IP-TRANSIT.IR/Batterflyai Media data center location

[Peter2015]

Can anyone confirm that the data center of IP-TRANSIT.IR/Batterflyai Media is actually located in Iran?

When I perform a traceroute to 193.142.30.15/hostby.ip-transit.ir the penultimate hop is 46.33.95.42/az-international-gw.ip4.gtt.net

I asked the staff of Tinet SpA and they told me that 46.33.95.42/az-international-gw.ip4.gtt.net would be located in Frankfurt, but the latency is much to high for that.

On the other hand I got a message from the staff of IP-TRANSIT.IR that they are a Russian company with servers in Iran and that there are no restrictions on the server whatsoever, which is very strange for Iran though, where the whole internet is filtered due to censorship.

Therefore I would like to know if this is really a serious company with Iranian servers or only a fake with a data center anywhere else.
Does anyone already have expriences with IP-TRANSIT.IR/Batterflyai Media?

[WW_P]

Extremely unlikely to be Iran, i would settle at 99.99%+.

In Iran you can *ONLY* get transit from 2 carriers which are both state owned: ICT (Information Technology Company, AS12880) and TIC (Telecommunication Infrastructure Company, AS48159). The only exception to this are the government owned university networks (with Russian transit) and also part government owned Afr@net (with microwave link to Pakistan). This is done for censoring and monitoring reasons and there are zero exceptions to this policy.

If they have anything else they do it illegal via tunnel - There is no nLayer or Tinet POP in Iran (there is in fact no POP at all of anyone except Rostelecom and a Telecom Italia transport landing), nLayer is further US owned and currently NOT allowed to deal with Iranian companies at all. Their ASN also lists only 2 IRR entries: Level3 and Cogent, both US companies (Cogent is HQ in Bermuda but has major US assets) that are not allowed to deal with Iran (directly and indirectly in any way).

They also seem to support paypal - Which also violates the US/EU embargo still in effect.

Very shady, would strongly avoid.

EDIT: 200ms ping from my server in Tehran, and route always ends in Germany - Most likely colocated somewhere in DE.

[timmyware]

You have to consider where the submarine cable that connects Iran for most ISPs. The access actually goes down through the Persian Gulf on SEA-ME-WE-3 cable and up to Marsielle France (I think I spelled that right). Your latency is due to that more than likely. Where are you tracing from and to? Can you please provide a traceroute? I know descent amount about that region and can help you pin-point the location.

[WW_P]

That does not explain how they obtain transit without going through the government which controls all internet access in Iran.

[timmyware]

That does not explain how they obtain transit without going through the government which controls all internet access in Iran.

Don't disagree with you. Just giving why you might see additional latency. A traceroute will prove it all.

[Mark-Hall]

That does not explain how they obtain transit without going through the government which controls all internet access in Iran.

This is not 100% correct. As there are currently other links than government links going to Iran. There is other network provides who are allowed to transit the traffic out and in to Iran like Parsonline which is the case here. The route you are seeing is correct, this is their transit from nord of Iran ( Azerbaijan ) which ends to gtt pop in there.

[WW_P]

As there are currently other links than government links going to Iran

GTT/Tinet does not list any POP in Iran (or AZ) and i cannot find any ASN outside of the universities and ICT/TCI with BGP sessions to other networks - Parsonline (AS16322) has no sessions with any network outside Iran either, their upstreams are ITC and TCI. TCI also has a direct Tinet session yet ping to this network from Tehran is 200ms+.

[Peter2015]

One of my mates is living in Frankfurt and he's having ping times to 46.33.95.42 of nearly 200 ms as well.
On 46.33.95.45 the ping is less than 10 ms, which should be normal.

Here's a traceroute to 193.142.30.15 from Hetzner from http://ping.eu/traceroute/ (click on the small picture, pls):



46.33.95.42 and the target IP 193.142.30.15 nearly have the same ping time, so either GTT/Tinet must have node in Iran or the routing table is faked.

I also found this article: http://www.cloudtacker.com/docs/AS59580 - How Hacking Team Helped RU Special Operations Group with BGP Routing Hijack on BATTERFLYAIMEDIA-AS Batterflyai Media ltd.

IP-TRANSIT.IR says they're hosting their servers at Parsonline DC: http://ip-transit.ir/en/dts-parsonline/, but they use a totally different routing as well as an own AS-Number: http://www.tcpiputils.com/browse/as/59580 compared with http://www.tcpiputils.com/browse/as/16322

The only difference concerning the whois-data lies in the address: Parsonline is located at 224 Khoramshahr ave., No. 6C and Batterflyai Media at 224 Khoramshahr ave No. 5C, both in Theran.

In addition, all of the links at http://www.tcpiputils.com/browse/as/59580 "Top IPs with hosting" don't work, except ip-transit.ir

This is all very strange.

[WW_P]

They also seem to sell HP servers which cannot be exported to Iran (well, many parts of it cannot), not really indicative (other ISPs offer similar specced servers in Iran, obviously illegally imported from Asia) but still strange.

[Peter2015]

The route you are seeing is correct, this is their transit from nord of Iran ( Azerbaijan ) which ends to gtt pop in there.

May I ask you: If GTT/Tinet does have a PoP in Azerbaijan, why can't it be found on their network map?



see: http://www.gtt.net/our-network/network-maps/

As I said: The support of GTT/Tinet told me that az-international-gw.ip4.gtt.net would be located in Frankfurt/Germany.

[timmyware]

Using GTT's looking glass for AS3257 you can clearly see that the 46.33.95.42 is not located in Frankfurt. http://www.as3257.net/lg/ GTT has 3 nodes in Frankfurt. A friend of mine is a network engineer for GTT. GTT does not have a node in Iran. What you are seeing with the 46.33.95.42 address is the IP that GTT assigned to the hosting company for it's BGP connection and it is located in Iran or in Dubai. It is as I originally said, the access into Iran is using the submarine cable SEA-ME-WE-3 and SEA-ME-WE-4. The hosting company bought a 10G or 1G and connected it to GTT's node in Frankfurt. I am not familiar with Iran in terms of what the government allows or disallows, but if it is anything like China I can assure you that it would be very difficult to get a "gray" route into the country and then advertise colocation services on top of that. Also since the only way in or out is over the mountainous terrain into Russia or the submarine cable systems. GTT is not going to stake their business on a gray route. To do that, you don't assign reverse DNS entries to show the path along the way. Since Iran controls the communications in and out of the country you are probably seeing the extra latency due to the Iranian government's censorship firewall. China has firewalls for 1.7 billion people so I am certain that Iran can have firewalls for its much smaller population. The extra 8ms of latency you are seeing may very well be that the circuit landed in a country surrounding Iran and then hops a point-to-point to get there.

[Peter2015]

Using GTT's looking glass for AS3257 you can clearly see that the 46.33.95.42 is not located in Frankfurt. http://www.as3257.net/lg/ GTT has 3 nodes in Frankfurt. A friend of mine is a network engineer for GTT. GTT does not have a node in Iran. What you are seeing with the 46.33.95.42 address is the IP that GTT assigned to the hosting company for it's BGP connection and it is located in Iran or in Dubai. It is as I originally said, the access into Iran is using the submarine cable SEA-ME-WE-3 and SEA-ME-WE-4. The hosting company bought a 10G or 1G and connected it to GTT's node in Frankfurt.

To me this seems to be the most obvious explanation.

Since Iran controls the communications in and out of the country you are probably seeing the extra latency due to the Iranian government's censorship firewall.

I've talked to the staff of Batterflyai Media and they told me that there aren't any restrictions at all.
I was told that Batterflyai is a Russian company with servers in Iran. Maybe they are not affected by censorship if they run their own servers at Parsonline's DC. I mean the routing to Parsonline's own IPs looks totally different, with numerous hops especially in Iran, which are very likely due to filter the traffic.
Could be possible that IP-TRANSIT.IR / Batterflyai Media is the only company where you can rent servers in Iran which are not affected by censorship. So far I haven't tested it yet.

[timmyware]

I don't think either of us will know for sure what is happening there, but I can tell you it doesn't take 150-200ms to get from Iran to Frankfurt. Something is happening there. The only logical explanation is a firewall of some sort because I'm not seeing packet loss for it to be congestion. To give a frame of reference, I can get from a POP in Singapore to Frankfurt in 200ms using SEA-ME-WE-4. You also have to consider that just because there is a firewall doesn't mean the restriction has to be the ports or services that are used. Perhaps from a server in Iran you can't reach Facebook or Twitter, but that is because their ASNs are filtered at the edge. I was just in Shanghai China and I can tell you that using the Internet there is annoying. The government monitors all communications. The only way to get reliable connectivity is to VPN to a proxy host in the USA. That is because it is encrypted and the Chinese government can't monitor your session so they route all VPN traffic around their firewalls. Pakistan does the same thing. They hate Facebook and Twitter so much they tried to ban their IPs at the country edge and screwed up their routing table a few years back and accidentally started announcing Facebook's own prefixes from their own ASN (or was it an accident???). It shut Facebook down for a day practically. I guess they are afraid that people are going to find out there is a world beyond their borders worth exploring and disrupt their autocratic governments.

[Peter2015]

I don't think either of us will know for sure what is happening there, but I can tell you it doesn't take 150-200ms to get from Iran to Frankfurt. Something is happening there.

What strices me most is the e-mail I got from GTT itself.

The question I've asked was:

Where is your node 46.33.95.42 (az-international-gw.ip4.gtt.net) locared?

They gave me this answer:

Hi,


It is in Frankfurt.

Regards,
Adam Krauza,

Network Analyst
GTT NOC
UK: +44 (0) 20 7489 4200
USA Toll Free: +1 877 385 5252, +1 800 583 1388
USA Direct: +1 703 442 5539
www.gtt.net

When I asked:

If 46.33.95.42 is located in Frankfurt, like you said, ping times are much too high.
The next hop should already be in Iran, but there is nearly no time gap between 46.33.95.42 (Germany) and 193.142.30.15 (Iran).

I got this answer:

Do you have a GTT Service ID? Are you a GTT Customer? The IP Address you have enquired about belongs to AS 59580 , therefore you must follow up with themselves directly for further information.
​
Regards,

Bruno Barbosa

Network Analyst
GTT NOC

It doesn't matter from where in the world you ping the server, the route is always:

xe-8-1-1.fra61.ip4.gtt.net => az-international-gw.ip4.gtt.net => hostby.ip-transit.ir

There could be a leased line between xe-8-1-1.fra61.ip4.gtt.net which is obviously in Frankfurt and az-international-gw.ip4.gtt.net which is anywhere else.

[timmyware]

You spoke with a Level 1 tech at the GTT NOC who really doesn't know. He just ran a traceroute and saw that it was hung off the Frankfurt node and just assumed Frankfurt.

[Peter2015]

There must be a way to circumvent Iran's Censorship!

Where is 46.33.95.42 (az-international-gw.ip4.gtt.net) located?

Why is all traffic routed through Frankfurt?

We have direct vlan to Frankfurt. We do not connected in exchange point of Iran because they have some restrictions. If you need more explanation our specialist later can give you an answer.

So where is 46.33.95.42 [az-international-gw.ip4.gtt.net] located? In Dubai, Azerbaijan ...?

I know that there are some restrictions in Iran; for example you cannot browse Facebook, Twitter oder YouTube from that country.
If you don't have these restrictions I would like to know why the Iranian authorities gave you a special permission to go withoout it.

Hi, it's our own private policy and agreements and it's never will be public. Your choice - trust us or find other ISP.
If you not happy about upstream/traceroute - please buy vps direct from Parsonline DC, or here:
http://www.webserve.ir/
We saw the topick: http://www.webhostingtalk.com/showthread.php?t=1517424
But we have not time and wish to start this debates.
We do not owe anything to anybody. And buy from us or not - is the choice of everyone.
Thank you.

Maybe, because it's a Russian company they were granted some special rights to run their own servers at Parsonline's DC with an own VLAN to Frankfurt, but it could also be possible that their servers are located anywhere else.

What do you think?

[WW_P]

Sounds very shady, i highly doubt the Iranian telcos and/or gov would rent a VLAN/Transport link to a not even Iranian company without any censorship and possibility to interfere (crypto etc.)...

[Peter2015]

Actually, they don't answer my question:

OK, but maybe you can at least answer me where 46.33.95.42 / az-international-gw.ip4.gtt.net is located.
GTT/Tinet does not have a PoP near Iran.

We don't want to hire a server with IPs which are geolocated to the Iran, while the data center is located anywhere else.
I hope you understand that.

Sorry, but I think we must close this discussion and close the ticket.
We have our own agreements with Iran government and law enforcement what is possible for foreign companies.

>We don't want to hire a server with IPs which are geolocated to the Iran, while the data center is located anywhere else.
We not ask you buy server/vps from us. This your own choice. Iran have many ISP's , but 95% of them sell you vps/server only if you resident of Iran.

Thank you and have a nice day.

Ticket closed.

[WW_P]

Yea, as said... very shady, i have my doubts in that - consider the following points:

Iranian telcos are multi million dollar enterprises - TCI/ITC have a combined user base of over 10 million customers via various resellers that use their network, not even including universities/dorms - Parsonline on the other hand is one of the smaller players in Iran (especially in hosting) and this ISP has only a /24 (so in "worst" case 255 servers) so i highly doubt they get licensing from gov for a private vlan/transport and it makes simply zero financial sense to obtain that (a Gbit VLAN from Dubai to Germany/France is around 2500EUR, Iran should be in similar if not higher price range). I also know the Iranians (gov, people and telcos) to be extremely reluctant of companies that are not Iran based or having connections to Iran, if they don't give this kind of access to companies like Afranet and Parsonline (which both are excellent connected to gov) i highly doubt a small time Russian "ISP" can obtain it legally.