Are you saying the solution you suggested is the legal way to do it? Is back hauling internet considered illegal.
We shall name the bastion host… Hong Kong.
I get < 1% packet loss going to AWS
I mean, anywhere near 1% packet loss is still absolutely terrible.
It’s really weird I think I just assumed there was a written in stone, this is how you do networking in China. I spent hours searching the net before posting here and there is so much inconsistency in the information. I’m definitely going to await direction from legal before proceeding.
Always, always, always get legal review if you can.
Someone in the business side should have hired a lawyer/law firm to review the business entity creation process in China. That is normally a good place to start. (Wait till you find out how money can always go in to China, but is almost impossible to get out legally)
China’s rules and regulations around tunneling changed in the last 18 months, and were targeted directly at corporate installations.
Having supported multiple BU’s in China across two different companies, I have done both the moderately legal(but way cheaper), and totally legal way of getting traffic out.
- We setup a S2S connection from our UTM box to a SD-WAN company that provided a completely private link out of Shanghai. All L3 gateways were terminated on the UTM box to allow for fine-grained traffic control.
- User device → L3 gateway → S2S to SD-WAN Pizza box → SD-WAN POP in Shanghai → Private link → SD-WAN PoP in Chicago → UTM Box in Corporate
- Current company went through the expense of getting a metro-E line put in between our office in China and our headquarters in Europe.
- This was only because we had 4 different law firms review the encapsulation regulations AND the “data security” laws that have been enacted.
- We previously were not using split-tunneling, and we received multiple scathing notices from China Telecom. Legally, only routes to internal IP-based networks can be published to endpoints in our China location. This means no Google, no Youtube, no Facebook, etc etc.
Personally, I would save the effort for the lawyers…but if you do need to get traffic out. I would suggest immediately turning on split-tunneling, and only securing routes to your internal corporate resources. I know the business side will lose their minds, they always do. Being bought by a foreign entity comes with the assumption that they will get to experience services from outside of China. But be firm and stick to the legal advice you hopefully have received!
Don’t forget though… China Unicom and China Telecom can, and have, walk into your building at any time, rip your equipment out, and replace with their own routers.
Agree with this, as someone who has done this before. There are strict laws around how the setup is allowed to work. Ideally you should work with lawyer’s to do your due diligence to get the setup approved. As far as I am aware the setup with tunnels is only allowed inside a office, you were not allowed to expose this vpn via the internet for staff to use it remotely etc etc.
No Political Posts.
Sorry, it appears that your thread is focused on political discussions that affect very few locales. This subreddit invites redditors from all around the globe, and as such topics that may affect one country or locale does not contribute nor relate to enterprise networking discussions that can be enjoyed by all users. This is not compliant with our rules, and your thread has been removed.
Comments/questions? Don’t hesitiate to message the moderation team,
For the complete list of Rules, please visit: https://www.reddit.com/r/networking/about/rules
The Chinese government would have to agree to let SpaceX build antenna dishes, or ground links, to send and receive data to and from the company’s spacecraft. But that nation routes internet access for its 1.37 billion inhabitants through “the Great Firewall,” a censorship technology that blocks foreign news, mentions of citizen uprisings (like the Tiananmen Square Massacre), or anything else Chinese officials don’t like on the web.
“Obviously, any given country can say it’s illegal to have a ground link. […] And from our standpoint we could conceivably continue to broadcast,” Musk said during the event. “I mean, I’m hopeful that we can structure agreements with various countries to allow communication with their citizens, but it is on a country-by-country basis.”
So what if SpaceX continued to broadcast uncensored internet over China, despite not being given permission?
”If they get upset with us, they can blow our satellites up, which wouldn’t be good," Musk said. “China can do that. So probably we shouldn’t broadcast there.”
Any access out of China that ‘they’ allow is legal. As long as you aren’t posting dissent.
It will be very hard to get a solid “yes, this is legal” answer from anybody within China related to vpn’s, the great firewall of china and encryption. The laws are written in a way that they leave a lot room for interpretation, so the government can read them in a way which fits their current need the most.
Why would you come here to ask if you should? That’s a question for your lawyer and exec team.
Anything is legal as long as you pay the appropriate people.
Try dealing with China.
With CN you get about 20-25% packet loss to AWS during prime time.
Here is CN vs CN2 for China to AWS over SDWAN.
https://imgur.com/gallery/9mGvfbA
Interesting we don’t have an office there just folks working from home using company laptops
Such is life. This is a question constantly popping up, there are answers, and as I said these answers require specific government-granted licenses. You’re not going to solve this by yourself.
A VPN to HK might work-ish, without any guarantee that it’ll work tomorrow, and being sure that it’s 100% illegal unless you go through the registration procedure, which is heavy, cumbersome, and costly.
If you want to discuss with someone who actually is in China and knows the environment, I’m happy to discuss, no sales involved.
If you want to guess and take risks, by all means…
However as China are integrating HK more and more this
maywill break in the future.
Fixed that for ya!
That’s not really true, as there are operators with adequate licenses for that. While I’ll admit that my previous answer was a bit too salesy, the fact if that this is not a technical issue but a regulatory one.
So it’s not something that can be fixed by technical answers.
Even China Telecom has this kind of service
Just asking what people are doing. It’s a weird issue and while I agree it’s a question for lawyers why not ask a networking sub how they deal with networking in China.
Hell, you get 10% packet loss within the country during prime time…