If there\u2019s one big lesson about internet availability, it might be coming from Ukraine, where more than a year of Russian attacks have failed to bring down the network.\nAccording to a study by ThousandEyes, which is part of Cisco, the repeated attempts to disrupt access to key Ukrainian web sites have occasionally succeeded, but only for short periods.\nThe most effective defensive strategy proved to be hosting content on global providers\u2019 infrastructure, which demonstrated the most resilience overall, according to ThousandEyes\u2019 \u201cUkraine Internet Analysis \u2013 March 2023\u201d.\n\u201cNetwork-level disruptions were negligible, and the application-layer security in place for most of these sites allowed targeted blocking of traffic (e.g., Russia locations), while enabling the sites to remain largely available to legitimate users,\u201d the study said.\nThousandEyes found two other hosting options\u2014regional providers outside Ukraine and hosting within Ukraine\u2014to be less resilient.\nTo gather data between February 2022 to March 2023, ThousandEyes monitored scores of Ukraine banking, government, and media web sites from vantage points in Kyiv and Kharkiv in Ukraine, Moscow and St. Petersburg in Russia, and from others around the world.\nConnecting to the sites\u2019 web servers to check on their availability and how well the pages were able to load revealed the health of the sites from a network and application perspective, according to Angelique Medina, Head of Internet Intelligence, Cisco ThousandEyes.\nIt also revealed actions Ukraine network administrators were taking to make their sites less susceptible to disruption. For example, in the weeks leading up to the war, some of these sites \u2013 the banking sites in particular \u2013 started migrating their content to global providers. Then the war started, and \u201cwe saw many more in the following weeks,\u201d Medina said.\nThose global providers are difficult to overwhelm via\u00a0DDoS\u00a0assault at a network layer because they are very distributed, so ThousandEyes didn\u2019t typically see behavior indicating that the sites being monitored were unavailable due to network issues, she said.\nThe global providers also had resources to defend against application-layer attacks, which are more difficult to block. Those included filtering out illegitimate traffic using web-application firewalls and validating visitors to the sites to ensure they weren\u2019t bots, Medina said.\nThat wasn\u2019t the case for sites being hosted within Ukraine, where network-related issues were more common. ThousandEyes would observe high levels of packet loss indicating that a site was using BGP to black-hole all traffic headed toward the site, sometimes for days at a time. \u201cSo there were a lot of issues with traffic loss, for example, but we didn\u2019t really see that kind of behavior for sites that were globally hosted, or globally delivered, if you will,\u201d Medina said.\nThe entities in Ukraine were also blocking traffic originating in Russia at the ThousandEyes observation points in Moscow and St. Petersburg.\nIn the case of sites hosted by regional providers that lack a global footprint, availability was greater than that of sites hosted in-country but less than that of the global providers. \u201cRegional hosting providers can leverage a combination of application-layer and network-layer protections against cyber-attacks but may be vulnerable to high-volume attacks when a targeted site is hosted in a single data center,\u201d the ThousandEyes analysis said.\nThere were instances when the vantage point ThousandEyes used in Kharkiv couldn\u2019t reach any sites at all for a few days due to infrastructure problems on the ground. \u201cWe were effectively told that was due to some shelling, but then the connection was restored, and there was no issue,\u201d Medina said.\nThousandEyes also observed efforts within Russia to block certain traffic from reaching users within the country. In one case, apparently by mistake, a network configuration at a Russian ISP resulted in hijacking traffic destined for Twitter, Medina said. That\u2019s an example that all organizations should be mindful of, especially when political conditions might result in intentional BGP hijacking.\nBad actors could steer traffic either toward sites they control or effectively make an organization unavailable to the internet. So it\u2019s important to have an understanding of how traffic is routed across the internet and how to protect it along the way. \u201cI think a lot of organizations don\u2019t really think about their traffic in flight,\u201d Medina said.