More than a decade ago, I launched the forerunner to SD-WAN Experts, MPLS Experts, on a project to China. Back then finding out telecom services in another country, let alone another continent, seemed like a mission impossible. China was among the most difficult.\nMuch has changed in our industry. MPLS has given way to SD-WAN, but some things remain the same. We still need global connectivity and China continues to remain a mystery. My story about China blocking VPN traffic\u00a0\u2013 and potentially SD-WAN traffic \u2013 caused quite a stir in the industry, in large part because, like so many things when dealing with China, concrete information remains scarce (particularly for non-native speakers).\nTo recap: According to a notice China Telecom send to one of my customers, the Chinese Government will require commercial Chinese ISPs to block TCP ports 80, 8080, and 443 by January 11, 2018. Port 80 is of course the TCP port commonly used for carrying HTTP traffic; 8080 and 443 are used for carrying HTTPS traffic.\n\u201cI've also seen similar notices from China Telecom circulated on social media,\u201d Yuan Yang, the Beijing correspondent for the Financial Times, wrote to me in an email. \u00a0Commercial ISP customers interested in maintaining access to those ports must register or apply to re-open the port through their local ISP. \u00a0\nNow, we know that China policy blocks some traffic. That\u2019s not new. In June of 2017, several sources reported that China would be blocking consumer VPN traffic. There would be crackdowns on accessing the Internet beyond the Great Firewall \u2013 the world\u2019s most sophisticated state-censorship operation, which employs at least 2 million online censors.\nWhat\u2019s new here are the specifics. China Telecom will be blocking traffic from commercial users starting today. What exactly is a commercial user? What\u2019s the scope of the regulation?\nThe focus on \u201ccommercial users\u201d is particularly important. There are some who\u2019ve suggested that the notice is only targeting external use \u2014 \u00a0companies who sell internet-based services. The Chinese regs (thank you Google Translate) discuss how Internet information service providers (which are different from Internet service providers) must register or else be blocked by their ISPs.\nThe notice I found is effective January 1, 2018. Close to, but not quite the February 1 deadline. (I\u2019m hardly a Chinese telecom lawyer and am the first to admit that my reading of this regulation might be wrong.)\nYang suspects the same. \u201cThe Shanghai Telecom notice you forwarded me lightly suggests the same, since it asks companies to provide their ICP license \u2013 only internet companies would usually consider applying for an ICP license. But it's not conclusive as to who it's addressed at,\u201d she says.\nIf indeed only \u201cInternet companies\u201d are being targeted \u2013 and by that we mean companies selling goods and services to online customers \u2013 then IT managers may be able to breathe a sigh of relief. I\u2019m still uncertain how many companies who don\u2019t sell anything online, but if the description is accurate, at least as far as SD-WAN systems are concerned, IT operations should remain unaffected in most cases.\nSD-WAN appliances are typically used within companies, which would put them outside of regulatory scope. That\u2019s good, since they rely on Internet access to some degree, blocking 443 (and certainly port 80 and 8080) would most likely disrupt many SD-WAN solutions.\nEven hybrid WANs that mix MPLS and Internet could be impacted, at least indirectly. \u00a0They\u2019ll work fine for those applications running across the private data service, but will be disrupted when failing over to the Internet or sending traffic across the encrypted Internet tunnel as the primary traffic driver. If the regulations do not target internal use, though, then SD-WANs site-to-site VPNs run by\u00a0companies should not face a problem.\nSounds good, right? But here\u2019s the rub: my customer isn\u2019t an \u201cinternet\u201d company. It\u2019s also not unique in receiving such as notice. \u201cI have also heard of non-internet companies that have been affected,\u201d wrote Yang.\nAs it turns out there are cases when \u201cnon-internet\u201d companies have registered their VPNs. As I was finishing up on this blog, Yang wrote back with the following:\n\u201cI spoke to a western multinational in Beijing (a professional services firm not an internet\/tech-related company) who had successfully registered their company-internal VPN with the authorities a couple of years ago, when the regulations over VPNs first came out. The registration process was NOT the same as the ICP licensing process. So, it is possible to register your company-internal VPN.\u201d\nA bit lost? You\u2019re not alone. \u201cI have spoken to tech lawyers in Beijing who have also said their clients are confused.\u201d \u00a0So am I, to be honest.\nAnd there\u2019s more. Is the regulation only blocking those ports within China or will traffic exiting China on those ports also be subject to the regulations? Difficult to say. One way around the issue would seem to use private data service, such as a leased line or MPLS circuit. China Telecom (not surprisingly) offers such a service.\nBut that\u2019s hardly a solution. MPLS services are expensive, cumbersome to deploy, and the Chinese government still has the right to inspect your traffic. \u00a0The whole point for SD-WAN is to move away from private data services not adopt them. Besides, it\u2019ll probably take you longer to get your MPLS circuit deployed than it will to find out the scope of the regulation.\nIn my last article, I recommended you check with your provider. I still think that\u2019s sound advice. And sit tight for now before racing off for a technology decision that might constrain you going forward.\nThe mystery should start clearing up very soon.