Helping a Client Overcome China's Great Firewall: Our Experience and Approach
Instead of spending what was forecast to be several $1,000,000 in equipment and hosting fees, not to mention engineering time, the entire solution for this client was less than a $100,000 a year to deploy this proxy. It was a phenomenal win for them. And one of my more favorite projects that I've worked on in recent times of just, you know, having a having a partnership with a client to say, we've got something that we can do here that's off the beaten path. It's a little unusual. It's different from what you would expect to do, but we know it'll work.
Speaker 1:Are you willing to give it a try? I'm gonna try something a little different and talk about how we helped a client get around the great firewall of China for their business. The first thing to know is the great firewall of China exists to enforce policies of the CCP. So this is blocking access to certain traffic or certain content, blocking access to certain websites or applications, and, of course, monitoring those applications and, traffic flowing through for for keywords. Right?
Speaker 1:So this is what we know about the great Chinese firewall. So, there's another piece of this puzzle, and that is just pure capacity. And if you ever talk to a network operator that interconnects or exchanges traffic with China, what they will talk about is a second that they bring up a new peering link, that peering link will immediately saturate at a 100%. So, and this is true across the the big shut networks, China Telecom, China Unicom, China Mobile. These are these are, you know, big, big networks that offer eyeball access.
Speaker 1:So, you know, the second piece of this and and what we talk about in terms of the the great firewall of China isn't really a technology issue. It is a bandwidth and interconnection issue and just trying to shove, you know, think of the visual. Right? If you were trying to, freeways. Right?
Speaker 1:Take a freeway. If you were trying to put, you know, a 1000 cars into an on ramp that's 2 lanes, what's gonna happen? Well, you're gonna have a lot of, cars that can't get hold of the traffic, and you're, you know, onto that freeway in a in a horrible traffic mess. Right? So that's that's kinda how I would explain what happens with these peering links of traffic going to and from other networks globally to China.
Speaker 1:So what do we do here? So let me actually back up. So in this case, my client had a SDK that was loaded into mobile applications to serve advertising. And, you know, the publisher of the application would take their SDK, would put it into their application, would then make, you know, decisions to serve advertisements in their application, and then get paid for those advertisements that were served. Technically, they were not supposed to be in China.
Speaker 1:What happened to them was they found they had some very popular publishers publishing applications into China, into Chinese eyeballs, and all of a sudden their traffic profile and their performance to these eyeballs were absolutely horrendous terrible. And and there were a lot of them. I mean, this was not like a few or dozen or a couple hundred. I mean, we're talking about millions of eyeballs that were trying to actually, interact with this SDK and deliver advertisements. So the traditional sense of how you deal with us if you're, a a SaaS vendor or website, a content company, etcetera, what you're supposed to do is you're supposed to go out and get an ICP license.
Speaker 1:So in order to get an ICP license, you have to have a legal point of presence within China. You have to have a legal represent a representative in China. You then have a type 1 versus type 2 license based on what kind of business you're conducting. Then you have to have your applications hosted and located inside of China. You need to have data centers or, you know, cloud hosting inside of China.
Speaker 1:You need to shift your application and effectively your intellectual property into China. You have to host and manage access to data, and the Chinese, end users' traffic and data profile has to stay in China. And so not only do all these things become very complicated, they're all very expensive. You know, taking and and using and and putting data center in China, taking network access in China, using a cloud platform in China, these things are all compared to, you know, the western world, I mean, in order of, you know, magnitude of 10, 15, 20 x as expensive when you look at it on a on a unit by unit basis. It's also very complicated.
Speaker 1:If you've got an an application that was never designed to be portable, it's running in, in this case, they were running in Amazon US East. That application wasn't designed to, you know, be part, you know, comp, partition, compartmentalized, run-in 2 different places. I mean, there was there was no the amount of energy engineering effort required in order to make that change was just unrealistic, and the cost structure for it was also unrealistic for them. So what did we do? We looked at this really from a standpoint of not a an issue with Great Firewall of China being, you know, policy enforcement or or traffic enforcement, but a capacity issue of just not being able to have consistent network traffic in and out of mainland China and, of course, traversing the Pacific Ocean and then traversing the United States and and landing on, US East.
Speaker 1:So what we did was we went out, we figured out who the primary network access was for this application, who was their top eyeball user of in traffic. And we went to that network operator, and we signed a contract with that network operator to take an internet link, to buy bandwidth from them on the west coast of the United States. So these networks all come and interconnect and peer. And, the west coast of the United States is a really popular place for the Chinese networks to land and to interconnect with other networks. And so, we just went to them and we said, hey, we'd like, a 10 gig circuit from you and we wanna put it into this data center.
Speaker 1:And the rest of the application was pretty straightforward. You know, the other quirk to this, other little thing of this was, you know, you could interconnect with 2 different, you know, most of these operators run multiple networks. So the network we wanted to operate with, we couldn't run BGP with, which is actually better for us in that case. So we had a 10 gig circuit with IPS allocated directly from the, the Chinese network. We landed this in a data center.
Speaker 1:In a data center, we installed a series of proxy servers and a load balancer. Those proxy servers and a load balancer were interconnected with a a network operator that could extend the Direct Connect for us directly to the US East region. In this case, we use MegaPort. And so the network architecture is pretty simplistic. Right?
Speaker 1:A series of servers connected to a Chinese network operator with their IP addresses that were available and accessible to that network with a proxy, proxying traffic across a private interconnection going back to Amazon. And we turned this on thinking that this was gonna work and that this would actually improve things substantially and of course, the proposal and the cost. We made sure to mitigate and manage risk and the risk profile with us because, you know, there's no guarantees, but it performed beautifully. Our client ran this for almost 2 years. They had absolutely no issues with it.
Speaker 1:Yes. Latency was high measured from a cell phone in China because, again, this traffic was traversing through mainland China, across the Pacific Ocean to a proxy on the West Coast of the United States and then across the United States to the Amazon region. So latency was incredibly high, but throughput was great. Latency was predictable. Jitter was low, non existent, and we had consistent dedicated bandwidth for these eyeballs that we're able to size and scale.
Speaker 1:So as the eyeball traffic increased and we knew that utilization was increasing, we were able to manage this and deal with it. And instead of spending what was forecast to be several $1,000,000 in equipment and hosting fees, not to mention engineering time, the entire solution for this client was less than $100,000 a year to deploy this proxy. It was a phenomenal win for them. And one of my more favorite projects that I've worked on in recent times of just, you know, having a having a partnership with a client to say, we've got something that we can do here that's off the beaten path. It's a little unusual.
Speaker 1:It's different from what you would expect to do, but we know it'll work. Are you willing to give it a try? And they said yes, and it paid off gloriously for everybody involved. There's lots of these little stories about how you can take and buck conventional wisdom a little bit and end up with a much better environment, and these are the ones that I love doing the most.
