Open in app

Sign in

Write

Sign in

The quickest way to build web presence in China

Aleksandr Guidrevitch
darwinapps
Published in
7 min readJan 3, 2018

China is the second largest economy in the world in 2017 with more than 720 million internet users, the most out of any country in the world and three-times the number of those in the US, so it’s no wonder that every business at least considers building a web presence in the Chinese Mainland.

Photo by Jed Adan on Unsplash

And while having your site translated into a target language works well for most countries of the world, with China it’s simply not enough. Because of…

Limited peering points

China’s internet is run by quite a large number of competing domestic internet providers, with a limited number of peering (traffic exchange) points between them. CloudFlare even admits that sometimes it’s more efficient to route traffic outside the country — across a third party network — and then back.

That means the internet within China is plagued by slow web page and application downloads, failed web pages, and application timeouts (even for users within China). For external sites, the situation is worsened further by …

The Great Firewall of China

The Great Firewall of China, abbreviated to GFW, is not really a firewall. It’s an on-path system that passively mirrors all traffic between China and the rest of the world to their servers for inspection. And as long as the GFW can’t really filter the traffic, it has three main methods of censoring traffic: connection dropping using TCP RST packets, IP address blocking, and DNS poisoning.

I’m not going to review the last two in detail, as they don’t affect the speed of the connection with the external world. Connection dropping, however, requires a little in-depth explanation. There is a special network packet type — TCP RST — that is used to indicate that the connection is not valid, i.e. there is no associated session at the remote side, or that the target port is unreachable. Due to the way TCP protocol is designed, injecting TCP RST packets by the GFW is a little bit of a guesswork, so multiple TCP RST packets must be sent to both sides of the connection in order to drop the connection. And those packets plague the networks, slowing the internet even further, especially considering that it’s susceptible to “overblocking” ( for instance, because the names of party leaders like Hu, Xi and Wen are often sensitive keywords, Chinese terms like xue xi (study), hu luo bo (carrot), and wen du ji (thermometer) are also likely to be banned).

Now, this page contains stop-words and is probably going to be blocked within China. But that’s not the end of the story, because the speed of your site is also affected by…

Physics

Yes, basic physics. The further away the server is, the slower the access is to it within China. It simply takes time for packets to travel 7,000 miles from Beijing to say, Amazon’s us-east-1 datacenter in Virginia - and back.

So how does your site feels like for Chinese visitors?

I personally use http://ce.cloud.360.cn/ to check the speed of an external site from within Chinese mainland. Here is how your site loading time probably looks like for Chinese visitors:

And this is the time to load just the page itself, without assets. The last column (outlined in red), indicates the time it took to physically download the content after the connection was established.

What can you do about it ?

You need somehow to work around the scarcity of peering points, inspection from The Great Firewall, and law of physics.

There are two options for doing so:

  1. Having your site hosted within the Chinese mainland and delivered by a CDN with a good infrastructure to as much provinces as possible
  2. Having it hosted in a location close to Chinese mainland

Having your site hosted inside China

This way:

  1. Your server is physically closer to your audience
  2. You can use a Chinese CDN to fill in the gap with peering
  3. Your server communication can potentially avoid GFW inspections (though generally this is unlikely)

However, to host a site or just cache online content within China, you’ll need an ICP License (ICP Bei An — 备案), and that’s pretty long and bureaucratic story. You can find an excellent step by step guide here. I just want to outline a few important points about the ICP License:

  1. You will need a China-based business with any type of Chinese business license (including Joint-Venture or WOFE)
  2. It allows you to host your site within the mainland, but will not protect you from being taken down at any moment by the GFW

Having a server inside the mainland does not automatically solve peering issues, but it opens a way to legally use a CDN within mainland to alleviate them.

Alternate hosting

If you just need a marketing site (not a web application), and are not willing to go through all the bureaucracy to get an ICP license, the second best option is to host the site close to China. There are multiple locations surrounding China that can deliver reasonable latency for connection within mainland China: Hong Kong, Singapore, Japan, South Korea and Taiwan. The first two, Hong Kong and Singapore, have mature, affordable hosting providers, and more importantly, they have not only English-language websites but English-language support, so it’s easier to communicate with them.

While hosting a site close to China greatly improves latency, there are…

Additional measures to be considered

  1. Don’t use HTTPS. There are two reasons to avoid HTTPS. The first one — and this is rather my personal speculation, is that the GFW should not consider your site suspicious as long as it can inspect traffic to and from your site easily. The second reason is that the SSL handshake protocol involves four sets of messages (sometimes called flights) that are exchanged between the client and server. And in our case, the overhead really counts. If you are inclined to use HTTPS, don’t forget to enable ​OCSP stapling in your web server configuration, as it is disabled by default in both NGINX and Apache and on some managed hosting providers (go check yours). OCSP stapling will save a few packet round trips for visitors.
  2. Your site speed is already impaired by all the peculiarities of the Chinese internet. If your site is slow to respond with content, this will greatly add up the loading speed perception. Cache your content as much as you can for Chinese visitors
  3. Load all the external scripts asynchronously. You never know who will be banned next, but Facebook and Google are banned in China, so scripts from facebook.com (like the share button, audience pixels, etc.) will block your page load.

Here is what one of our client’s sites looks like when hosted in Hong Kong, with HTTP only, served from cache and with disabled integrations:

Not ideal, but good enough. Sometimes this map looks greener, sometimes redder, sometimes grayer, but that really all depends on the internal peering issues (and you can’t really do much about that). What the map confirms is that the site CAN be usable and fairly fast within China.

DNS

In order to route users to your server in a close-to-China location, you need one of the following:

  1. Geo-aware DNS, so that yourcompany.com resolves to its copy in a close-to-China location for Chinese users. This is a must in case localized versions of your site live on the same main domain, i.e. in subdirectories like yourcompany.com/cn/
  2. A 3rd level subdomain on your site, eg cn.yourcompany.com
  3. A separate domain name, eg yourcompany.cn

Both Amazon Route53 and Microsoft Azure Traffic Manager support routing based on geolocation of the user, but it’s not always possible or acceptable to transfer a domain name to any of these services. In this case, either use 3rd level subdomain or go for a…

.CN Domain name

Having an .cn domain provides your visitors with perception of you being a local business, giving you a huge boost in trust. There are two main things you should know about .cn domains:

  1. You can register .cn domain as a foreigner, but you will need to disclose your identity to Chinese authorities
  2. You are allowed to point a .cn domain to a server outside of China

The following documents must be presented to the domain registrar as per CNNIC FAQ:

  1. Personal identification: identification card front page (copied or scanned)
  2. Organization’s identification: Organization Code Certificate (copied or scanned) or business license (copied or scanned)

You can register a .cn domain with most of the local registrars like GoDaddy, but still, these documents must be supplied to the local registrar so they can pass them to the CCNIC.

Summary

This guide pretty much covers all aspects of our experience with rolling out a server for one of our clients in Hong Kong to reach Chinese visitors.

Even though it’s not as straightforward as would be ideal, it turns out there are shortcuts to quickly reach Chinese customers without spending a fortune or time and effort on an ICP License. While these shortcuts probably won’t work well enough for SaaS web applications, they are specifically good for marketing sites. As you can see, with some dedicated effort and elbow grease on the web engineering side, you can absolutely firmly establish your web presence in China.

DarwinApps

Fixing everything that is broken about web development…

darwinapps.com

Web Development
Business Strategy
Great Firewall
China
Business Tactics

--

--

Aleksandr Guidrevitch
darwinapps

Written by Aleksandr Guidrevitch

11 Followers
Writer for

One man army. CTO and co-Founder https://darwinapps.com

Help

Status

About

Careers

Press

Blog

Privacy

Terms

Text to speech

Teams