Guide to overcome the GFW of China

The most comprehensive analysis of overcome the GFW of China in 2021

What is GFW and why is there GFW?

The Great Firewall (English: Great Firewall, commonly used abbreviation: GFW, Chinese also known as the National Firewall of China, popularly known as the wall, firewall, Kungfu net, etc.) by the people of mainland China, is a system of censorship (including related administrative Review system) collectively. This system started in 1998, and its English name is derived from an article on Chinese Internet censorship written by Charles R. Smith on May 17, 2002, "The Great Firewall of China". With the expansion of use, Chinese "wall" and English "GFW" are sometimes used as verbs. What netizens say "by the wall" means that the content of the website is blocked by the Great Firewall or the communication of the server is blocked. "Climbing the wall" has also been extended to break through Internet censorship to browse blocked websites or use services at home and abroad. The domain name query of the backbone route on UDP port 53 will be detected. Once the domain name accessed does not meet the requirements, the Great Firewall will return an incorrect domain name resolution address.


Why go over the wall and go online scientifically?

Over the wall is to study and work. VPN was first used to help multinational companies connect offices around the world, so that employees in different places can access the company's intranet. In the past, enterprises needed to register with an invitation code to obtain VPN services and log in to overseas mailboxes such as Gmail. With the maturity of technology, ordinary people can get over the wall by downloading applications on their mobile phones. According to conservative estimates, the current number of Chinese Internet users using VPN is 20 to 30 million. Some college students and scholars use VPNs to download materials from foreign libraries, or go to Google Scholar to check the latest published research. People who do foreign trade also need to go over the wall and log in to online stores such as Amazon overseas. Customers may come from all over the world. You need to log in to Gmail to process emails. Many customers need to consult with you through Facebook or WhatsApp. There are countless examples of this kind.

After graduating from a university in Hong Kong in 2010, Liu, a network engineer in Suzhou, returned to his hometown to work in a local software development company. He said that when he was studying abroad, he had become accustomed to the Internet environment in Hong Kong. After returning to the mainland, he felt helpless, so he built his own VPN or downloaded various circumvention software on his mobile phone. Liu said that in his usual work, he would encounter difficult problems from time to time when developing software, and he would need to go over the wall to an overseas network to check the solutions of foreign professional counterparts through Google, or download open source libraries from foreign software sharing forums. This will not only improve work efficiency, but also learn the latest technology. His classmate is now a programmer in a network security company in Wuhan. Before returning home, he worked in a Hong Kong company. After leaving, he will still use the VPN account provided by the original company to browse industry information. After the company cancelled its account, it also used a proxy server to circumvent the wall, but often gave up due to unstable signal and slow transmission speed. For Liu, if he can't achieve over the wall, he has to analyze the software code, find the programming logic, and solve the problem. "What can be done in five minutes may take an hour." Now he will still buy overseas circumvention software to meet his work needs.

LightyearVPN Navigation:

Is it illegal to break the wall?

Is it illegal to use a VPN to circumvent the wall in mainland China? Many people have been discussing this issue. You say it is illegal, but you can see thousands of people are escaping the wall, watching YouTube and Twitter, there are so many foreign trade, academics, and software engineers in China. Are they all invited to have tea? ? You say it is not illegal, but every year you hear people being invited to drink tea, someone being fined for breaking the wall, and even going to jail.

Selective enforcement

In response to the tens of millions of Chinese Internet users who use VPNs, the authorities have adopted "selective law enforcement" measures based on the extent to which the behavior of escaping the wall affects the country and how sensitive the government feels it. If you read a highly politically sensitive website, or spread a remark that the government finds inappropriate after breaking the wall, it is likely to become an obvious law enforcement target and the penalty will be high. As for whether the authorities' crackdown on circumvention is based on network security or other reasons, more cases are needed to judge, and the difference between the two must be clarified in each similar case.

How was "over the wall" detected?

In principle, China's domestic network is connected to foreign networks through a limited number of key nodes, which are equivalent to remote communication hubs. When a user circumvents the wall through a VPN, it must be implemented through these key nodes. At this time, the firewall can identify the IP address at a node based on the information flow transmitted by the VPN. There are various forms of VPNs, and they continue to challenge firewall technology based on their protocols, applications, and device types. In the past few years, China's firewall technology and VPN technology to break through the firewall have been ebb and flow. Some VPNs have an encryption function, which can bypass the firewall without being detected. Even some high-end VPNs have anti-reconnaissance technology. Between investigating and being investigated, one ebbs and flows endlessly.

About going abroad over the wall, you may need to know the following three points:

  1. Do not use "free VPN"

Try not to use free VPNs and free nodes that you can find in the network. First of all, you don't know where these nodes are, and you don't know what programs are running on these servers. If you are lucky, your data, password, account, and browser information may be taken away. There is no free lunch in the world. Many free VPNs are described as phishing VPNs, which means that these programs may be developed by officials to collect user circumvention data, or these VPN providers will sell circumvention data to third parties. If you really want to use a free VPN, please find some more reliable providers. Lightyear VPN provides free SSR node without any back-end SSR server.

  1. Don't spread rumors on the Internet

After you cross the wall for the first time and go abroad, your world is finally opened. At this time, it feels like an information explosion, with tons of information violently hitting you. At this time, you may be very uncomfortable, and blindly follow some information when you see it, and then leave a message and forward it or even move it to China. To watch YouTube and Twitter on the Internet, you must maintain a dialectical thinking and verify the authenticity through multiple channels and multiple languages. Although no one knows who you are after going over the wall, there will be traces left on the Internet.

  1. Do not use security software such as 360

Although software such as 360 will help you clean up your computer, restore network settings, prevent viruses and attacks, it is still called "rogue software" by netizens. Because they may unscrupulously tamper with your computer settings, scan your hard drive, monitor your traffic, and even restrict you from turning over the Internet (Xunlei accelerator). When normal software is running, they will maliciously block it. And many users said that after installing software such as 360, the computer has not become safer, but has become slower and more troublesome. Therefore, there is a natural conflict between circumvention and 360 software. Here you can only choose one of the two. Either choose circumvention software or 360 software. In fact, your computer does not need this kind of software. If you need it, you may not be suitable for PC.

GFW's blocking methods

GFW mainly uses the following methods to achieve network blocking: IP blocking, TCP blocking, DNS hijacking and pollution, and DPI. Knowing these methods may help you go online scientifically and become more "smart" in the field of overcoming the wall.

  • Block IP

GFW introduced IP blocking, which directly blocked the access to the target website. Any data sent by the user to the blocked IP would be intercepted by the wall. At this time, relying on a low-cost method similar to modifying the Hosts file to break through the blockade seems a bit of a fantasy. So, what is the solution? The answer is to set up a proxy server on a clean IP to relay traffic between the target server. So far, GFW has only adopted the blacklist mode. The IPs of websites on the blacklist like Google and Facebook cannot be accessed, and the unblocked IPs that are not on the blacklist can be accessed. So many circumvention methods were born. Almost all of our current circumvention methods are implemented based on the above principles, changing IP. Including VPN, Shadowsocks, V2ray all use this method, but their technical details are different.

  • Block TCP proxy

When your overseas server IP is blocked (blocked) by TCP, you can still send data to the overseas proxy server normally (the client connects to the server), but the proxy server on the overseas proxy server is returning data to you , It must go through GFW, and GFW finds that the sender’s IP (proxy server) is in the blacklist, so it will block and intercept, so that your client will not receive the return data from the server (shown on Shadowsocks) For, timeout or empty connection).

The current proxy software basically uses the TCP protocol to transmit, and the TCP protocol to transmit data requires a handshake link, and the handshake naturally has to go back and forth, so when the wall blocks the backhaul TCP of the overseas proxy server , It will cause the proxy client and the server to fail to complete the handshake, and naturally the proxy cannot be used.

  • Block VPN

To successfully overcome the wall, you must establish a connection with the corresponding remote server, and then use the corresponding protocol for data processing and transmission. The problem lies here. When a circumvention tool establishes a connection with a remote server, if it is unique and conspicuous in a large amount of traffic, it will be easily recognized by GFW and directly block the connection. VPN (especially OPENVPN) and SSH are particularly serious. So now using OpenVPN will often fail to connect.

  • DNS pollution and hijacking

Domestic network operators (China Mobile, China Telecom, China Unicom) have performed some operations on DNS for some purposes, resulting in the failure to obtain the correct IP address through the domain name using the normal Internet settings of the ISP. In order to prevent a certain website from being accessed for certain purposes, some countries or regions will also use this method to block. At present, we visit the website mainly through the domain name, and before actually visiting this website, the domain name needs to be resolved into an IP address through the DNS server. The ordinary DNS service uses UDP protocol without any authentication mechanism. DNS hijacking means returning the IP address of a fake page to you, and DNS pollution means returning the IP address of a page that does not exist. For example, if you use the broadband of China Telecom, China Unicom, and China Mobile, you don't need to set up any DNS server by default. These DNS servers are provided by them. Once it detects that the webpage you are visiting is not allowed, it will return a webpage that does not exist. Many operators also use DNS hijacking to place some advertisements.

  • DPI deep packet inspection

Deep packet inspection (English: Deep packet inspection, abbreviated as DPI), also known as complete packet inspection (complete packet inspection) or information extraction (Information eXtraction, IX), is a computer network packet filtering technology used to inspect By checking the data part of the data packet (may also include its header), to search for protocols that do not match the specification, viruses, spam, intrusion, or use predetermined criteria to determine whether the data packet can pass or need to be routed Other different destinations, or for the purpose of collecting statistics.

When you use a VPN, the VPN establishes a secure encrypted tunnel between our computer and the VPN server, making our Internet traffic difficult to capture. However, using a VPN does not always guarantee privacy. DPI (Deep Packet Inspection) technology can beat VPN encryption technology and can sniff out and identify a lot of information from VPN packets.

The working principle of DPI is divided into two parts:

  • By reading Internet packet metadata (data packet header), this technology can identify what kind of data you are currently connecting, such as playing video, connecting to VPN, etc.

  • In addition, DPI can determine the actual data transmitted by reading the content of the Internet data packet (the body of the data packet).

DPI can go deep into network packets to find data and recognizable patterns. This is done by extensive inspection of incoming and outgoing traffic on the ISP firewall.

Mainstream means of overcoming the wall

There are many circumvention software to choose from. Some of them are still very easy to use in the network environment of mainland China, and some may have been eliminated. If you don't know which one is suitable for you, you can get a general idea through the following introduction.

  • VPN

The full name of VPN is "Virtual Private Network" which means virtual private network. This is an encrypted communication technology. VPN is a general term. There are many protocols, such as PPTP, L2TP, IPSec and OpenVPN. The emergence of VPN is much earlier than GFW. Its main purpose is to realize tunnel encrypted communication, and it pays more attention to data transmission security and network anonymity, so it is not born to overcome the wall. Therefore, the VPN protocol has many problems for overcoming the wall. The most serious is that the traffic characteristics are too obvious, and it is easy to be blocked or interfered under the GFW. GFW has been able to accurately identify the traffic characteristics of most VPN protocols. Although the traffic cannot be decrypted, it can quickly block VPN connections. Therefore, VPN is basically invalid in mainland China, but as a tool for encrypted communication, there is still a huge market overseas. Many softwares with VPN names are technically using network protocols such as OpenVPN. However, because Chinese users understand that VPN = over the wall, many over-the-wall software (such as Lightyear VPN) also carry the word VPN, but the protocol provided is not OpenVPN, but proxy protocols such as Shadowsocks or V2ray.

VPN principleVPN principle

  • Shadowsocks

Shadowsocks, also known as SS, Chinese name Shadowsock, was developed by @clowwindy in 2013. Its birth indicates that the field of overcoming the wall has entered a new pattern. Shadowsocks is also a proxy protocol, but because it is designed specifically for circumventing the wall, Shadowsocks has a strong obfuscation performance compared to VPNs. Compared with HTTP proxy, Shadowsocks has a better encryption scheme. Although encryption is not as good as HTTPS and VPN, it uses mature industrial-grade encryption algorithms. The initial version of SS was developed by clowwindy using Python. Later, after SS became famous, versions developed in different languages ​​and various branches appeared. For example, Go version, Libev version, C++ version, Java version, all have a good open source community, and many enthusiasts are maintaining it. Whether it is a large circumvention software, a self-built VPS, or an "airport", most of them use Shadowsocks as the main network protocol. It is often circulated in the Internet that Shadowsocks has failed and cannot be overturned, but if it fails, why are there so many people using it? There are so many technicians maintaining this project. In 2015, Clowwindy was forced to stop the maintenance of shadowsocks due to a tea incident, and deleted its open source code on GitHub, and the Python version stalled. The more reliable versions are Libev version and Go version, both of which are very Mature branches.

Project V is a collection of tools that can help you build your own basic communication network. The core tool of Project V is called V2Ray, which is mainly responsible for the realization of network protocols and functions, and communicates with other Project V. V2Ray can be run alone or in conjunction with other tools to provide a simple operation process.

V2Ray is a modular circumvention tool that supports multiple protocols and is powerful but complicated to configure. V2Ray is developed by the GO language and also has a very large community maintaining this project. V2Ray supports inbound traffic that can be sent from different outlets according to configuration. Easily implement distribution by region or domain name to achieve optimal network performance. V2Ray can open multiple protocol support at the same time, including Socks, HTTP, Shadowsocks, VMess, etc. The transmission carrier can be set separately for each protocol, such as TCP, mKCP, WebSocket, etc. Support reverse proxy, can realize the function of intranet penetration. Nodes of V2Ray can be disguised as a normal website (HTTPS) to confuse its traffic with normal web traffic to avoid third-party interference. What is the difference between V2Ray and Shadowsocks? The former supports more functions and more choices over the wall, but the configuration is complicated and the kernel is huge; the latter is not so versatile, but the configuration is very simple and lightweight. Both focus on overcoming the wall to overseas networks, rather than focusing on network communication encryption and network anonymity like VPN.

Trojan is a relatively new circumvention software, which is more suitable for China's national conditions at the beginning of its design. It is generally believed that strong encryption and random obfuscation may deceive GFW's blocking mechanism. However, Trojan implemented another idea: imitating the most common HTTPS protocol on the Internet, in order to trick GFW into thinking that it is HTTPS and thus not being recognized. This technology allows the server to bind a domain name and assign an SSL certificate that a normal website would have to the domain name, thus achieving the purpose of concealing the truth. As an emerging proxy software, Trojan has the advantages of lighter weight, simple configuration, convenient use, and faster speed compared with traditional VPNs such as L2TP, PPTP, OPENVPN and mainstream proxy software such as SS, SSR, and V2ray. But because this project is too new, not many people use it, and the community is not mature yet. Have not seen platform applications such as Android and iOS. So maybe you have encountered a problem in use, and you cannot find someone to help you solve it.

There is also a sensitive period over the wall?

The sensitive period is when the firewall suddenly becomes "high" and many circumvention software fail. During the sensitive period, almost all scientific methods of surfing the Internet have become very difficult. Many circumvention software will fail, fail to connect, slow down, frequent disconnections, and serious packet loss problems. IP is also blocked every few hours, or blocked in pieces. At this time, China's Internet is in a state of "martial law" and it is extremely difficult for information to enter and exit. Although it sounds very serious, but every sensitive period lasts for about 1-2 weeks, it will recover, and then you can continue to use the Internet as before.

  • During the Spring Festival (February)

During spring every year, the Internet is not very good. It may be the official reason, or it may be the reason why too many people overcame the wall at home on vacation. The over-the-wall software has become a little harder to use, and the speed will become slower and unstable. But this time is the time to reunite with my family and have a good rest. It may not be obvious in some areas, but this situation may pass within a few days.

  • During the two sessions (March)

This is when the central government is gathering, the external network is basically closed, the major VPN providers and most circumvention software are almost completely paralyzed, basically no nodes can be connected, or very slow. Only a few relatively hidden personal servers can barely connect, but their speed is still very slow, unstable, and often disconnected. It lasted about a week and passed.

  • During National Day (October)

During the National Day holiday, it will be much more difficult to access foreign websites, about seven days. Generally, the wall cannot be successfully climbed from the last day of September and lasts until October 5th and 6th. For example, on the 70th National Day in 2019, almost 99% of VPNs and circumvention software cannot be used. Although this kind of sensitive time has become very difficult to break the wall, it can still be turned out, but it becomes very, very difficult.

Introduction of Chinese Internet Provider

The choice of network operators is also very important, which determines your success rate and user experience. If the election is not good, the money will be spent a lot, and it will become miserable to overcome the wall at the peak.

  • China Telecom

China DianxinChina Dianxin

China Telecom currently has two lines in China, one is trunk 163 (ChinaNet) and the other is CN2. Compared with CN2, some people are used to calling the 163 backbone network as CN1. The core network 163 is the earliest network established by China Telecom. It serves more than 100 million Chinese telecommunications users (including users connected to foreign countries) with normal Internet quality. As a telecommunications user, if you connect to an external network at night, you will always feel stuck and have a high packet loss rate. 99.99% of the reason is due to this network. Every user is crowded and queuing. CN2, the "ChinaNet Next Bearer" network, was put into use in 2005. The initial goal was to provide a reasonable topology, advanced architecture and scientific design to replace the 163 network in the next 10-20 years and become the new backbone network in the future, but it has not been realized so far. CN2 network can transmit voice, data, video, global interconnection and other services at the same time, especially for global connection. Compared with network 163, CN2's low packet loss rate, low latency and light load have attracted many users. According to statistics, among all the network connections of China Telecom, the 163 network handles 85% of the network traffic, and the remaining 15% of the traffic is through the CN2 network. China Telecom’s government enterprise network uses dedicated lines from external networks, and it has also launched a nitrogen bottle (a “telecom boutique network” service) for ordinary broadband Internet users, but I don’t know why (maybe oversold) this service is no longer available . In short, no matter whether the overseas node is a regular line or a specially launched CN2 network optimized version (only applicable to China mainland communications), when domestic users access overseas networks, they will be directly integrated into the CN2 network. When returning or going abroad, all go to sea through Beijing/Shanghai/Guangzhou.

Import and export routing paths are divided into three grades:

  1. 163 net (CN1)
  2. CN2 GT (Global Transfer also known as half-way CN2)
  3. CN2 GIA (Global Internet Access is also called pure CN2/full CN2)

Strategic packet loss will occur during peak hours to reduce the load on the backbone network. Although the total export capacity is the largest and the per capita export capacity ranks second, the 163 telecommunications network has been connected to the international network. During peak hours (the last hop of maritime routing), according to the priority limit on the main network load (QOS), data packets are manually discarded strategically, which further deepens the external network access quality of ordinary telecom users. China Telecom: The problem that users can solve with money is not a problem, and all other problems are caused by "not enough money".

  • China Unicom

The growth momentum of China Unicom's broadband users is not high. China Mobile has recently surpassed the total number of Unicom users. The current market share is the lowest, but this is undoubtedly good news for users. Since China's total international exports are second only to telecommunications users, this means that compared with telecommunications and mobile users, China Unicom users have fewer problems accessing external networks. When ordinary users of China Unicom's broadband access internationally, the per capita bandwidth is the most guaranteed. There are no international boutique network products. In the peak period at night, the selective packet loss on the backbone network is significantly lower than that of China Telecom. The US-Japan line is good.

  • China Mobile

In China Mobile's international network, most of the traffic is carried through the AS9808 network. Tietong's old AS9314 network has almost been abandoned. China Mobile does not have "excellent export network" products. The AS9808 network includes Beijing/Shanghai/Guangzhou marine optical cables. According to the observations of Traceroute, Guangzhou Mobile carries most of the import and export traffic on China Mobile's network, such as China and the United States, China and Southeast Asia. PCCW Hong Kong has an extraordinary relationship with China Mobile. Shanghai Mobile only disperses the export traffic of Guangzhou Mobile, and the traffic through Shanghai Mobile will be transferred to other domestic operators (such as China Unicom) for international communications. Beijing Mobile is mainly responsible for import and export communications with the European region (directly connected, not around the United States). It has not been determined whether strategic packet loss will occur during peak hours to reduce the load on the backbone network. Thanks to broadband services and other means provided by mobile phone users, China Mobile has rapidly accumulated a large number of fixed broadband users. If China's total export volume ranks third, and the total number of users ranks first, then if the total international export volume does not increase significantly, the quality of future Internet access for ordinary mobile users is indeed worrying.

Choice of destination over the wall

After choosing a network operator, it is time to choose the right server. When choosing a server, you need to refer to your network provider and also consider the physical distance between you.

Submarine cable distribution mapSubmarine cable distribution map

  • Hong Kong

The Hong Kong node is the first stop for circumventing the wall in China. Because of the short physical distance and low latency, it can also unlock streaming media sites, such as Netflix and local content websites, after reaching Hong Kong. Therefore, there are many circumvention software for Hong Kong nodes. . Due to the high cost of traffic settlement from Hong Kong to the mainland, the traffic from Hong Kong to the mainland is generally subject to active Qos speed limit at peak times, but CN2 can generally alleviate most of the speed limit problems. The PCCW (PCCW) line is currently between China and Hong Kong or between China and other parts of Southeast Asia and must be transferred from Hong Kong. The domestic line has the best quality except for pure CN2 GIA. The Hong Kong server is also the first choice of many PS4/PS5 players, and the Hong Kong IPLC dedicated line is recommended for host games.

  • Japan

The Japanese node is also very common. Like the Hong Kong node, it carries a huge amount of traffic over the wall from China. There are also many Japanese nodes to choose from, such as AWS, Linode, Azure, Vultr, and Alibaba Cloud. So many technology streamers choose to build their own ladders here. Telecom’s second-generation backbone network to Japan will certainly not be inferior in speed and delay, but the price is really more expensive than IPLC. The key is that his Ctcloud is really not powerful, and only NTT is connected. If it is resources It's Tesltra, KDDI, etc., and they will go around Singapore. I really can't stand it. It is recommended not to send money to Telecom Tianyi Cloud.

  • United States

The United States is also a very popular choice over the wall. There are also many options for unlocking streaming media nodes, and they are very cheap. Although the delay rate is high, the network speed is not slow at all after connection, and the network speed and stability are sometimes better than Hong Kong during the evening peak. It is generally faster to choose West Coast nodes such as Los Angeles, Seattle, and Fremont. The CN2 GIA line in Los Angeles, USA is also very good, but the price is expensive, and it may not be very cost-effective to start personally.

  • Singapore

The connectivity rate of the Singapore node is generally lower than that of other places. Although the distance is not far, the speed is not as good as that of Japan, but it can meet the high flow applications such as oil pipes. Singapore is more dependent on the route optimization of the other party's VPS. In many cases, Unicom's outbound journey will go around NTT in Japan; the return journey will go directly to Guangzhou Unicom or return to Japan. In addition to Alibaba Cloud International Singapore, which is good for the three networks, Unicom users choose Singapore computer rooms carefully.

  • Taiwan

Although Taiwan is geographically very close to the mainland, it is still an unpopular place. The speed is not worse than that of Hong Kong, and it is easy to buy. The price is not as high as that of Hong Kong. However, I don't know why there are very few nodes that provide Taiwan over the wall. Taiwan nodes can also unlock streaming media. The local provider has HiNet. If you connect via BGP relay as a springboard, the speed can take off.

  • Korea

Although South Korea has a very developed local network and the per capita network speed is the highest in the world, the bandwidth to the mainland is expensive, small, and oversold. Even the bandwidth of non-mainland direct connection is very expensive. In general, there are fewer IDCs to choose from. In fact, there are not many routes in South Korea, unless you want to play Hanbok or have business in South Korea. Lightyear VPN is one of the few merchants in South Korea that provides BGP relay servers to South Korea.

  • Europe

Beijing Mobile is mainly responsible for the communication of import and export traffic with Europe. There is also a CN2 GIA line in Frankfurt, Germany, but the price is relatively expensive, and it is generally sold according to traffic. Many lines in Russia are relatively friendly to China Unicom users. They are close to China and do not suffer a loss in geographical location and relatively affordable prices. Unicom uniformly departed from Beijing and passed through the Rostelecom ( line. The quality of the Novosibirsk computer room back and forth is generally better than that of Moscow. There are also Turkish nodes in European routes, and the speed is average, but some people use it because they can buy Netflix member accounts at low prices.

Introduction of the route over the wall

When using circumvention software, you may encounter a variety of proper nouns on the line. These names are all abbreviations, and I don't know what they mean at all, so they have caused a lot of troubles over the wall and the scientific Internet. Here to help you literate some lines and professional terms that you often encounter when over the wall.

  • BGP relay

The full name of BGP is Border Gateway Protocol, which stands for "Border Gateway Protocol". The real meaning of BGP is usually that an IP address is directly connected to the networks of multiple ISPs without going through a third operator. If a server is a BGP transit server, it may be directly connected to the network of China Telecom, China Unicom, China Mobile, Education Network and other network operators, and there is no detour. If a line is marked as a BGP transit, then your connection will be forwarded to a foreign server through this BGP line. After using BGP, the optimization of the line is particularly obvious. The BGP server exit is tunnel forwarding and has a higher priority, the speed will be greatly improved, and the stability will also be increased. The BGP line also goes through the public network and also needs to go through the GFW, but it has a higher level of QoS. In contrast, if you connect directly to a foreign server through a local IP address, your line may be detoured or unstable, so the delay is higher and the network speed is slower.

BGP RelayBGP Relay

  • Native IP and streaming media unlock

The so-called native IP address usually refers to the IP originally belonging to the local operator. The broadcasting country/region is basically the same as the registration country/region, and the general IP library will not misjudge the IP address. Native IP is usually not used for public cloud computing services. IP has a good reputation and can usually be used to watch streaming services such as Netflix, HBO, Hulu, etc. For copyright reasons, many streaming service platforms (such as Netflix) restrict access to certain IP addresses. Usually network operators (such as HKT) have their own IP addresses. For example, their own commercial broadband and home broadband are rarely blocked because most of these IPs are used by the target customers of streaming media service providers. Home broadband IP addresses will not be blocked. Many ISPs have dynamic IP addresses, which are difficult to block accurately. These streaming media service providers are also worried that manslaughter may lead to complaints. For example, after complaining about the IP segment of GCP, you can watch Netflix again. IPs owned by IDC merchants are usually blocked. The larger and more well-known IDCs, such as AWS and Vultr, are more likely to be blocked. Many IDCs will rent the operator's IP to bypass such bans, but this method is not foolproof. Therefore, unless it is commercial broadband and home broadband, other so-called "native IP unlocked streaming media" are likely to overturn.

  • CN2

The full English name of CN2 is Chinatelecom Next Carrier Network, CNCN for short, or CN2. The new generation of global IP backbone network (AS4809) corresponds to the old ChinaNet (telecom named 163). It is a multi-service bearer network that can support applications that integrate data, voice and video services. Compared with the traditional telecommunications network, the VPS server of CN2 line has better quality, lower latency and higher security. A good network line can greatly improve the user experience. Of course, in addition to advanced technology, its high price and the exclusivity of a large number of network resources are also important reasons. It is difficult for ordinary household broadband users to use CN2 lines, and even if they pay twice, they may not be able to use them. Fewer users, fewer servers and more dedicated allocated resources, which can keep the CN2 line running smoothly in most cases. CN2 lines are divided into two types: a CN2 GT and a CN2 GIA. CN2 GIA has a higher level than CN2 GT, and of course the price is higher. The biggest difference from CN2 GT is that CN2 GIA has an independent return link. The provincial/overseas/international backbone nodes all start with 59.43, and there are no nodes starting with 202.97. The best performance on overseas routes, rarely congestion, theoretically the fastest and most stable.

  • IPLC dedicated line

Abbreviation for International Private Leased Circuit, meaning "international dedicated line." IPLC dedicated line refers to point-to-point transmission, intranet dedicated line, and data does not pass through the GFW firewall! For example, the common IPLC Shenzhen-Hong Kong refers to point-to-point transmission from Shenzhen to Hong Kong. This line does not use public networks, does not go through GFW or censorship, and does not have operator QoS. Because it does not occupy the public network, its speed and stability are very good even during peak hours. The principle is that one server is located abroad and the other is in China. All data is sent through the intranet of the two servers. Since the data does not pass through the GFW, it will not be blocked. Because it is an intranet and cannot be detected by a firewall, what we visit at home is a domestic server, and then the domestic server uses the intranet to transfer to a foreign server to help us overcome the wall, so it is extremely fast and stable, and will not be affected The evening peak impact. However, due to the high cost, IPLCs are generally sold according to traffic, so it is very expensive for ordinary users. Since this line delay is very low, but there is no packet loss on the wall, it is used to play games and play foreign servers.

IPLC International Dedicated LineIPLC International Dedicated Line