Asymmetric routing and campus firewall

the problem

Despite Zhejiang University having a clear university-wide policy on domain registration, a Haining campus Information Technology Services (ITS) officer Z told me the campus has its own policy that refuses to follow due to 'security concern'. In other words, the Haining campus refuses to assist with University domain reverse proxy, such that any user who wants to have an Internet-accessible server will have to have its server located elsewhere. In my situation, it means an extra ¥2200/year cost to rent a VPS from ZJU main campus.

The actual scenario is, the Haining campus has internal connections with other ZJU campuses. In my situation, with the service still deployed on a local server, with a forwarded proxy from main campus VPS, any security breach would still happen locally, meaning the 'security concern' is nothing but a poorly made excuse.

Well, since the administrative board is not responsible for users in a typical Chinese-style organization, I will have to fix this issue by myself.

Interestingly, the reverse proxy can be actually configured from the main campus alone, and it should work without problem. So I circumvent the Haining campus ITS and registered a domain reverse proxy directly with the main campus.

The result is, strange. I noticed the server is indeed Internet accessible when applying for an HTTPS certificate, but local tests show that it can not be accessed from within China. In other words, it is accessible only from abroad.

the cause

I spent an entire afternoon trying to figure out why, and with hints from the main campus IT support and traceroute output, I finally discovered that the problem lies in asymmetric routing.

More detailly, all outgoing traffic from the Haining campus is redirected according to its destination. Traffic going abroad is going through the main campus exit, while others directly through the local campus exit. Now since the incoming traffic is all from the main campus entrance, this path is symmetrically routed, and the other one is not. The asymmetric routing will be blocked by the firewall due to DDOS attack prevention.

the fix

Now that I know the cause of the problem, the dillema arises that I still need Haining campus ITS's assistance to fix the issue. I need to make sure even those administrative roles like Z saw my request, they would not understand my true purpose. Considering Z's earlier response, she was either in an administrative position, or is really rookie in the network engineering field, both case I bet she would not want, or be designated to look into some issues too technical to understand.

A ticket is then sent to the Haining campus ITS to request all outgoing traffic of a specific ip to go through the main campus network gateway 'due to asymmetric routing' for 'research purpose, and to avoid incidental firewall block', together with some specified gateway ip I got from traceroute log. It turned out Z was not designated to the ticket.

Now that this is an existed routing, they accepted the reqest 'after requesting superior instruction'. Problem solved.

the bureaucracy

The is a typical bureaucracy 'there are policies and measures to counter' incident.

It turned out, I got lucky because incompetent officer like Z is indeed, incompetent. But this also means tragedy for all those who can not conceive a counter, and thus have to live with trash policies made by those incompetent officers.

On the other hand, trash policy actually works because not enough people know how to counter it, so the incompetent officer can remain in position.

To knowledge.


  • 六子吃了两碗粉 - 让子弹飞
  • 伊拉克有生化武器 - US Congress
  • 新疆维吾尔族强迫劳动 - US Gov
  • 武汉病毒研究所制造新冠病毒 - US Gov
  • 中国要求俄罗斯奥运会结束再开战 - NY Times


体系:利益方 - 枪手 - 媒体 - 缺乏判断力的群众






  • 无视 成本最低,有刻意回避的负面效果
  • 简单否认 成本极低,效果一般。
  • 要求控方拿出切实有效的证据 抬升控方成本,转移焦点
  • 允许控方调查 成本不可控且毫无意义
  • 有公共认可的第三方,允许第三方调查 成本偏高,抬升控方成本,效果一般但通常能较为长期地解决问题
  • 反向污蔑/合理怀疑 成本偏高,降低自身道德标准,丧失公信力
  • 揭露控方诽谤的本质 成本取决于控方诽谤的水平,需要发掘控方犯下的错误,长期来看能降低控方公信力
  • 引诱控方犯下低级错误的诽谤 难度极高,钓鱼执法



Russia seeks military equipment from China after Ukraine invasion -reports March 14, 2022 9:09 PM GMT+0 第一步:提出指控 重点: 匿名美国官员 无法提供细节 白宫国家安全委员会拒绝评论 可以解读为: 真:俄罗斯军事无法负担乌克兰战争 假:无意义

Chinese embassy says has never heard of Russian requests for help March 14, 2022 9:20 PM GMT+0 第二步:等待否认 可以解读为: 真:前报道不实,事件毫无意义。 假:中国在撒谎,且对俄罗斯背信弃义


U.S. warns China not to help Russia as anti-war protest disrupts state TV 第三步:道德绑架

外交部发言人就美方签署所谓 “维吾尔强迫劳动预防法案”发表谈话

2021-12-24 08:46 当地时间12月23日,美方将所谓“维吾尔强迫劳动预防法案”签署成法。该案罔顾事实真相,恶意诋毁中国新疆人权状况,严重违反国际法和国际关系基本准则,粗暴干涉中国内政,中方对此表示强烈愤慨、坚决反对。 所谓新疆地区存在“强迫劳动”和“种族灭绝”,完全是反华势力炮制的恶毒谎言。新疆经济发展和社会安定举世公认,各族人民安居乐业有目共睹。美方反复借涉疆问题造谣生事,实质是打着人权的幌子搞政治操弄和经济霸凌,企图破坏新疆繁荣稳定、遏制中国发展。 美国自身劣迹斑斑,就人权问题指责抹黑中国是滑天下之大稽。美国是贩卖人口和强迫劳动的重灾区,近5年来每年被贩卖到美国从事强迫劳动的人口多达10万。美国历史上对印第安原住民犯下的反人类罪行早已构成事实上的“种族灭绝”。“强迫劳动”和“种族灭绝”这两顶帽子还是美国留着自己戴最合适。 涉疆问题根本不是人权问题,而是反暴恐和反分裂问题。中方正告美方,利用涉疆问题搞阴谋诡计,阻挡不了新疆各族人民追求美好生活的坚定步伐,阻挡不了中国不断发展壮大。美方行径完全违背市场规则和商业道德,只会破坏全球产业链供应链稳定,扰乱国际贸易秩序,损害美自身利益和国家信誉,纯属搬起石头砸自己的脚。 我要再次强调,涉疆事务纯属中国内政。中国政府和人民捍卫国家主权、安全和发展利益的决心坚定不移。我们奉劝美方立即纠正错误,停止利用涉疆问题散布谎言、干涉中国内政、遏制中国发展。中方将视形势发展作进一步反应。


2021/08/28   8月27日,美国国家情报总监办公室发布所谓“新冠病毒溯源调查报告”要点,认为目前看新冠病毒源自自然界和实验室泄漏的两种可能性都不能排除。报告诬蔑中方阻挠国际调查、拒绝共享信息并指责他国。白宫同日就新冠病毒溯源调查发布声明,妄称中方阻挠溯源工作的国际调查,缺乏透明度,企图纠集有关伙伴方对中方施压。中方对此坚决反对、强烈谴责。   首先,报告是美由情报部门主导杜撰的,毫无科学性和可信度可言。新冠病毒溯源是科学问题,应该也只能由科学家而不是情报专家研究。历史上,美情报部门搞出不少“杰作”,诸如把一小瓶洗衣粉当作伊拉克大规模杀伤性武器证据,自导自演“白头盔”组织摆拍所谓“叙利亚化学武器袭击”视频。现在美方又故技重施,放着中国—世卫组织联合研究报告不信,偏要取信情报部门炮制的报告,那怎么还可能是科学、可靠的溯源?   第二,美方声称中方不透明,这完全是为其推动政治化、污名化寻找借口。疫情发生以来,中方始终本着公开、透明、负责任原则,第一时间对外介绍、对外分享病毒基因序列、对外开展抗疫合作。2019年12月27日,武汉地方有关部门首次报告可疑病例,30日下发关于做好不明原因肺炎救治工作的紧急通知,31日中国向世卫组织通报有关情况,2020年1月3日中方开始定期向世卫组织和美国等有关国家主动通报疫情信息。在溯源问题上,中方也从一开始就表明了科学、专业、严肃和负责任的态度,率先同世卫组织开展全球溯源合作,去年以来两次邀请世卫专家来华开展溯源研究。世卫专家组来华开展溯源工作时,中方完全公开透明,满足了其全部参访要求,未作任何限制。专家们在武汉去了所有他们想去的地方,会见了所有他们想见的人,查看了所有他们想看的资料。世卫组织3月30日正式发布的中国—世卫组织联合研究报告,其形成遵循了世卫组织程序,采取了科学方法,体现了权威性和科学性。中方在病毒溯源问题上展现的开放、透明态度也得到国际专家充分肯定。   第三,美方情报部门出台报告恰恰说明了美方一意孤行在政治操弄的错误道路上越走越远。疫情暴发以来,美国成为感染和死亡人数最多的国家,已经让美国民众付出了沉重代价。美国政府通过情报机构搞所谓溯源报告,妄图对中国进行“有罪推定”,是为了推卸自身抗疫失败责任、向中国甩锅推责。美方这种做法只会对国际溯源和全球抗疫合作造成干扰和破坏,已经遭到国际社会普遍反对。世界上100多个国家和地区,300多个政党、社会组织和智库向世卫组织秘书处提交《联合声明》,坚决反对将溯源问题政治化。美方难道不应该听一听这些声音吗?   最后,美方对自身溯源讳莫如深,把溯源大门关得死死的。美方如果真的“透明负责”,就该公布并检测早期病例数据。美国新冠肺炎疫情发生的时间线不断前移。美国至少有五个州的新冠病毒感染情况早于美国首例确诊病例报告时间。近日也有美国媒体报道,美国首例新冠肺炎死亡病例出现的时间为2020年1月初,比官方此前认定的2月初要早数周。   武汉病毒研究所已两次接待世卫组织专家,新冠病毒源自武汉病毒研究所泄漏“极不可能”是中国—世卫组织联合研究报告得出的明确结论。美方如果非要坚持实验室泄漏的说法,难道不应该邀请世卫组织专家前往德特里克堡和北卡罗来纳大学调查吗?德堡长期从事冠状病毒研究、改造,2019年发生严重安全事故并被关停,随后美国国内暴发与新冠肺炎症状相似的疾病。北卡大学巴里克团队早就具备极其成熟的冠状病毒合成及改造能力,该校于2015年1月至2020年6月1日共向美国国立卫生研究院报告28起涉及基因工程微生物的安全事故,其中6起涉及包括SARS、MERS和新冠病毒等在内的冠状病毒。美方不调查公布自家实验室的情况,却光顾着往别人身上泼脏水。   中方对全球溯源问题的立场是一贯、明确的。溯源是科学问题,中方始终支持并将继续参加科学溯源。我们反对的是政治操弄,反对的是有罪推定,反对的是嫁祸于人。第二阶段溯源应该在第一阶段溯源的基础上全面延伸,在全球多国多地开展溯源工作,才能真正找到真相和答案。   美情报部门提供的报告没有给出美方想要的确切答案,再搞下去,也是竹篮打水一场空,因为它的调查本身就是子虚乌有、反科学的。












Anti Chinese Sentiment

'Unfavorable views' of China reach historic highs, new report finds


It's been an issue since several years ago, or maybe longer as Wikipedia suggests. Last year when I was taking LP380 I discussed this problem with Prof. Ellan, a democrat. As most left-wing Americans would recognize such an issue and blame it on racism, it's not within their power to solve it. There are way more people holding different options, no matter holding themselves as racist or not.

Cooperation or Competition

From the first stirring of life beneath water, to the great beast of Stone Age, to man taking his first upright steps, we have come far. All of the progress instilled these two seemingly paradoxical characteristics into mankind: competition and cooperation. Species without competition will surly lose its dominating position soon, and a single man can never protect himself from any physically overwhelming animal. Thousands of years later, these two inherited features still play important roles in modern society regardless of fundamentally massive change within human society itself. We have long evolved from cave Australopithecus to intelligent man who stands on the top of the food chain, and the importance of competition and cooperation shall be rebalanced.

Monopoly from the Perspective of Mass Gambling

There is a live video platform in China called Douyu who offers virtual currency gambling, from which I find out a very interesting phenomenon - the return rates always stay low, i.e. on specific conditions when the outcome is a random event (50% chance on each side), the return rates always stay below 1 (often 0.1 - 0.7) on both sides, rendering it unfair for any gamblers who pays - take it or not.

Notes from BARC 2018 Ministerial Summit

Before discussing how to promote bamboo industry you’ll have to inspire people how they can benefit from it – especially their superior renewability comparing to trees. In most south America countries, bamboo is still considered as a type of tree which means that they will have to be registered for being cut down, and the register process could last 3-6 months which is almost insane for modern commercial activities.

Moreover, rather than inspiring the youth of the innovation of bamboo structure, it’s better to have them inspire us.

Wrong Lizard

"Because if they didn't vote for a lizard," said Ford, "the wrong lizard might get in"

— Douglas Adams, So long, and thanks for all the fish

Note that the book was published in 1984. And 32 years later the competition actually began with the same feeling, "Who's worse?" I doubt this has ever happened in the whole U.S. history.

Anyway it's not the right time to discuss any serious topic. Just enjoy the nonesence cause I couldn't help laughing even when it was 2 a.m. and all my roommates were in dream.


Original post on zhihu, 因「政治敏感」已于Apr 9, 2018 3:47 PM被删除。

Question by [Anonym]


My Answer



People of the Same Tarde

People of the same trade seldom meet together, even for merriment and diversion, but the conversation ends in a conspiracy against the public, or in some contrivance to raise prices.

— Adam Smith, An Inquiry into the Nature and Causes of the Wealth of Nations