Accessing foreign websites from China is often a problem: they’re either blocked or slow. The GFW (Great Firewall) usually gets the blame for this, but it’s actually just part of the reason. In this article, I’d like to share what we’ve learned with you. Hopefully, it can help you gain a more holistic understanding of the issue.
First contentful paint time is 2.27 times longer
Nothing proves a point better than real data. Last year, a UK client engaged us to perform a website performance test in China, to determine how serious the problem was.
With a carefully designed test strategy, we covered ~80 of the most valuable business scenarios and ran tests on VMs (with the same resource and browser) from 3 major China ISPs and CERNET to mimic real user experience. Here’s what we found:
Overall lighthouse page performance score from China is 15.08% lower compared to the EU
Overall FCP (first contentful paint time) from China is 2.27 times longer than EU
Overall page onload time is 10.07 times longer than EU
Page performance is very unstable
For legitimate reasons, the client cannot deploy their products in mainland China, including buying China CDN (content delivery network) solutions. In essence, this was a test of how foreign CDN solutions work in China. The CDN solutions that were tested were Google and Fastly. According to the client, they had previously tried other CDN solutions, but without leveraging the POP (point of presence) in mainland China, test results were not good.
The two main causes of the issue
Officially, the GFW is called the cross-border data security gateway (though technically, it's not a gateway). A major function of the GFW is to act as an Intrusion Detection System. Without official public details of the architecture and topology, our best guess is that the GFW sits next to the 3 major cross-border internet exchange points from different ISPs (located in Beijing, Shanghai and Guangzhou), then listens to and bypasses the cross-border traffic.
For websites that aren’t blocked, the general consensus on how the GFW affects their performance is that the low quality of service is caused by the Deep Packet Inspection. The GFW mirrors all cross-border traffic to a dedicated analytics unit, which then delivers a score for each destination IP based on how suspicious the connection is deemed to be. This score is then used to determine a packet loss rate to be implemented by GFW routers, resulting in a slowed connection on the client side.
There is another factor, which I believe to be the major contributor: limited cross-border bandwidth.
China has established cross-border connections with twelve of its fourteen neighbors through terrestrial cables, but submarine cables still play a leading role in international communications. There are over 400 submarine cables in the world, but only nine reached mainland China through five landing stations as of 2020, much fewer than the US and UK; by comparison the US had over forty landing stations. The 2020 Global submarine cable engineering technology report from the China Institute of Communications stated that “existing submarine cable resources are not sufficient to meet future requirements.”
The good news is that China is increasingly investing in cross-border bandwidth, according to the 47th China Statistical Report on Internet Development published in February 2021.
What solutions are available?
As individuals, there is no way we can “solve” the GFW and cross-border bandwidth issue, but there are still steps we can take to improve the situation for our clients.
When poor performance is caused by the GFW and insufficient cross-border bandwidth, CDN is the easiest solution. There is no doubt that a CDN solution in mainland China can help, but the prerequisite is ICP (Internet Content Provider) filling/license. For clients who cannot obtain this, neither CDNs nor local deployment are options.
Nearshore deployment might be helpful, but we haven’t tested it thoroughly. Because mainland China has a submarine cable directly connecting to Taiwan, deploying in Taiwan could theoretically be an option.
CSPs (cloud service providers) like Alicloud and Tencent have some acceleration services for their international customers, such as GA, CEN and GAAP. The core of those solutions is leveraging CSP’s DNS services, building a reserve proxy server in places like Hong Kong, and proxying the traffic from mainland China to the real server. Unfortunately, those acceleration services are very expensive and unstable due to policy reasons.
Disclaimer: The statements and opinions expressed in this article are those of the author(s) and do not necessarily reflect the positions of Thoughtworks.