A clear explanation of what's happening, how it works, and why 87 million people are cut off from the world. Written so anyone can understand.
Since January 8, 2026, internet traffic from Iran has dropped to near-zero. This is a "stealth outage": IPv4 routes appear UP on monitoring tools, but traffic is blocked at the network level. IPv6 was fully withdrawn. Only whitelisted services pass through.
*IPv4 BGP routes are announced but traffic is blocked at the network level (whitelisting)
On January 8, 2026, Iran's internet traffic dropped sharply over a period of hours. By evening, it had fallen to effectively zero. The country had been disconnected from the global internet.
January 1โ13, 2026 (100% = normal levels)
The data shows traffic was normal, even slightly elevated, in the days before. Then on January 8, it collapsed. This pattern is consistent with a coordinated shutdown, not a technical failure.
BGP (Border Gateway Protocol) is how networks announce their existence to the world. The January 2026 shutdown reveals a more sophisticated approach: IPv6 routes were withdrawn, but IPv4 routes remain UP while traffic is blocked, a "stealth outage."
IPv6 withdrawn, IPv4 UP but traffic blocked, January 7โ10, 2026
A dual-protocol approach: IPv6 erased from routing tables, IPv4 kept visible but silenced. Monitoring tools show "normal" while actual connectivity is near-zero.
The internet works by networks announcing where they are. Think of it like an address system: networks tell routers around the world: "To reach us, send traffic here."
This system is called BGP (Border Gateway Protocol). In past shutdowns, Iran withdrew its routes, making the country invisible to global routers. The January 2026 shutdown is different and more sophisticated.
Iran created a "stealth outage." BGP monitoring shows IPv4 as functional, but traffic analysis reveals the block. You need both data sources to see the full picture. The infrastructure works on a selected list of servers and IPs that the government filtered (whitelisted).
Most countries have many connections to the global internet. If one fails, traffic finds another path. Iran is different: all international traffic passes through just two gateways, TIC and IPM, both under state control.
TIC (AS49666, AS12880, AS48159) is operated by the state-controlled Telecommunication Infrastructure Company. IPM (AS6736) is the other gateway. When these two coordinate to block traffic, every Iranian ISP, mobile carriers, home internet providers, businesses, loses their connection to the outside world.
People often ask: "Can't you just use a different DNS server?" or "What if I already know the IP address?" Here's why that doesn't help during a total shutdown.
When you type "google.com" in your browser, your device asks a DNS server: "What's the IP address for google.com?" Once it gets the answer, it connects to that IP address. This is like looking up a phone number in a directory, then calling it.
DNS manipulation was one of the first steps before the full shutdown:
Partial access. Some Iranian websites may still load, but you're likely seeing cached or older versions served by CDNs, not real-time data from servers inside Iran. Direct connections to Iranian IP addresses are blocked or severely degraded.
No. Only state-affiliated infrastructure determine the connections while the civilian access is blocked. There is tarffic coming from "privileged ASNs". The rest of the connections are filtered..
Iran has built a "National Information Network" (NIN/SHOMA) for domestic traffic. During shutdowns, some internal services may remain accessible: government websites, domestic banks, approved apps. But anything requiring international connectivity is blocked.
The shutdown is asymmetric. While the civilian population is blocked from the outside world, state-affiliated infrastructure (banking, government, propaganda) remains online and reachable from the global internet.
The blackout didn't happen instantly. There were warning signs in the days before, followed by a rapid collapse on January 8.
HTTP/3 traffic on IranCell drops from 40% to 5%. Modern encrypted protocols are being restricted.
Traffic rises above normal levels as users anticipate restrictions and download circumvention tools.
most of the traffic is filtered and only traffic from whitelisted set of privilaged addresses are allowed.
Civilianz Traffic drops to effectively zero. Iran seems to be disconnected from the global internet.
University of Tehran, Sharif University, and others are briefly reconnected. Access is cut again within hours.
Traffic remains at <0.01% of normal levels. No restoration in sight.
Iran's limited gateway architecture has enabled increasingly sophisticated shutdowns over time.
People often ask why VPNs or other tools can't restore access during a shutdown. The answer lies in understanding the difference between censorship and disconnection.
Censorship means traffic is being inspected and selectively blocked. Disconnection means the routes don't exist at all. Most tools are designed for the first scenario.
However, this shutdown isn't hermetically sealed. Some paths remain for approved traffic. VPNs and DNS tunnels can sometimes slip through these gaps.
Satellite services like Starlink don't rely on ground-based networks. They're the only technology that remains functional when a country's BGP routes are completely withdrawn.
Phone-to-phone communication via Bluetooth or WiFi allows local coordination without internet. However, this provides no access to the global internet or outside information.
VPNs require some underlying route to exist. During partial shutdowns, they can work through remaining connections: government lines, business networks, or ISPs with incomplete blocks. Reports indicate some users inside Iran are connecting via VPNs through these leaks.
Tools like dnstt hide traffic inside DNS queries. Since DNS is rarely 100% blocked (it would break internal services), some queries leak through. Very slow, but works when VPNs are blocked. Requires a server outside Iran.
Connection is possible but extremely slow and unreliable. Those with technical knowledge and the right tools are getting through, but it's not easy.
These organizations monitor internet connectivity in real-time. Check them for ongoing updates.
Since January 8, 2026, Iran's internet has been at near-zero. 87 million people are cut off from information, from communication, from each other.
A new, more sophisticated shutdown method. BGP monitoring shows "normal" while traffic analysis reveals the block. Harder to detect and document.
Organizations like Cloudflare, OONI, IODA, and NetBlocks are recording this in real-time. This data is crucial for understanding and accountability.