinecablemap.com</u></a> illustrates, at least in part, the resilience in connectivity enjoyed by these two countries. In addition to the damaged cable, it shows that <a href=\"https://www.submarinecablemap.com/country/lithuania\"><u>Lithuania</u></a> is <a href=\"https://www.submarinecablemap.com/submarine-cable/bcs-east\"><u>connected to neighboring Latvia</u></a> as well as <a href=\"https://www.submarinecablemap.com/submarine-cable/nordbalt\"><u>to the Swedish mainland</u></a>. Over 20 submarine cables land in <a href=\"https://www.submarinecablemap.com/country/sweden\"><u>Sweden</u></a>, connecting it to multiple countries across Europe. In addition to the submarine resilience, network providers in both countries can take advantage of terrestrial fiber connections to neighboring countries, such as those illustrated in a <a href=\"https://www.arelion.com/our-network\"><u>European network map from Arelion</u></a> (formerly Telia), which is only one of the large European backbone providers.</p>\n <div class=\"flex anchor relative\">\n <h2 id=\"c-lion1\">C-Lion1</h2>\n <a href=\"#c-lion1\" aria-hidden=\"true\" class=\"relative sm:absolute sm:-left-5\">\n <svg width=\"16\" height=\"16\" viewBox=\"0 0 24 24\"><path fill=\"currentcolor\" d=\"m12.11 15.39-3.88 3.88a2.52 2.52 0 0 1-3.5 0 2.47 2.47 0 0 1 0-3.5l3.88-3.88a1 1 0 0 0-1.42-1.42l-3.88 3.89a4.48 4.48 0 0 0 6.33 6.33l3.89-3.88a1 1 0 1 0-1.42-1.42Zm8.58-12.08a4.49 4.49 0 0 0-6.33 0l-3.89 3.88a1 1 0 0 0 1.42 1.42l3.88-3.88a2.52 2.52 0 0 1 3.5 0 2.47 2.47 0 0 1 0 3.5l-3.88 3.88a1 1 0 1 0 1.42 1.42l3.88-3.89a4.49 4.49 0 0 0 0-6.33ZM8.83 15.17a1 1 0 0 0 1.1.22 1 1 0 0 0 .32-.22l4.92-4.92a1 1 0 0 0-1.42-1.42l-4.92 4.92a1 1 0 0 0 0 1.42Z\"></path></svg>\n </a>\n </div>\n \n <div class=\"flex anchor relative\">\n <h3 id=\"traffic-volume-indicators\">Traffic volume indicators</h3>\n <a href=\"#traffic-volume-indicators\" aria-hidden=\"true\" class=\"relative sm:absolute sm:-left-5\">\n <svg width=\"16\" height=\"16\" viewBox=\"0 0 24 24\"><path fill=\"currentcolor\" d=\"m12.11 15.39-3.88 3.88a2.52 2.52 0 0 1-3.5 0 2.47 2.47 0 0 1 0-3.5l3.88-3.88a1 1 0 0 0-1.42-1.42l-3.88 3.89a4.48 4.48 0 0 0 6.33 6.33l3.89-3.88a1 1 0 1 0-1.42-1.42Zm8.58-12.08a4.49 4.49 0 0 0-6.33 0l-3.89 3.88a1 1 0 0 0 1.42 1.42l3.88-3.88a2.52 2.52 0 0 1 3.5 0 2.47 2.47 0 0 1 0 3.5l-3.88 3.88a1 1 0 1 0 1.42 1.42l3.88-3.89a4.49 4.49 0 0 0 0-6.33ZM8.83 15.17a1 1 0 0 0 1.1.22 1 1 0 0 0 .32-.22l4.92-4.92a1 1 0 0 0-1.42-1.42l-4.92 4.92a1 1 0 0 0 0 1.42Z\"></path></svg>\n </a>\n </div>\n <p>Less than a day later, the <a href=\"https://www.submarinecablemap.com/submarine-cable/c-lion1\"><u>C-Lion1 submarine cable</u></a>, which connects Helsinki, Finland and Rostock Germany was <a href=\"https://www.datacenterdynamics.com/en/news/helsinki-rostock-subsea-cable-between-finland-and-germany-severed/\"><u>reportedly damaged</u></a> during the early morning hours of Monday, November 18. Cinia, the telecommunications company that owns the cable, <a href=\"https://www.theguardian.com/world/2024/nov/19/baltic-sea-cables-damage-sabotage-german-minister\"><u>said</u></a> that the cable stopped working at about 02:00 UTC. </p><p>In this situation as well, as the Cloudflare Radar graphs below show, there was no apparent impact to traffic volumes in either country at the time that the cables were damaged. The Finland graphs, week-on-week, show fewer bytes transferred and fewer HTTP requests, but that difference is present before the cable cut at 02:00 UTC. However, the trend of the current line does not change after the cable cut, so the two events would appear unrelated. </p>\n <figure class=\"kg-card kg-image-card\">\n <Image src=\"https://cf-assets.www.cloudflare.com/zkvhlag99gkb/4OQtSFBgBzdmnzWz8AdM7Z/3a66cec98698bf6d506d93fc13fe4c74/BLOG-2626_14.png\" alt=\"BLOG-2626 14\" class=\"kg-image\" width=\"1600\" height=\"1072\" loading=\"lazy\"/>\n </figure>\n <figure class=\"kg-card kg-image-card\">\n <Image src=\"https://cf-assets.www.cloudflare.com/zkvhlag99gkb/4gqxHsD3ykjWGWhATVU8iw/f74916e1faf186efef94e6dc29bbca58/BLOG-2626_15.png\" alt=\"BLOG-2626 15\" class=\"kg-image\" width=\"1600\" height=\"1072\" loading=\"lazy\"/>\n </figure>\n <figure class=\"kg-card kg-image-card\">\n <Image src=\"https://cf-assets.www.cloudflare.com/zkvhlag99gkb/4gh5eLQZNabsz9XnOSgtU1/fb6d0770c62ce016d73c1a3c47ae99f1/BLOG-2626_16.png\" alt=\"BLOG-2626 16\" class=\"kg-image\" width=\"1600\" height=\"1072\" loading=\"lazy\"/>\n </figure>\n <figure class=\"kg-card kg-image-card\">\n <Image src=\"https://cf-assets.www.cloudflare.com/zkvhlag99gkb/6FIKh8U2nxHkxMdXho6HsI/9e349d0767df5d34d3b8274710c2cb0b/BLOG-2626_17.png\" alt=\"BLOG-2626 17\" class=\"kg-image\" width=\"1600\" height=\"1072\" loading=\"lazy\"/>\n </figure>\n <div class=\"flex anchor relative\">\n <h3 id=\"internet-quality\">Internet quality</h3>\n <a href=\"#internet-quality\" aria-hidden=\"true\" class=\"relative sm:absolute sm:-left-5\">\n <svg width=\"16\" height=\"16\" viewBox=\"0 0 24 24\"><path fill=\"currentcolor\" d=\"m12.11 15.39-3.88 3.88a2.52 2.52 0 0 1-3.5 0 2.47 2.47 0 0 1 0-3.5l3.88-3.88a1 1 0 0 0-1.42-1.42l-3.88 3.89a4.48 4.48 0 0 0 6.33 6.33l3.89-3.88a1 1 0 1 0-1.42-1.42Zm8.58-12.08a4.49 4.49 0 0 0-6.33 0l-3.89 3.88a1 1 0 0 0 1.42 1.42l3.88-3.88a2.52 2.52 0 0 1 3.5 0 2.47 2.47 0 0 1 0 3.5l-3.88 3.88a1 1 0 1 0 1.42 1.42l3.88-3.89a4.49 4.49 0 0 0 0-6.33ZM8.83 15.17a1 1 0 0 0 1.1.22 1 1 0 0 0 .32-.22l4.92-4.92a1 1 0 0 0-1.42-1.42l-4.92 4.92a1 1 0 0 0 0 1.42Z\"></path></svg>\n </a>\n </div>\n <p>By looking at volume-related metrics, alone, Internet connectivity would appear to be unaffected by the cable cut.</p><p>If, however, we change perspective and look at Internet quality, a brief yet interesting change is visible for Finland around the reported time of the cable damage, though it isn’t clear whether it is related in any way. Just after midnight, median measured bandwidth, previously consistent around 50 Mbps begins to grow, peaking just over 200 Mbps around 03:00 UTC. Around that same time, measured median latency also begins to drop, falling from around 30 ms to a low of 13 ms, also around 03:00 UTC. Median bandwidth returned to normal levels around 06:00 UTC, while latency took about two hours longer to return to normal levels. These observed improvements in bandwidth and latency could have been due to traffic being re-routed to along paths with better connectivity to measurement endpoints, but because the shifts began before the cable damage occurred, and recovered shortly thereafter, that is unlikely to be the root cause.</p><p>In Germany, a brief minor increase in median bandwidth peaked around 02:45 UTC, while no notable changes were observed in latency.</p>\n <figure class=\"kg-card kg-image-card\">\n <Image src=\"https://cf-assets.www.cloudflare.com/zkvhlag99gkb/94V0coi6oFBdUMX1SVyl7/44738b06af2e51b4e436c84dbe6a1a79/BLOG-2626_18.png\" alt=\"BLOG-2626 18\" class=\"kg-image\" width=\"1600\" height=\"900\" loading=\"lazy\"/>\n </figure>\n <figure class=\"kg-card kg-image-card\">\n <Image src=\"https://cf-assets.www.cloudflare.com/zkvhlag99gkb/Bqy5uQ76FwmmOX92Co4cE/96190329454e264966119a0f9a4533ff/BLOG-2626_19.png\" alt=\"BLOG-2626 19\" class=\"kg-image\" width=\"1600\" height=\"900\" loading=\"lazy\"/>\n </figure>\n <figure class=\"kg-card kg-image-card\">\n <Image src=\"https://cf-assets.www.cloudflare.com/zkvhlag99gkb/1BJCVdjJMILFubi4SW8HR6/7b97343910ab70cc1a4cad3d3565a727/BLOG-2626_20.png\" alt=\"BLOG-2626 20\" class=\"kg-image\" width=\"1600\" height=\"900\" loading=\"lazy\"/>\n </figure>\n <figure class=\"kg-card kg-image-card\">\n <Image src=\"https://cf-assets.www.cloudflare.com/zkvhlag99gkb/3lf5GR9ElhjpW0wYzPieNI/c02a588af54ac36521f901307d9f62f7/BLOG-2626_21.png\" alt=\"BLOG-2626 21\" class=\"kg-image\" width=\"1600\" height=\"900\" loading=\"lazy\"/>\n </figure>\n <div class=\"flex anchor relative\">\n <h3 id=\"bgp-business-as-usual\">BGP business as usual</h3>\n <a href=\"#bgp-business-as-usual\" aria-hidden=\"true\" class=\"relative sm:absolute sm:-left-5\">\n <svg width=\"16\" height=\"16\" viewBox=\"0 0 24 24\"><path fill=\"currentcolor\" d=\"m12.11 15.39-3.88 3.88a2.52 2.52 0 0 1-3.5 0 2.47 2.47 0 0 1 0-3.5l3.88-3.88a1 1 0 0 0-1.42-1.42l-3.88 3.89a4.48 4.48 0 0 0 6.33 6.33l3.89-3.88a1 1 0 1 0-1.42-1.42Zm8.58-12.08a4.49 4.49 0 0 0-6.33 0l-3.89 3.88a1 1 0 0 0 1.42 1.42l3.88-3.88a2.52 2.52 0 0 1 3.5 0 2.47 2.47 0 0 1 0 3.5l-3.88 3.88a1 1 0 1 0 1.42 1.42l3.88-3.89a4.49 4.49 0 0 0 0-6.33ZM8.83 15.17a1 1 0 0 0 1.1.22 1 1 0 0 0 .32-.22l4.92-4.92a1 1 0 0 0-1.42-1.42l-4.92 4.92a1 1 0 0 0 0 1.42Z\"></path></svg>\n </a>\n </div>\n <p>From a routing perspective, there was no notable BGP announcement activity observed for top autonomous systems in either Finland or Germany around 02:00 on November 18, and total announced IP address space aggregated at a country level also demonstrated no change.</p><p>Telegeography’s <a href=\"http://submarinecablemap.com\"><u>submarinecablemap.com</u></a> shows that both Finland and Germany also have significant redundancy and resilience from a submarine cable perspective, with over 10 cables landing in <a href=\"https://www.submarinecablemap.com/country/finland\"><u>Finland</u></a>, and nearly 10 landing in <a href=\"https://www.submarinecablemap.com/country/germany\"><u>Germany</u></a>, including <a href=\"https://www.submarinecablemap.com/submarine-cable/atlantic-crossing-1-ac-1\"><u>Atlantic Crossing-1 (AC-1)</u></a>, which connects to the United States over two distinct paths. Terrestrial fiber maps from <a href=\"https://www.arelion.com/our-network\"><u>Arelion</u></a> and <a href=\"https://map.eunetworks.com/?_ga=2.220121625.1822578510.1543942339-1757484894.1536310774\"><u>eunetworks</u></a> (as just two examples) show multiple redundant fiber routes within both countries, as well as cross-border routes to other neighboring countries, enabling more resilient Internet connectivity.</p>\n <div class=\"flex anchor relative\">\n <h2 id=\"conclusion\">Conclusion</h2>\n <a href=\"#conclusion\" aria-hidden=\"true\" class=\"relative sm:absolute sm:-left-5\">\n <svg width=\"16\" height=\"16\" viewBox=\"0 0 24 24\"><path fill=\"currentcolor\" d=\"m12.11 15.39-3.88 3.88a2.52 2.52 0 0 1-3.5 0 2.47 2.47 0 0 1 0-3.5l3.88-3.88a1 1 0 0 0-1.42-1.42l-3.88 3.89a4.48 4.48 0 0 0 6.33 6.33l3.89-3.88a1 1 0 1 0-1.42-1.42Zm8.58-12.08a4.49 4.49 0 0 0-6.33 0l-3.89 3.88a1 1 0 0 0 1.42 1.42l3.88-3.88a2.52 2.52 0 0 1 3.5 0 2.47 2.47 0 0 1 0 3.5l-3.88 3.88a1 1 0 1 0 1.42 1.42l3.88-3.89a4.49 4.49 0 0 0 0-6.33ZM8.83 15.17a1 1 0 0 0 1.1.22 1 1 0 0 0 .32-.22l4.92-4.92a1 1 0 0 0-1.42-1.42l-4.92 4.92a1 1 0 0 0 0 1.42Z\"></path></svg>\n </a>\n </div>\n <p>As we have discussed in multiple prior blog posts (<a href=\"https://blog.cloudflare.com/not-one-not-two-but-three-undersea-cables-cut-in-jersey\"><u>Jersey, 2016</u></a>; <a href=\"https://blog.cloudflare.com/aae-1-smw5-cable-cuts\"><u>AAE-1/SMW5, 2022</u></a>; <a href=\"https://blog-cloudflare-com.webpkgcache.com/doc/-/s/blog.cloudflare.com/undersea-cable-failures-cause-internet-disruptions-across-africa-march-14-2024\"><u>WACS/MainOne/SAT3/ACE, 2024</u></a>; <a href=\"https://blog.cloudflare.com/east-african-internet-connectivity-again-impacted-by-submarine-cable-cuts/\"><u>EASSy/Seacom, 2024</u></a>), cable cuts often cause significant disruptions to Internet connectivity, in many cases because they represent a concentrated point of vulnerability, whether for an individual network provider, city/state, or country. These disruptions are often quite lengthy as well, due to the time needed to marshal repair resources, identify the location of the damage, etc. Although it is not always feasible due to financial or geographic constraints, building redundant and resilient network architecture, at multiple levels, is a best practice. This includes the sending traffic over multiple physical cables (both submarine and terrestrial), connecting to multiple peer and upstream network providers, and even avoiding single points of failure in core Internet resources like DNS servers.</p><p>The Cloudflare Radar team continually monitors the status of Internet connectivity in countries/regions around the world, and we share our observations on the <a href=\"https://radar.cloudflare.com/outage-center\"><u>Cloudflare Radar Outage Center</u></a>, via social media, and in posts on <a href=\"https://blog.cloudflare.com/tag/cloudflare-radar/\"><u>blog.cloudflare.com</u></a>. Follow us on social media at <a href=\"https://twitter.com/CloudflareRadar\"><u>@CloudflareRadar</u></a> (X), <a href=\"https://noc.social/@cloudflareradar\"><u>https://noc.social/@cloudflareradar</u></a> (Mastodon), and <a href=\"https://bsky.app/profile/radar.cloudflare.com\"><u>radar.cloudflare.com</u></a> (Bluesky), or contact us via email.</p>"],"published_at":[0,"2024-11-20T13:30-08:00"],"updated_at":[0,"2024-11-20T21:47:48.905Z"],"feature_image":[0,"https://cf-assets.www.cloudflare.com/zkvhlag99gkb/3dWoOcmImje5kF6Q7mXg8N/131884a8cd009a8c225d5aa3d64f4b97/BLOG-2626_1.png"],"tags":[1,[[0,{"id":[0,"5kZtWqjqa7aOUoZr8NFGwI"],"name":[0,"Radar"],"slug":[0,"cloudflare-radar"]}],[0,{"id":[0,"0kgHdg1ytbdWl5BNo6bEa"],"name":[0,"Internet Traffic"],"slug":[0,"internet-traffic"]}],[0,{"id":[0,"2ScX2j6LG2ruyaS8eLYhsd"],"name":[0,"Traffic"],"slug":[0,"traffic"]}],[0,{"id":[0,"4yliZlpBPZpOwBDZzo1tTh"],"name":[0,"Outage"],"slug":[0,"outage"]}]]],"relatedTags":[0],"authors":[1,[[0,{"name":[0,"David Belson"],"slug":[0,"david-belson"],"bio":[0,null],"profile_image":[0,"https://cf-assets.www.cloudflare.com/zkvhlag99gkb/en7vkXf6rLBm4F8IcNHXT/645022bf841fabff7732aa3be3949808/david-belson.jpeg"],"location":[0,null],"website":[0,null],"twitter":[0,"@dbelson"],"facebook":[0,null]}]]],"meta_description":[0,"Two recent cable cuts that occurred in the Baltic Sea resulted in little-to-no observable impact to the affected countries, in large part because of the significant redundancy and resilience of Internet infrastructure in Europe.\n"],"primary_author":[0,{}],"localeList":[0,{"name":[0,"blog-english-only"],"enUS":[0,"English for Locale"],"zhCN":[0,"No Page for Locale"],"zhHansCN":[0,"No Page for Locale"],"zhTW":[0,"No Page for Locale"],"frFR":[0,"No Page for Locale"],"deDE":[0,"No Page for Locale"],"itIT":[0,"No Page for Locale"],"jaJP":[0,"No Page for Locale"],"koKR":[0,"No Page for Locale"],"ptBR":[0,"No Page for Locale"],"esLA":[0,"No Page for Locale"],"esES":[0,"No Page for Locale"],"enAU":[0,"No Page for Locale"],"enCA":[0,"No Page for Locale"],"enIN":[0,"No Page for Locale"],"enGB":[0,"No Page for Locale"],"idID":[0,"No Page for Locale"],"ruRU":[0,"No Page for Locale"],"svSE":[0,"No Page for Locale"],"viVN":[0,"No Page for Locale"],"plPL":[0,"No Page for Locale"],"arAR":[0,"No Page for Locale"],"nlNL":[0,"No Page for Locale"],"thTH":[0,"No Page for Locale"],"trTR":[0,"No Page for Locale"],"heIL":[0,"No Page for Locale"],"lvLV":[0,"No Page for Locale"],"etEE":[0,"No Page for Locale"],"ltLT":[0,"No Page for Locale"]}],"url":[0,"https://blog.cloudflare.com/resilient-internet-connectivity-baltic-cable-cuts"],"metadata":[0,{"title":[0],"description":[0,"Two recent cable cuts that occurred in the Baltic Sea resulted in little-to-no observable impact to the affected countries, in large part because of the significant redundancy and resilience of Internet infrastructure in Europe.\n"],"imgPreview":[0,"https://cf-assets.www.cloudflare.com/zkvhlag99gkb/6T4ztbR519lnRjX8eJFjvT/9b9524506c64906111ed02543f720bfe/OG_Share_2024__3_.png"]}]}],[0,{"id":[0,"Vn5VV2dLkJbOn1YNqSSBv"],"title":[0,"Cloudflare’s perspective of the October 30 OVHcloud outage"],"slug":[0,"cloudflare-perspective-of-the-october-30-2024-ovhcloud-outage"],"excerpt":[0,"On October 30, 2024, cloud hosting provider OVHcloud (AS16276) suffered a brief but significant outage. Within this post, we review Cloudflare’s perspective on this outage."],"featured":[0,false],"html":[0,"<p>On October 30, 2024, cloud hosting provider <a href=\"https://radar.cloudflare.com/as16276\"><u>OVHcloud (AS16276)</u></a> suffered a brief but significant outage. According to their <a href=\"https://network.status-ovhcloud.com/incidents/qgb1ynp8x0c4\"><u>incident report</u></a>, the problem started at 13:23 UTC, and was described simply as “<i>An incident is in progress on our backbone infrastructure.</i>” OVHcloud noted that the incident ended 17 minutes later, at 13:40 UTC. As a major global cloud hosting provider, some customers use OVHcloud as an origin for sites delivered by Cloudflare — if a given content asset is not in our cache for a customer’s site, we retrieve the asset from OVHcloud.</p><p>We observed traffic starting to drop at 13:21 UTC, just ahead of the reported start time. By 13:28 UTC, it was approximately 95% lower than pre-incident levels. Recovery appeared to start at 13:31 UTC, and by 13:40 UTC, the reported end time of the incident, it had reached approximately 50% of pre-incident levels. </p>\n <figure class=\"kg-card kg-image-card\">\n <Image src=\"https://cf-assets.www.cloudflare.com/zkvhlag99gkb/62w8PcLJ3Q05F1BtA12zUb/6d8ce87f85eb585a7fe0ac02f8cd93d5/image4.jpg\" alt=\"\" class=\"kg-image\" width=\"1556\" height=\"504\" loading=\"lazy\"/>\n </figure><p><sup><i>Traffic from OVHcloud (AS16276) to Cloudflare</i></sup></p><p></p><p>Cloudflare generally exchanges most of our traffic with OVHcloud over peering links. However, as shown below, peered traffic volume during the incident fell significantly. It appears that some small amount of traffic briefly began to flow over transit links from Cloudflare to OVHcloud due to sudden changes in which Cloudflare data centers we were receiving OVHcloud requests. (Peering is a direct connection between two network providers for the purpose of exchanging traffic. Transit is when one network pays an intermediary network to carry traffic to the destination network.) </p>\n <figure class=\"kg-card kg-image-card\">\n <Image src=\"https://cf-assets.www.cloudflare.com/zkvhlag99gkb/2L0IaXd7B5C6RX23iTG5Pf/3fd2489f159e2281d191f157f5695f94/image3.jpg\" alt=\"\" class=\"kg-image\" width=\"1580\" height=\"884\" loading=\"lazy\"/>\n </figure><p>Because we peer directly, we exchange most traffic over our private peering sessions with OVHcloud. Instead, we found OVHcloud routing to Cloudflare dropped entirely for a few minutes, then switched to just a single Internet Exchange port in Amsterdam, and finally normalized globally minutes later.</p><p>As the graphs below illustrate, we normally see the largest amount of traffic from OVHcloud in our Frankfurt and Paris data centers, as <a href=\"https://www.ovhcloud.com/en/about-us/global-infrastructure/regions/\"><u>OVHcloud has large data center presences in these regions</u></a>. However, in that shift to transit, and the shift to an Amsterdam Internet Exchange peering point, we saw a spike in traffic routed to our Amsterdam data center. We suspect the routing shifts are the earliest signs of either internal BGP reconvergence, or general network recovery within AS16276, starting with their presence nearest our Amsterdam peering point.</p>\n <figure class=\"kg-card kg-image-card\">\n <Image src=\"https://cf-assets.www.cloudflare.com/zkvhlag99gkb/yCDGCplEsmqXU7uRifjTU/12176147c10ab6e9a766ee5d788b133a/image2.jpg\" alt=\"\" class=\"kg-image\" width=\"1580\" height=\"910\" loading=\"lazy\"/>\n </figure><p>The <a href=\"https://network.status-ovhcloud.com/incidents/qgb1ynp8x0c4\"><u>postmortem</u></a> published by OVHcloud noted that the incident was caused by “<i>an issue in a network configuration mistakenly pushed by one of our peering partner[s]</i>” and that “<i>We immediately reconfigured our network routes to restore traffic.</i>” One possible explanation for the backbone incident may be a BGP route leak by the mentioned peering partner, where OVHcloud could have accepted a full Internet table from the peer and therefore overwhelmed their network or the peering partner’s network with traffic, or caused unexpected internal BGP route updates within AS16276.</p><p>Upon investigating what route leak may have caused this incident impacting OVHcloud, we found evidence of a maximum prefix-limit threshold being breached on our peering with <a href=\"https://radar.cloudflare.com/as49981\"><u>Worldstream (AS49981)</u></a> in Amsterdam. </p>\n <pre class=\"language-unset\"><code class=\"language-unset\">Oct 30 13:16:53 edge02.ams01 rpd[9669]: RPD_BGP_NEIGHBOR_STATE_CHANGED: BGP peer 141.101.65.53 (External AS 49981) changed state from Established to Idle (event PrefixLimitExceeded) (instance master)</pre></code>\n <p></p><p>As the number of received prefixes exceeded the limits configured for our peering session with Worldstream, the BGP session automatically entered an idle state. This prevented the route leak from impacting Cloudflare’s network. In analyzing <a href=\"https://datatracker.ietf.org/doc/html/rfc7854\"><u>BGP Monitoring Protocol (BMP)</u></a> data from AS49981 prior to the automatic session shutdown, we were able to confirm Worldstream was sending advertisements with AS paths that contained their upstream Tier 1 transit provider.</p><p>During this time, we also detected over 500,000 BGP announcements from AS49981, as Worldstream was announcing routes to many of their peers, visible on <a href=\"https://radar.cloudflare.com/routing/as49981?dateStart=2024-10-30&dateEnd=2024-10-30#bgp-announcements\"><u>Cloudflare Radar</u></a>.</p>\n <figure class=\"kg-card kg-image-card\">\n <Image src=\"https://cf-assets.www.cloudflare.com/zkvhlag99gkb/2YmTSJfXomzeb3mh93JyRH/15c764790576468a47d3760bc7f48153/Screenshot_2024-10-30_at_12.49.25_PM.png\" alt=\"\" class=\"kg-image\" width=\"776\" height=\"307\" loading=\"lazy\"/>\n </figure><p>Worldstream later <a href=\"https://noc.worldstream.nl\"><u>posted a notice</u></a> on their status page, indicating that their network experienced a route leak, causing routes to be unintentionally advertised to all peers:</p><blockquote><p><i>“Due to a configuration error on one of the core routers, all routes were briefly announced to all our peers. As a result, we pulled in more traffic than expected, leading to congestion on some paths. To address this, we temporarily shut down these BGP sessions to locate the issue and stabilize the network. We are sorry for the inconvenience.”</i></p></blockquote><p>We believe Worldstream also leaked routes on an OVHcloud peering session in Amsterdam, which caused today’s impact.</p>\n <div class=\"flex anchor relative\">\n <h2 id=\"conclusion\">Conclusion</h2>\n <a href=\"#conclusion\" aria-hidden=\"true\" class=\"relative sm:absolute sm:-left-5\">\n <svg width=\"16\" height=\"16\" viewBox=\"0 0 24 24\"><path fill=\"currentcolor\" d=\"m12.11 15.39-3.88 3.88a2.52 2.52 0 0 1-3.5 0 2.47 2.47 0 0 1 0-3.5l3.88-3.88a1 1 0 0 0-1.42-1.42l-3.88 3.89a4.48 4.48 0 0 0 6.33 6.33l3.89-3.88a1 1 0 1 0-1.42-1.42Zm8.58-12.08a4.49 4.49 0 0 0-6.33 0l-3.89 3.88a1 1 0 0 0 1.42 1.42l3.88-3.88a2.52 2.52 0 0 1 3.5 0 2.47 2.47 0 0 1 0 3.5l-3.88 3.88a1 1 0 1 0 1.42 1.42l3.88-3.89a4.49 4.49 0 0 0 0-6.33ZM8.83 15.17a1 1 0 0 0 1.1.22 1 1 0 0 0 .32-.22l4.92-4.92a1 1 0 0 0-1.42-1.42l-4.92 4.92a1 1 0 0 0 0 1.42Z\"></path></svg>\n </a>\n </div>\n <p>Cloudflare has written about<a href=\"https://blog.cloudflare.com/cloudflare-1111-incident-on-june-27-2024\"> <u>impactful route leaks</u></a> before, and there are multiple methods available to prevent BGP route leaks from impacting your network. One is setting <a href=\"https://www.rfc-editor.org/rfc/rfc7454.html#section-8\"><u>max prefix-limits</u></a> for a peer, so the BGP session is automatically torn down when a peer sends more prefixes than they are expected to. Other forward-looking measures are<a href=\"https://manrs.org/2023/02/unpacking-the-first-route-leak-prevented-by-aspa/\"> <u>Autonomous System Provider Authorization (ASPA) for BGP</u></a>, where Resource Public Key Infrastructure (RPKI) helps protect a network from accepting BGP routes with an invalid AS path, or<a href=\"https://rfc.hashnode.dev/rfc9234-observed-in-the-wild\"> <u>RFC9234,</u></a> which prevents leaks by tying strict customer, peer, and provider relationships to BGP updates. For improved Internet resilience, we recommend that network operators follow recommendations defined within<a href=\"https://manrs.org/netops/\"> <u>MANRS for Network Operators</u></a>.</p>"],"published_at":[0,"2024-10-30T00:00+00:00"],"updated_at":[0,"2024-10-31T09:34:25.129Z"],"feature_image":[0,"https://cf-assets.www.cloudflare.com/zkvhlag99gkb/1QiwxIoAtIDpjVYA5ds5Si/9764c458d85c5ff1fcbf89d543d7967e/Screenshot_2024-10-30_at_12.42.48_PM.png"],"tags":[1,[[0,{"id":[0,"5kZtWqjqa7aOUoZr8NFGwI"],"name":[0,"Radar"],"slug":[0,"cloudflare-radar"]}],[0,{"id":[0,"3yArjf0gLKZy8ObEDxbNNi"],"name":[0,"Trends"],"slug":[0,"trends"]}],[0,{"id":[0,"4nA5kKyA1tOqFyjHMque21"],"name":[0,"Consumer Services"],"slug":[0,"consumer-services"]}],[0,{"id":[0,"4yliZlpBPZpOwBDZzo1tTh"],"name":[0,"Outage"],"slug":[0,"outage"]}]]],"relatedTags":[0],"authors":[1,[[0,{"name":[0,"Bryton Herdes"],"slug":[0,"bryton"],"bio":[0,null],"profile_image":[0,"https://cf-assets.www.cloudflare.com/zkvhlag99gkb/2CtRZInMXDzWbBSlJZq6ob/cc0d484943cf18a7d24debb3d01a3ece/bryton.jpeg"],"location":[0,null],"website":[0,"https://next-hopself.net/"],"twitter":[0,"@next_hopself"],"facebook":[0,null]}],[0,{"name":[0,"David Belson"],"slug":[0,"david-belson"],"bio":[0,null],"profile_image":[0,"https://cf-assets.www.cloudflare.com/zkvhlag99gkb/en7vkXf6rLBm4F8IcNHXT/645022bf841fabff7732aa3be3949808/david-belson.jpeg"],"location":[0,null],"website":[0,null],"twitter":[0,"@dbelson"],"facebook":[0,null]}],[0,{"name":[0,"Tanner Ryan"],"slug":[0,"tanner"],"bio":[0,"I work on global infrastructure at Cloudflare, helping to build a better Internet."],"profile_image":[0,"https://cf-assets.www.cloudflare.com/zkvhlag99gkb/3iETWecBBWy6tZtJS3gUGI/4bb0b2d0ad262f17985031e9660c292e/tanner.jpg"],"location":[0,"Austin, TX"],"website":[0,"https://txryan.com"],"twitter":[0,"@TheTannerRyan"],"facebook":[0,null]}]]],"meta_description":[0,"On October 30, 2024, cloud hosting provider OVHcloud (AS16276) suffered a brief but significant outage. Within this post, we review Cloudflare’s perspective on this outage."],"primary_author":[0,{}],"localeList":[0,{"name":[0,"blog-english-only"],"enUS":[0,"English for Locale"],"zhCN":[0,"No Page for Locale"],"zhHansCN":[0,"No Page for Locale"],"zhTW":[0,"No Page for Locale"],"frFR":[0,"No Page for Locale"],"deDE":[0,"No Page for Locale"],"itIT":[0,"No Page for Locale"],"jaJP":[0,"No Page for Locale"],"koKR":[0,"No Page for Locale"],"ptBR":[0,"No Page for Locale"],"esLA":[0,"No Page for Locale"],"esES":[0,"No Page for Locale"],"enAU":[0,"No Page for Locale"],"enCA":[0,"No Page for Locale"],"enIN":[0,"No Page for Locale"],"enGB":[0,"No Page for Locale"],"idID":[0,"No Page for Locale"],"ruRU":[0,"No Page for Locale"],"svSE":[0,"No Page for Locale"],"viVN":[0,"No Page for Locale"],"plPL":[0,"No Page for Locale"],"arAR":[0,"No Page for Locale"],"nlNL":[0,"No Page for Locale"],"thTH":[0,"No Page for Locale"],"trTR":[0,"No Page for Locale"],"heIL":[0,"No Page for Locale"],"lvLV":[0,"No Page for Locale"],"etEE":[0,"No Page for Locale"],"ltLT":[0,"No Page for Locale"]}],"url":[0,"https://blog.cloudflare.com/cloudflare-perspective-of-the-october-30-2024-ovhcloud-outage"],"metadata":[0,{"title":[0,"Cloudflare’s perspective of the October 30, 2024, OVHcloud outage"],"description":[0,"On October 30, 2024, cloud hosting provider OVHcloud (AS16276) suffered a brief but significant outage. Within this post, we review Cloudflare’s perspective on this outage."],"imgPreview":[0,"https://cf-assets.www.cloudflare.com/zkvhlag99gkb/7KLbhGDOJJP448hp8wmV80/3f7482a1e948fe2ffb0d35572b6b69bd/OG_Share_2024.png"]}]}]]],"locale":[0,"en-us"],"translations":[0,{"posts.by":[0,"By"],"footer.gdpr":[0,"GDPR"],"lang_blurb1":[0,"This post is also available in {lang1}."],"lang_blurb2":[0,"This post is also available in {lang1} and {lang2}."],"lang_blurb3":[0,"This post is also available in {lang1}, {lang2} and {lang3}."],"footer.press":[0,"Press"],"header.title":[0,"The Cloudflare Blog"],"search.clear":[0,"Clear"],"search.filter":[0,"Filter"],"search.source":[0,"Source"],"footer.careers":[0,"Careers"],"footer.company":[0,"Company"],"footer.support":[0,"Support"],"footer.the_net":[0,"theNet"],"search.filters":[0,"Filters"],"footer.our_team":[0,"Our team"],"footer.webinars":[0,"Webinars"],"page.more_posts":[0,"More posts"],"posts.time_read":[0,"{time} min read"],"search.language":[0,"Language"],"footer.community":[0,"Community"],"footer.resources":[0,"Resources"],"footer.solutions":[0,"Solutions"],"footer.trademark":[0,"Trademark"],"header.subscribe":[0,"Subscribe"],"footer.compliance":[0,"Compliance"],"footer.free_plans":[0,"Free plans"],"footer.impact_ESG":[0,"Impact/ESG"],"posts.follow_on_X":[0,"Follow on X"],"footer.help_center":[0,"Help center"],"footer.network_map":[0,"Network Map"],"header.please_wait":[0,"Please Wait"],"page.related_posts":[0,"Related posts"],"search.result_stat":[0,"Results <strong>{search_range}</strong> of <strong>{search_total}</strong> for <strong>{search_keyword}</strong>"],"footer.case_studies":[0,"Case Studies"],"footer.connect_2024":[0,"Connect 2024"],"footer.terms_of_use":[0,"Terms of Use"],"footer.white_papers":[0,"White Papers"],"footer.cloudflare_tv":[0,"Cloudflare TV"],"footer.community_hub":[0,"Community Hub"],"footer.compare_plans":[0,"Compare plans"],"footer.contact_sales":[0,"Contact Sales"],"header.contact_sales":[0,"Contact Sales"],"header.email_address":[0,"Email Address"],"page.error.not_found":[0,"Page not found"],"footer.developer_docs":[0,"Developer docs"],"footer.privacy_policy":[0,"Privacy Policy"],"footer.request_a_demo":[0,"Request a demo"],"page.continue_reading":[0,"Continue reading"],"footer.analysts_report":[0,"Analyst reports"],"footer.for_enterprises":[0,"For enterprises"],"footer.getting_started":[0,"Getting Started"],"footer.learning_center":[0,"Learning Center"],"footer.project_galileo":[0,"Project Galileo"],"pagination.newer_posts":[0,"Newer Posts"],"pagination.older_posts":[0,"Older Posts"],"posts.social_buttons.x":[0,"Discuss on X"],"search.source_location":[0,"Source/Location"],"footer.about_cloudflare":[0,"About Cloudflare"],"footer.athenian_project":[0,"Athenian Project"],"footer.become_a_partner":[0,"Become a partner"],"footer.cloudflare_radar":[0,"Cloudflare Radar"],"footer.network_services":[0,"Network services"],"footer.trust_and_safety":[0,"Trust & Safety"],"header.get_started_free":[0,"Get Started Free"],"page.search.placeholder":[0,"Search Cloudflare"],"footer.cloudflare_status":[0,"Cloudflare Status"],"footer.cookie_preference":[0,"Cookie Preferences"],"header.valid_email_error":[0,"Must be valid email."],"footer.connectivity_cloud":[0,"Connectivity cloud"],"footer.developer_services":[0,"Developer services"],"footer.investor_relations":[0,"Investor relations"],"page.not_found.error_code":[0,"Error Code: 404"],"footer.logos_and_press_kit":[0,"Logos & press kit"],"footer.application_services":[0,"Application services"],"footer.get_a_recommendation":[0,"Get a recommendation"],"posts.social_buttons.reddit":[0,"Discuss on Reddit"],"footer.sse_and_sase_services":[0,"SSE and SASE services"],"page.not_found.outdated_link":[0,"You may have used an outdated link, or you may have typed the address incorrectly."],"footer.report_security_issues":[0,"Report Security Issues"],"page.error.error_message_page":[0,"Sorry, we can't find the page you are looking for."],"header.subscribe_notifications":[0,"Subscribe to receive notifications of new posts:"],"footer.cloudflare_for_campaigns":[0,"Cloudflare for Campaigns"],"header.subscription_confimation":[0,"Subscription confirmed. Thank you for subscribing!"],"posts.social_buttons.hackernews":[0,"Discuss on Hacker News"],"footer.diversity_equity_inclusion":[0,"Diversity, equity & inclusion"],"footer.critical_infrastructure_defense_project":[0,"Critical Infrastructure Defense Project"]}],"localesAvailable":[1,[]],"footerBlurb":[0,"Cloudflare's connectivity cloud protects <a target='_blank' href='https://www.cloudflare.com/network-services/' rel='noreferrer'>entire corporate networks</a>, helps customers build <a target='_blank' href='https://workers.cloudflare.com/' rel='noreferrer'>Internet-scale applications efficiently</a>, accelerates any <a target='_blank' href='https://www.cloudflare.com/performance/accelerate-internet-applications/' rel='noreferrer'>website or Internet application</a>, <a target='_blank' href='https://www.cloudflare.com/ddos/' rel='noreferrer'>wards off DDoS attacks</a>, keeps <a target='_blank' href='https://www.cloudflare.com/application-security/' rel='noreferrer'>hackers at bay</a>, and can help you on <a target='_blank' href='https://www.cloudflare.com/products/zero-trust/' rel='noreferrer'>your journey to Zero Trust</a>.<br/><br/>Visit <a target='_blank' href='https://one.one.one.one/' rel='noreferrer'>1.1.1.1</a> from any device to get started with our free app that makes your Internet faster and safer.<br/><br/>To learn more about our mission to help build a better Internet, <a target='_blank' href='https://www.cloudflare.com/learning/what-is-cloudflare/' rel='noreferrer'>start here</a>. If you&apos;re looking for a new career direction, check out <a target='_blank' href='http://www.cloudflare.com/careers' rel='noreferrer'>our open positions</a>."]}" ssr client="load" opts="{"name":"Post","value":true}" await-children><main id="post" class="flex flex-row flex-wrap items-center justify-center pt2 pt4-l"><article class="post-full mw-100 ph3 ph0-l fs-20px"><h1 class="f6 f7-l fw4 gray1 pt1 pt3-l mb1">How Syria Turned Off the Internet</h1><p class="f3 fw5 gray5 db di-l mt2">2012-11-29</p><ul class="author-lists flex pl0 mt4"><li class="list flex items-center pr2 mb1-ns"><a href="/author/matthew-prince/" class="static-avatar pr1"><img class="author-profile-image br-100 mr2" src="https://blog.cloudflare.com/cdn-cgi/image/format=auto,dpr=3,width=64,height=64,gravity=face,fit=crop,zoom=0.5/https://cf-assets.www.cloudflare.com/zkvhlag99gkb/1VD9WePJ1jvjFwuSRF0IfQ/5e4f7d5fd4825358b33b2ead623140d8/matthew-prince.jpeg" alt="Matthew Prince" width="62" height="62"/></a><div class="author-name-tooltip"><a href="/author/matthew-prince/" class="fw4 f3 no-underline black mr3">Matthew Prince</a></div></li></ul><section class="post-full-content"><div class="mb2 gray5">3 min read</div><img class="mr2" src="https://cf-assets.www.cloudflare.com/zkvhlag99gkb/5Quh4EHZY3G7rN3VzSqDBd/cbca33ed5b45c02c6788ce6b703629e8/how-syria-turned-off-the-internet.png" alt=""/><div class="post-content lh-copy gray1"><p>Today, 29 November 2012, between 1026 and 1028 (UTC), all traffic from Syria to the rest of the Internet stopped. At CloudFlare, we witnessed the drop off. We've spent the morning studying the situation to understand what happened. The following graph shows the last several days of traffic coming to CloudFlare's network from Syria.</p> <figure class="kg-card kg-image-card "> <Image src="https://cf-assets.www.cloudflare.com/zkvhlag99gkb/15PG5gGBgjyWNgcGPf3m7h/8fdab987395e1c194b84270dd502cb56/cloudflare_syrian_traffic_utc.png.scaled500.png" alt="How Syria Turned Off the Internet" class="kg-image" width="500" height="239" loading="lazy"/> </figure><p>Since the beginning of today's outage, we have received no requests from Syrian IP space. That is a more complete blackout than we've seen when other countries have been cut from the Internet (see, for example, Egypt where while <a href="/what-egypt-shutting-down-the-internet-looks-l">most traffic was cut off some requests still trickled out)</a>.</p><p>The graph above shows two other incidents over the last week. On 25 November 2012 at approximately 0800 UTC we witnessed a 15 minute period during which Syrian traffic was cut to only 13% of normal levels. Again on 27 November 2012 at 0730 UTC, we saw a 15 minute period during which traffic dropped to only 0.2% of normal.</p> <div class="flex anchor relative"> <h3 id="what-happened">What Happened?</h3> <a href="#what-happened" aria-hidden="true" class="relative sm:absolute sm:-left-5"> <svg width="16" height="16" viewBox="0 0 24 24"><path fill="currentcolor" d="m12.11 15.39-3.88 3.88a2.52 2.52 0 0 1-3.5 0 2.47 2.47 0 0 1 0-3.5l3.88-3.88a1 1 0 0 0-1.42-1.42l-3.88 3.89a4.48 4.48 0 0 0 6.33 6.33l3.89-3.88a1 1 0 1 0-1.42-1.42Zm8.58-12.08a4.49 4.49 0 0 0-6.33 0l-3.89 3.88a1 1 0 0 0 1.42 1.42l3.88-3.88a2.52 2.52 0 0 1 3.5 0 2.47 2.47 0 0 1 0 3.5l-3.88 3.88a1 1 0 1 0 1.42 1.42l3.88-3.89a4.49 4.49 0 0 0 0-6.33ZM8.83 15.17a1 1 0 0 0 1.1.22 1 1 0 0 0 .32-.22l4.92-4.92a1 1 0 0 0-1.42-1.42l-4.92 4.92a1 1 0 0 0 0 1.42Z"></path></svg> </a> </div> <p>The Syrian Minister of Information is being <a href="http://www.jpost.com/Headlines/Article.aspx?id=294001">reported assaying</a> that the government did not disable the Internet, but instead the outage was caused by a cable being cut. Specifically: "It is not true that the state cut the Internet. The terrorists targeted the Internet lines, resulting in some regions being cut off." From our investigation, that appears unlikely to be the case.</p><p>To begin, all connectivity to Syria, not just some regions, has been cut. The exclusive provider of Internet access in Syria is the state-run Syrian Telecommunications Establishment. Their network AS number is AS29386. The following network providers typically provide connectivity from Syria to the rest of the Internet: PCCW and Turk Telekom as the primary providers with Telecom Italia and TATA for additional capacity. When the outage happened, the BGP routes to Syrian IP space were all simultaneously withdrawn from all of Syria's upstream providers. The effect of this is that networks were unable to route traffic to Syrian IP space, effectively cutting the country off the Internet.</p><p>Syria has 4 physical cables that connect it to the rest of the Internet. Three are undersea cables that land in the city of Tartous, Syria. The fourth is an over-land cable through Turkey. In order for a whole-country outage, all four of these cables would have had to been cut simultaneously. That is unlikely to have happened.</p> <div class="flex anchor relative"> <h3 id="watching-the-shutdown-happen">Watching the Shutdown Happen</h3> <a href="#watching-the-shutdown-happen" aria-hidden="true" class="relative sm:absolute sm:-left-5"> <svg width="16" height="16" viewBox="0 0 24 24"><path fill="currentcolor" d="m12.11 15.39-3.88 3.88a2.52 2.52 0 0 1-3.5 0 2.47 2.47 0 0 1 0-3.5l3.88-3.88a1 1 0 0 0-1.42-1.42l-3.88 3.89a4.48 4.48 0 0 0 6.33 6.33l3.89-3.88a1 1 0 1 0-1.42-1.42Zm8.58-12.08a4.49 4.49 0 0 0-6.33 0l-3.89 3.88a1 1 0 0 0 1.42 1.42l3.88-3.88a2.52 2.52 0 0 1 3.5 0 2.47 2.47 0 0 1 0 3.5l-3.88 3.88a1 1 0 1 0 1.42 1.42l3.88-3.89a4.49 4.49 0 0 0 0-6.33ZM8.83 15.17a1 1 0 0 0 1.1.22 1 1 0 0 0 .32-.22l4.92-4.92a1 1 0 0 0-1.42-1.42l-4.92 4.92a1 1 0 0 0 0 1.42Z"></path></svg> </a> </div> <p>One of our network engineers recorded the following video of network routes being withdrawn. Syrian Telecommunications (AS29386) is represented by the red dot in the middle of the video. The lines represent routes to the Syrian upstream providers.</p><p>Video created with <a href="http://www.dia.uniroma3.it/~compunet/www/view/tool.php?id=bgplay">BGPlay</a> by Roma Tre University</p><p>Beginning at 1026 UTC, routes were withdrawn for PCCW. The routing shifted primarily to Turk Telekom. Routes to Telecom Italia and TATA were also withdrawn, but has less of an impact. Then, at 1028 UTC, routes were withdrawn for Turk Telekom. After that, Syria was effectively cut off from the Internet. (Note that the remaining path that appears to be present in the video is an anomaly. We have confirmed that it is not actually active.)</p><p>While we cannot know for sure, our network team estimates that Syria likely has a small number of edge routers. All the edge routers are controlled by Syrian Telecommunications. The systematic way in which routes were withdrawn suggests that this was done through updates in router configurations, not through a physical failure or cable cut.</p> <div class="flex anchor relative"> <h3 id="what-syrians-were-surfing-before-the-internet-was-turned-off">What Syrians Were Surfing Before the Internet Was Turned Off</h3> <a href="#what-syrians-were-surfing-before-the-internet-was-turned-off" aria-hidden="true" class="relative sm:absolute sm:-left-5"> <svg width="16" height="16" viewBox="0 0 24 24"><path fill="currentcolor" d="m12.11 15.39-3.88 3.88a2.52 2.52 0 0 1-3.5 0 2.47 2.47 0 0 1 0-3.5l3.88-3.88a1 1 0 0 0-1.42-1.42l-3.88 3.89a4.48 4.48 0 0 0 6.33 6.33l3.89-3.88a1 1 0 1 0-1.42-1.42Zm8.58-12.08a4.49 4.49 0 0 0-6.33 0l-3.89 3.88a1 1 0 0 0 1.42 1.42l3.88-3.88a2.52 2.52 0 0 1 3.5 0 2.47 2.47 0 0 1 0 3.5l-3.88 3.88a1 1 0 1 0 1.42 1.42l3.88-3.89a4.49 4.49 0 0 0 0-6.33ZM8.83 15.17a1 1 0 0 0 1.1.22 1 1 0 0 0 .32-.22l4.92-4.92a1 1 0 0 0-1.42-1.42l-4.92 4.92a1 1 0 0 0 0 1.42Z"></path></svg> </a> </div> <figure class="kg-card kg-image-card "> <Image src="https://cf-assets.www.cloudflare.com/zkvhlag99gkb/2hpWDo3CJCFghm0Mm82iZI/69ba5239c8e693a05aa2445d30490b55/last_site_syrians_accessed.jpg.scaled500.jpg" alt="How Syria Turned Off the Internet" class="kg-image" width="500" height="232" loading="lazy"/> </figure><p>The last four sites on CloudFlare that received requests from Syria inthe seconds before access was cut were:</p><ul><li><p>fotoobook.com - a photo sharing blog</p></li><li><p>aliqtisadi.com - a Syrian news site</p></li><li><p>madinah.com - a Muslim-oriented social network</p></li><li><p>to2.xxx - a porn site (warning: not safe for work)</p></li></ul><p>In other words, traffic from Syrians accessing the Internet in the moments before they were cut off from the rest of the world looks remarkably similar to traffic from any part of the world.</p><p>As we have posted about recently, we <a href="/ceasefires-dont-end-cyberwars">don't believe our role is to take sides in political conflicts</a>. However, we do believe it is our mission to help build a better Internet where everyone can have a voice and access information. It is therefore deeply troubling to the CloudFlare team when we see an entire nation cut off from the ability to access and report information. Our thoughts are with the Syrian people and we hope connectivity, and peace, will be quickly restored.</p><hr/><p><b>UPDATE:</b> Syrian Internet access appears to be at least partiallyrestored as of 1 December 2012 at 1432 UTC. We have confirmed both thatthe BGP routes are reestablished and traffic from both wired and mobiledevices is flowing to CloudFlare's network. We've posted a blog post with more details <a href="/syrian-internet-access-appears-partially-rees">here</a>.</p></div></section><section class="post-full-content flex flex-row flex-wrap mw7 center mb4"><div class="post-content lh-copy w-100 gray1 bt b--gray8 pt4">Cloudflare's connectivity cloud protects <a target='_blank' href='https://www.cloudflare.com/network-services/' rel='noreferrer'>entire corporate networks</a>, helps customers build <a target='_blank' href='https://workers.cloudflare.com/' rel='noreferrer'>Internet-scale applications efficiently</a>, accelerates any <a target='_blank' href='https://www.cloudflare.com/performance/accelerate-internet-applications/' rel='noreferrer'>website or Internet application</a>, <a target='_blank' href='https://www.cloudflare.com/ddos/' rel='noreferrer'>wards off DDoS attacks</a>, keeps <a target='_blank' href='https://www.cloudflare.com/application-security/' rel='noreferrer'>hackers at bay</a>, and can help you on <a target='_blank' href='https://www.cloudflare.com/products/zero-trust/' rel='noreferrer'>your journey to Zero Trust</a>.<br/><br/>Visit <a target='_blank' href='https://one.one.one.one/' rel='noreferrer'>1.1.1.1</a> from any device to get started with our free app that makes your Internet faster and safer.<br/><br/>To learn more about our mission to help build a better Internet, <a target='_blank' href='https://www.cloudflare.com/learning/what-is-cloudflare/' rel='noreferrer'>start here</a>. If you're looking for a new career direction, check out <a target='_blank' href="https://www.cloudflare.com/careers" rel='noreferrer'>our open positions</a>.</div></section><div class="pv2 ph0-l mw7 center" id="social-buttons"><div class="mt5-l mt2 mb4 f2 flex flex-row-ns flex-column flex-wrap"><a id="social-button-hn" title="Discuss on Hacker News" href="https://news.ycombinator.com/submitlink?u=https://blog.cloudflare.com/how-syria-turned-off-the-internet" target="_blank" rel="noreferrer" class="mr2-ns mb0-l white link b pv3 ph3 mb3 " style="background-color:#0055DC"><svg version="1.1" id="Layer_1" xmlns="http://www.w3.org/2000/svg" x="0px" y="0px" viewBox="0 0 512 512" class="mr2"><g><path d="M31,31v450h450V31H31z M270.1,287.6v94.9h-28.1v-94.9L165,143.5h31.9L256,254.3l59.1-110.8H347 C347,143.5,270.1,287.6,270.1,287.6z"></path></g></svg><span class="v-mid">Discuss on Hacker News</span></a></div></div><iframe sandbox="allow-scripts allow-popups allow-popups-to-escape-sandbox" title="cloudflare-tv-live-link" id="cloudflare-tv-embed" src="https://cloudflare.tv/embed/live.html" loading="lazy"></iframe><a href="/tag/network/" class="dib pl2 pr2 pt1 pb1 mb2 bg-gray8 no-underline blue3 f2 mr1">Network</a><a href="/tag/bgp/" class="dib pl2 pr2 pt1 pb1 mb2 bg-gray8 no-underline blue3 f2 mr1">BGP</a><a href="/tag/outage/" class="dib pl2 pr2 pt1 pb1 mb2 bg-gray8 no-underline blue3 f2 mr1">Outage</a><a href="/tag/syria/" class="dib pl2 pr2 pt1 pb1 mb2 bg-gray8 no-underline blue3 f2 mr1">Syria</a></article></main><div class="ph3 pv3"><div class=" flex flex-row flex-wrap mw7 center"><div class="w-100 bt b--gray8"><p class="black fw5 f4 mt4">Follow on X</p></div><div class="w-100 pb2"><span>Matthew Prince</span><span class="ph1">|</span><a href="https://x.com/@eastdakota" class="no-underline">@eastdakota</a></div><div class="w-100 pb2"><span>Cloudflare</span><span class="ph2">|</span><a href="https://x.com/@cloudflare" class="no-underline">@cloudflare</a></div></div></div><div data-testid="related-posts-section" class="pv4 ph3 ph0-l flex flex-row flex-wrap mw7 center"><div class="w-100 bt b--gray8"><p class="orange fw5 f4 mt4 ttu">Related posts</p></div><article data-testid="related-posts-article" class="w-100 w-100-m w-50-l ph3 mb4"><p data-testid="related-posts-article-date" class="f3 fw5 gray5" data-iso-date="2025-01-03T14:00+00:00">January 03, 2025 2:00 PM</p><a data-testid="related-posts-article-title" href="/multi-path-tcp-revolutionizing-connectivity-one-path-at-a-time/" class="no-underline gray1 f4 fw5"><h2 class="gray1 f4 fw5 mt2">Multi-Path TCP: revolutionizing connectivity, one path at a time</h2></a><p data-testid="related-posts-article-excerpt" class="gray1 lh-copy">Multi-Path TCP (MPTCP) leverages multiple network interfaces, like Wi-Fi and cellular, to provide seamless mobility for more reliable connectivity. While promising, MPTCP is still in its early stages,...</p><ul class="flex pl0 fw6 f2 mb3 flex flex-wrap"><span>By </span><li class="list flex items-center" style="white-space:nowrap"><div class="author-name-tooltip"><a href="/author/marek-majkowski/" class="fw5 f2 black no-underline">Marek Majkowski</a></div></li></ul><div data-testid="related-posts-article-tags" class="flex flex-row flex-wrap"><span><a href="/tag/tcp/" class="no-underline f1 fw2 blue3 underline-hover">TCP,</a> </span><span><a href="/tag/network/" class="no-underline f1 fw2 blue3 underline-hover">Network,</a> </span><span><a href="/tag/linux/" class="no-underline f1 fw2 blue3 underline-hover">Linux,</a> </span><span><a href="/tag/deep-dive/" class="no-underline f1 fw2 blue3 underline-hover">Deep Dive</a> </span></div></article><article data-testid="related-posts-article" class="w-100 w-100-m w-50-l ph3 mb4"><p data-testid="related-posts-article-date" class="f3 fw5 gray5" data-iso-date="2024-12-09T14:05+00:00">December 09, 2024 2:05 PM</p><a data-testid="related-posts-article-title" href="/radar-2024-year-in-review/" class="no-underline gray1 f4 fw5"><h2 class="gray1 f4 fw5 mt2">Cloudflare 2024 Year in Review</h2></a><p data-testid="related-posts-article-excerpt" class="gray1 lh-copy">The 2024 Cloudflare Radar Year in Review is our fifth annual review of Internet trends and patterns at both a global and country/region level....</p><ul class="flex pl0 fw6 f2 mb3 flex flex-wrap"><span>By </span><li class="list flex items-center" style="white-space:nowrap"><div class="author-name-tooltip"><a href="/author/david-belson/" class="fw5 f2 black no-underline">David Belson</a></div></li></ul><div data-testid="related-posts-article-tags" class="flex flex-row flex-wrap"><span><a href="/tag/year-in-review/" class="no-underline f1 fw2 blue3 underline-hover">Year in Review,</a> </span><span><a href="/tag/cloudflare-radar/" class="no-underline f1 fw2 blue3 underline-hover">Radar,</a> </span><span><a href="/tag/trends/" class="no-underline f1 fw2 blue3 underline-hover">Trends,</a> </span><span><a href="/tag/internet-traffic/" class="no-underline f1 fw2 blue3 underline-hover">Internet Traffic,</a> </span><span><a href="/tag/outage/" class="no-underline f1 fw2 blue3 underline-hover">Outage,</a> </span><span><a href="/tag/internet-quality/" class="no-underline f1 fw2 blue3 underline-hover">Internet Quality,</a> </span><span><a href="/tag/security/" class="no-underline f1 fw2 blue3 underline-hover">Security</a> </span></div></article><article data-testid="related-posts-article" class="w-100 w-100-m w-50-l ph3 mb4"><p data-testid="related-posts-article-date" class="f3 fw5 gray5" data-iso-date="2024-11-20T13:30-08:00">November 20, 2024 9:30 PM</p><a data-testid="related-posts-article-title" href="/resilient-internet-connectivity-baltic-cable-cuts/" class="no-underline gray1 f4 fw5"><h2 class="gray1 f4 fw5 mt2">Resilient Internet connectivity in Europe mitigates impact from multiple cable cuts</h2></a><p data-testid="related-posts-article-excerpt" class="gray1 lh-copy">Two recent cable cuts that occurred in the Baltic Sea resulted in little-to-no observable impact to the affected countries, in large part because of the significant redundancy and resilience of Internet infrastructure in Europe. ...</p><ul class="flex pl0 fw6 f2 mb3 flex flex-wrap"><span>By </span><li class="list flex items-center" style="white-space:nowrap"><div class="author-name-tooltip"><a href="/author/david-belson/" class="fw5 f2 black no-underline">David Belson</a></div></li></ul><div data-testid="related-posts-article-tags" class="flex flex-row flex-wrap"><span><a href="/tag/cloudflare-radar/" class="no-underline f1 fw2 blue3 underline-hover">Radar,</a> </span><span><a href="/tag/internet-traffic/" class="no-underline f1 fw2 blue3 underline-hover">Internet Traffic,</a> </span><span><a href="/tag/traffic/" class="no-underline f1 fw2 blue3 underline-hover">Traffic,</a> </span><span><a href="/tag/outage/" class="no-underline f1 fw2 blue3 underline-hover">Outage</a> </span></div></article><article data-testid="related-posts-article" class="w-100 w-100-m w-50-l ph3 mb4"><p data-testid="related-posts-article-date" class="f3 fw5 gray5" data-iso-date="2024-10-30T00:00+00:00">October 30, 2024 12:00 AM</p><a data-testid="related-posts-article-title" href="/cloudflare-perspective-of-the-october-30-2024-ovhcloud-outage/" class="no-underline gray1 f4 fw5"><h2 class="gray1 f4 fw5 mt2">Cloudflare’s perspective of the October 30 OVHcloud outage</h2></a><p data-testid="related-posts-article-excerpt" class="gray1 lh-copy">On October 30, 2024, cloud hosting provider OVHcloud (AS16276) suffered a brief but significant outage. Within this post, we review Cloudflare’s perspective on this outage....</p><ul class="flex pl0 fw6 f2 mb3 flex flex-wrap"><span>By </span><li class="list flex items-center" style="white-space:nowrap"><div class="author-name-tooltip"><a href="/author/bryton/" class="fw5 f2 black no-underline">Bryton Herdes</a><span class="fw5 f2 black no-underline">, </span></div></li><li class="list flex items-center" style="white-space:nowrap"><div class="author-name-tooltip"><a href="/author/david-belson/" class="fw5 f2 black no-underline">David Belson</a><span class="fw5 f2 black no-underline">, </span></div></li><li class="list flex items-center" style="white-space:nowrap"><div class="author-name-tooltip"><a href="/author/tanner/" class="fw5 f2 black no-underline">Tanner Ryan</a></div></li></ul><div data-testid="related-posts-article-tags" class="flex flex-row flex-wrap"><span><a href="/tag/cloudflare-radar/" class="no-underline f1 fw2 blue3 underline-hover">Radar,</a> </span><span><a href="/tag/trends/" class="no-underline f1 fw2 blue3 underline-hover">Trends,</a> </span><span><a href="/tag/consumer-services/" class="no-underline f1 fw2 blue3 underline-hover">Consumer Services,</a> </span><span><a href="/tag/outage/" class="no-underline f1 fw2 blue3 underline-hover">Outage</a> </span></div></article></div></astro-island><footer class="pt4 pb4 pl1 pr1 main-footer"><div class="mw8 center dn db-l ph3"><div class="flex flex-row justify-between"><div class="main-footer__menu-group"><ul id="getting-started-menu" class="list pl0"><li class="pt1 pb1 f1 main-footer__menu-group__header js-toggle-footer-group" data-submenu="getting-started-menu">Getting Started<i class="icon-caret-down"></i></li><li class="pt1 pb1"><a href="https://www.cloudflare.com/plans/free/" target="_blank" data-tracking-category="footer" data-tracking-action="click" data-tracking-label="free-plans" class="f1 blue3 no-underline underline-hover" rel="noreferrer">Free plans</a></li><li class="pt1 pb1"><a href="https://www.cloudflare.com/enterprise/" target="_blank" data-tracking-category="footer" data-tracking-action="click" data-tracking-label="enterprise" class="f1 blue3 no-underline underline-hover" rel="noreferrer">For enterprises</a></li><li class="pt1 pb1"><a href="https://www.cloudflare.com/plans/" target="_blank" data-tracking-category="footer" data-tracking-action="click" data-tracking-label="compare-plans" class="f1 blue3 no-underline underline-hover" rel="noreferrer">Compare plans</a></li><li class="pt1 pb1"><a href="https://www.cloudflare.com/about-your-website/" target="_blank" data-tracking-category="footer" data-tracking-action="click" data-tracking-label="get-a-recommendation" class="f1 blue3 no-underline underline-hover" rel="noreferrer">Get a recommendation</a></li><li class="pt1 pb1"><a href="https://www.cloudflare.com/plans/enterprise/demo/" target="_blank" data-tracking-category="footer" data-tracking-action="click" data-tracking-label="request-a-demo" class="f1 blue3 no-underline underline-hover" rel="noreferrer">Request a demo</a></li><li class="pt1 pb1"><a href="https://www.cloudflare.com/plans/enterprise/contact/" target="_blank" data-tracking-category="footer" data-tracking-action="click" data-tracking-label="contact-sales" class="f1 blue3 no-underline underline-hover" rel="noreferrer">Contact Sales</a></li></ul></div><div class="main-footer__menu-group"><ul id="company-menu" class="list pl0"><li class="pt1 pb1 f1" data-submenu="company-menu">Resources<i class="icon-caret-down"></i></li><li class="pt1 pb1"><a href="https://www.cloudflare.com/learning/" target="_blank" data-tracking-category="footer" data-tracking-action="click" data-tracking-label="learning-center" class="f1 blue3 no-underline underline-hover" rel="noreferrer">Learning Center</a></li><li class="pt1 pb1"><a href="https://www.cloudflare.com/analysts/" target="_blank" data-tracking-category="footer" data-tracking-action="click" data-tracking-label="analysts-report" class="f1 blue3 no-underline underline-hover" rel="noreferrer">Analyst reports</a></li><li class="pt1 pb1"><a href="https://radar.cloudflare.com/" target="_blank" data-tracking-category="footer" data-tracking-action="click" data-tracking-label="overview" class="f1 blue3 no-underline underline-hover" rel="noreferrer">Cloudflare Radar</a></li><li class="pt1 pb1"><a href="https://cloudflare.tv/" target="_blank" data-tracking-category="footer" data-tracking-action="click" data-tracking-label="tv" class="f1 blue3 no-underline underline-hover" rel="noreferrer">Cloudflare TV</a></li><li class="pt1 pb1"><a href="https://www.cloudflare.com/case-studies/" target="_blank" data-tracking-category="footer" data-tracking-action="click" data-tracking-label="case-studies" class="f1 blue3 no-underline underline-hover" rel="noreferrer">Case Studies</a></li><li class="pt1 pb1"><a href="https://www.cloudflare.com/resource-hub/?resourcetype=Webinar" target="_blank" data-tracking-category="footer" data-tracking-action="click" data-tracking-label="webinars" class="f1 blue3 no-underline underline-hover" rel="noreferrer">Webinars</a></li><li class="pt1 pb1"><a href="https://www.cloudflare.com/resource-hub/?resourcetype=Whitepaper" target="_blank" data-tracking-category="footer" data-tracking-action="click" data-tracking-label="white-papers" class="f1 blue3 no-underline underline-hover" rel="noreferrer">White Papers</a></li><li class="pt1 pb1"><a href="https://developers.cloudflare.com" target="_blank" data-tracking-category="footer" data-tracking-action="click" data-tracking-label="developer-docs" class="f1 blue3 no-underline underline-hover" rel="noreferrer">Developer docs</a></li><li class="pt1 pb1"><a href="https://www.cloudflare.com/the-net/" target="_blank" data-tracking-category="footer" data-tracking-action="click" data-tracking-label="theNet" class="f1 blue3 no-underline underline-hover" rel="noreferrer">theNet</a></li></ul></div><div class="main-footer__menu-group"><ul id="sales-menu" class="list pl0"><li class="pt1 pb1 f1 main-footer__menu-group__header js-toggle-footer-group" data-submenu="sales-menu">Solutions<i class="icon-caret-down"></i></li><li class="pt1 pb1"><a href="https://www.cloudflare.com/connectivity-cloud/" target="_blank" data-tracking-category="footer" data-tracking-action="click" data-tracking-label="connectivity-cloud" class="f1 blue3 no-underline underline-hover" rel="noreferrer">Connectivity cloud</a></li><li class="pt1 pb1"><a href="https://www.cloudflare.com/zero-trust/" target="_blank" data-tracking-category="footer" data-tracking-action="click" data-tracking-label="zero-trust" class="f1 blue3 no-underline underline-hover" rel="noreferrer">SSE and SASE services</a></li><li class="pt1 pb1"><a href="https://www.cloudflare.com/application-services/" target="_blank" data-tracking-category="footer" data-tracking-action="click" data-tracking-label="application-services" class="f1 blue3 no-underline underline-hover" rel="noreferrer">Application services</a></li><li class="pt1 pb1"><a href="https://www.cloudflare.com/network-services/" target="_blank" data-tracking-category="footer" data-tracking-action="click" data-tracking-label="network-services" class="f1 blue3 no-underline underline-hover" rel="noreferrer">Network services</a></li><li class="pt1 pb1"><a href="https://www.cloudflare.com/developer-platform/" target="_blank" data-tracking-category="footer" data-tracking-action="click" data-tracking-label="developer-services" class="f1 blue3 no-underline underline-hover" rel="noreferrer">Developer services</a></li></ul></div><div class="main-footer__menu-group"><ul id="community-menu" class="list pl0"><li class="pt1 pb1 f1 main-footer__menu-group__header js-toggle-footer-group" data-submenu="community-menu">Community<i class="icon-caret-down"></i></li><li class="pt1 pb1"><a href="https://community.cloudflare.com" target="_blank" data-tracking-category="footer" data-tracking-action="click" data-tracking-label="community_hub" class="f1 blue3 no-underline underline-hover" rel="noreferrer">Community Hub</a></li><li class="pt1 pb1"><a href="https://www.cloudflare.com/galileo/" target="_blank" data-tracking-category="footer" data-tracking-action="click" data-tracking-label="galileo" class="f1 blue3 no-underline underline-hover" rel="noreferrer">Project Galileo</a></li><li class="pt1 pb1"><a href="https://www.cloudflare.com/athenian/" target="_blank" data-tracking-category="footer" data-tracking-action="click" data-tracking-label="athenian" class="f1 blue3 no-underline underline-hover" rel="noreferrer">Athenian Project</a></li><li class="pt1 pb1"><a href="https://www.cloudflare.com/campaigns/" target="_blank" data-tracking-category="footer" data-tracking-action="click" data-tracking-label="cloudflare-for-campaigns" class="f1 blue3 no-underline underline-hover" rel="noreferrer">Cloudflare for Campaigns</a></li><li class="pt1 pb1"><a href="https://www.cloudflare.com/partners/technology-partners/cidp/" target="_blank" data-tracking-category="footer" data-tracking-action="click" data-tracking-label="critical-infrastructure-defense-project" class="f1 blue3 no-underline underline-hover" rel="noreferrer">Critical Infrastructure Defense Project</a></li><li class="pt1 pb1"><a href="https://www.cloudflare.com/connect2024/" target="_blank" data-tracking-category="footer" data-tracking-action="click" data-tracking-label="connect-2024" class="f1 blue3 no-underline underline-hover" rel="noreferrer">Connect 2024</a></li></ul></div><div class="main-footer__menu-group"><ul id="support-menu" class="list pl0"><li class="pt1 pb1 f1 main-footer__menu-group__header js-toggle-footer-group" data-submenu="support-menu">Support<i class="icon-caret-down"></i></li><li class="pt1 pb1"><a href="https://support.cloudflare.com" target="_blank" data-tracking-category="footer" data-tracking-action="click" data-tracking-label="help-center" class="f1 blue3 no-underline underline-hover" rel="noreferrer">Help center</a></li><li class="pt1 pb1"><a href="https://www.cloudflarestatus.com" target="_blank" data-tracking-category="footer" data-tracking-action="click" data-tracking-label="status" class="f1 blue3 no-underline underline-hover" rel="noreferrer">Cloudflare Status</a></li><li class="pt1 pb1"><a href="https://www.cloudflare.com/compliance/" target="_blank" data-tracking-category="footer" data-tracking-action="click" data-tracking-label="compliance" class="f1 blue3 no-underline underline-hover" rel="noreferrer">Compliance</a></li><li class="pt1 pb1"><a href="https://www.cloudflare.com/gdpr/introduction/" target="_blank" data-tracking-category="footer" data-tracking-action="click" data-tracking-label="gdpr" class="f1 blue3 no-underline underline-hover" rel="noreferrer">GDPR</a></li><li class="pt1 pb1"><a href="https://www.cloudflare.com/trust-hub/abuse-approach/" target="_blank" data-tracking-category="footer" data-tracking-action="click" data-tracking-label="trust-and-safety" class="f1 blue3 no-underline underline-hover" rel="noreferrer">Trust & Safety</a></li></ul></div><div class="main-footer__menu-group"><ul id="company-menu" class="list pl0"><li class="pt1 pb1 f1 main-footer__menu-group__header js-toggle-footer-group" data-submenu="company-menu">Company<i class="icon-caret-down"></i></li><li class="pt1 pb1"><a href="https://www.cloudflare.com/about-overview/" target="_blank" data-tracking-category="footer" data-tracking-action="click" data-tracking-label="overview" class="f1 blue3 no-underline underline-hover" rel="noreferrer">About Cloudflare</a></li><li class="pt1 pb1"><a href="https://www.cloudflare.com/people/" target="_blank" data-tracking-category="footer" data-tracking-action="click" data-tracking-label="our_team" class="f1 blue3 no-underline underline-hover" rel="noreferrer">Our team</a></li><li class="pt1 pb1"><a href="https://cloudflare.net/" target="_blank" data-tracking-category="footer" data-tracking-action="click" data-tracking-label="investor-relations" class="f1 blue3 no-underline underline-hover" rel="noreferrer">Investor relations</a></li><li class="pt1 pb1"><a href="https://www.cloudflare.com/press/" target="_blank" data-tracking-category="footer" data-tracking-action="click" data-tracking-label="press" class="f1 blue3 no-underline underline-hover" rel="noreferrer">Press</a></li><li class="pt1 pb1"><a href="https://www.cloudflare.com/careers/" target="_blank" data-tracking-category="footer" data-tracking-action="click" data-tracking-label="careers" class="f1 blue3 no-underline underline-hover" rel="noreferrer">Careers</a></li><li class="pt1 pb1"><a href="https://www.cloudflare.com/diversity-equity-and-inclusion/" target="_blank" data-tracking-category="footer" data-tracking-action="click" data-tracking-label="diversity-equity-inclusion" class="f1 blue3 no-underline underline-hover" rel="noreferrer">Diversity, equity & inclusion</a></li><li class="pt1 pb1"><a href="https://www.cloudflare.com/impact/" target="_blank" data-tracking-category="footer" data-tracking-action="click" data-tracking-label="impact-ESG" class="f1 blue3 no-underline underline-hover" rel="noreferrer">Impact/ESG</a></li><li class="pt1 pb1"><a href="https://www.cloudflare.com/network/" target="_blank" data-tracking-category="footer" data-tracking-action="click" data-tracking-label="network_map" class="f1 blue3 no-underline underline-hover" rel="noreferrer">Network Map</a></li><li class="pt1 pb1"><a href="https://www.cloudflare.com/press-kit/" target="_blank" data-tracking-category="footer" data-tracking-action="click" data-tracking-label="press-kit" class="f1 blue3 no-underline underline-hover" rel="noreferrer">Logos & press kit</a></li><li class="pt1 pb1"><a href="https://www.cloudflare.com/partners/" target="_blank" data-tracking-category="footer" data-tracking-action="click" data-tracking-label="partners" class="f1 blue3 no-underline underline-hover" rel="noreferrer">Become a partner</a></li></ul></div></div></div><div class="mw8 center ph3"><div class="flex flex-row flex-wrap justify-center md:justify-between items-center pt4"><div class="flex flex-row space-x-4 items-start w-25-l pb4 pb0-l"><a target="_blank" rel="noreferrer" href="https://www.facebook.com/Cloudflare/" class="w-8"><img class="w-8" src="https://www.cloudflare.com/img/footer/facebook.svg" alt="facebook"/></a><a target=" _blank" rel="noreferrer" href="https://x.com/Cloudflare" class="w-8"><img class="w-8" src="https://www.cloudflare.com/img/footer/twitter.svg" alt="X"/></a><a target="_blank" rel="noreferrer" href="https://www.linkedin.com/company/cloudflare" class="w-8"><img class="w-8" src="https://www.cloudflare.com/img/footer/linkedin.svg" alt="linkedin"/></a><a target="_blank" rel="noreferrer" href="https://www.youtube.com/cloudflare" class="w-8"><img class="w-8" src="https://www.cloudflare.com/img/footer/youtube.svg" alt="youtube"/></a><a target="_blank" rel="noreferrer" href="https://www.instagram.com/cloudflare" class="w-8"><img class="w-8" src="https://www.cloudflare.com/img/footer/instagram.svg" alt="instagram"/></a></div><div class="w-70-l tr-l tl-ns"><div><span class="main-footer__copyright f1">© 2025 Cloudflare, Inc. </span><span class="main-footer__copyright f1">|</span><a href="https://www.cloudflare.com/privacypolicy/" target="_blank" class="main-footer__copyright f1 no-underline underline-hover" rel="noreferrer"> Privacy Policy </a><span class="main-footer__copyright f1">|</span><a href="https://www.cloudflare.com/website-terms/" target="_blank" class="main-footer__copyright f1 no-underline underline-hover" rel="noreferrer"> Terms of Use </a><span class="main-footer__copyright f1">|</span><a href="https://www.cloudflare.com/disclosure/" target="_blank" class="main-footer__copyright f1 no-underline underline-hover" rel="noreferrer"> Report Security Issues </a><span class="main-footer__copyright f1">|</span><img class="mw2 ph1" src="/images/privacy-options.svg" alt="Privacy Options"/><a href="#cookie-settings" id="ot-sdk-btn" class="ot-sdk-show-settings main-footer__copyright f1 no-underline underline-hover"><span class="brandGray5">Cookie Preferences</span> </a><span class="main-footer__copyright f1">|</span><a href="https://www.cloudflare.com/trademark/" target="_blank" class="main-footer__copyright f1 no-underline underline-hover" rel="noreferrer"> Trademark </a></div></div></div></div></footer></html>

CINXE.COM

How Syria Turned Off the Internet