Skip to content
← All articles

TSPU, DPI and Traffic Throttling: How It Works and How to Check

TSPU (technical countermeasure equipment) is hardware installed on Russian operator networks under the "sovereign Runet" law, through which traffic is routed by law. Using DPI (deep packet inspection), TSPU reads the SNI field and the Host header to filter connections. Throttling is an artificial reduction of speed toward a resource, not a full block.

This article explains to site owners and administrators how TSPU and DPI work, how traffic throttling differs from a full block and from an ordinary technical failure, which signs reveal it, and how to run external availability diagnostics without any circumvention tools. The legal framing is Federal Law 90-FZ and 149-FZ; the scope here is diagnostics of your own resource only.

What TSPU and the "sovereign Runet" are

TSPU is equipment installed on operator networks by Roskomnadzor. Its legal basis is Federal Law No. 90-FZ of 01.05.2019, which amended the Communications Law and the Information Law (149-FZ). Its stated purpose is to keep the Russian internet segment running under external threats, which is why the law is colloquially called the "sovereign Runet" law.

The key difference between TSPU and classic registry-based blocking is that filtering happens centrally at the operator layer, rather than through lists the operator downloads and applies itself. The operator must route traffic through TSPU and does not directly control the filtering logic. For the mechanics of registry blocking, see how Roskomnadzor blocking works.

The legal texts are available officially: 90-FZ on the official legal portal and 149-FZ on Information. You can check whether a domain or IP is in the registry using the official service blocklist.rkn.gov.ru.

How DPI works

DPI (Deep Packet Inspection) is a technology that looks not only at IP addresses and ports but at the contents of network packets. In the TSPU context, DPI analyzes several layers of a connection to decide whether to pass traffic, throttle it, or reset the connection.

What DPI actually reads

  • SNI (Server Name Indication) — the hostname the client sends in cleartext at the start of the TLS handshake. Even over HTTPS, SNI is unencrypted by default, so DPI sees which domain you are contacting.
  • Host header — for unencrypted HTTP, the site name is sent in the clear and is trivial to read.
  • Destination IP address — the base layer; IP-level blocking hits every site on a shared address.
  • Packet characteristics — size, timing, and patterns that identify protocols even when the payload is encrypted.

How the decision is made

After parsing a connection, DPI matches the extracted signals against rules. Several reactions follow: tearing down the TLS handshake (connection reset, RST packets), a "black hole" where packets are simply not delivered, or artificial bandwidth limiting. That last case is throttling: the connection formally establishes, but data flows slowly.

How throttling differs from a block

A block makes a resource fully unavailable: the page does not open, the connection resets, or it times out. Throttling leaves the site reachable but sharply cuts its speed — pages take tens of seconds, video buffers, large files download at a capped rate. These are technically different mechanisms and require different detection.

A separate task is not to confuse either scenario with an ordinary server-side failure: an overloaded server, a misconfiguration, or a hosting or CDN problem. A "this site can't be reached" error is more often a DNS or network issue than filtering — the causes are covered in how to fix the "this site can't be reached" error.

Comparison table

SignalFull blockThrottlingOrdinary technical failure
Page availabilityDoes not open at allOpens, but very slowlyMay fail or open unstably
Connection behaviorRST / timeout / reset at handshakeConnection exists, narrow bandwidth5xx errors, TCP refusal, DNS errors
Geographic dependenceUnavailable from RU, fine from abroadSlow from RU, normal from abroadSame across all regions
Key metricStatus code / connection factDownload speed, time to first byteServer response code, response time
Registry presenceOften listed in the RKN registryMay be absentAbsent
How to detectCompare RU vs abroad availabilityCompare RU vs abroad speedCheck server logs, hosting status

Signs of traffic throttling

Throttling has a recognizable profile. Suspect it specifically when several symptoms combine, not on a single glitch:

  • The site opens, but time to first byte (TTFB) from Russia is several times higher than from foreign vantage points.
  • Download speed from RU hits a stable "ceiling" — for instance, it stays flat regardless of the user's own channel.
  • Ping to the server stays normal while actual transfer speed is low — latency has not grown, but bandwidth is squeezed.
  • The problem reproduces for users across different RU operators yet is absent when checked from abroad.
  • Small requests (API, HTML) pass, while heavy content (video, images, archives) degrades far more.
Important: a single slow load is not yet a sign of throttling. The diagnosis rests on a persistent difference between geographies and on comparing speed against latency.

How to check it from the outside

External diagnostics rest on one principle: compare how the resource behaves from Russia versus from abroad. If it is unreachable or slow from RU while working normally externally, that points to network filtering rather than a server problem. Below is a practical checking order, without circumvention tools.

Step 1. Check the registry

Start with the official service blocklist.rkn.gov.ru, or use the aggregated check on the RKN block checker at enterno.io. A domain or IP present in the registry explains a full block. Absence from the registry while unreachable from RU is a reason to suspect TSPU or throttling.

Step 2. Compare response time and availability

Use the ping and availability check and the general availability check on the header-checker home page. Compare whether the resource opens and what status code it returns. If the connection resets during TLS, that signals a block; if the connection establishes but everything drags, look closely at speed.

Step 3. Compare speed and TTFB by region

The key to spotting throttling specifically is a difference in bandwidth and time to first byte between Russian and foreign points while latency stays unchanged. For systematic control, set up regular monitoring — the way it is done with 152-FZ requirements in mind is described in website monitoring in Russia and 152-FZ. For a broader overview, see website availability in Russia.

What a site owner can and cannot do

Understanding the boundaries saves time. The resource owner controls their own infrastructure but not the TSPU logic.

Within the owner's control

  • Diagnostics: confirm the problem is external, not server-side — via region comparison, logs, and monitoring.
  • Infrastructure: ensure the server, hosting, and CDN are healthy and the configuration is correct.
  • Legal path: if the resource lands in the registry, official procedures exist to clarify and appeal the grounds.
  • Transparency: inform users about availability status and alternative contact channels within the law.

Outside the owner's control

  • Filtering logic on TSPU — it is set centrally; neither the operator nor, still less, the site owner controls it.
  • Traffic delivery speed through operator infrastructure when limits are in place.
  • Circumventing filtering — that goes beyond diagnostics and outside legitimate operation of a resource.

Diagnostics under 90-FZ and 149-FZ is, for an owner, a lawful way to understand why their own site is unreachable and to explain it correctly to their audience — not a tool to bypass restrictions.

Frequently Asked Questions

How does TSPU differ from registry blocking?

Registry blocking is applied by the operator using lists of prohibited resources that it downloads and filters itself. TSPU is centralized equipment on the operator's network through which all traffic passes; the filtering logic is not set by the operator. The registry can be checked publicly, whereas TSPU behavior is detectable only indirectly.

Why does DPI see my domain if I use HTTPS?

HTTPS encrypts page contents, but the hostname in the SNI field during the TLS handshake is sent in cleartext by default. DPI reads exactly that to determine which site is being contacted. So the presence of HTTPS alone does not hide the fact of a request to a specific domain from traffic-analysis systems.

How do I tell throttling from my server being overloaded?

Server overload shows up identically across all regions and is usually accompanied by rising response times or 5xx errors in the logs. Network-level throttling appears as a speed gap between RU and abroad with normal ping and clean server logs. Comparing geographies is the main differentiating test.

Can a site owner remove throttling on their own?

Not directly: the restriction logic is not set on the site side. The owner can confirm the diagnosis, check and optimize their own infrastructure, and, if listed in the registry, use official procedures to clarify the grounds. Circumventing filtering is not part of legitimate resource operation and is not covered here.

Which metrics matter most for diagnostics?

To distinguish scenarios, watch three indicators: whether the connection establishes and the status code (block versus availability), bandwidth and time to first byte (throttling), and the stability of the gap between Russian and foreign points. It is the persistent geographic difference that separates network filtering from a local failure.

Where can I read the official texts of the laws?

The text of 90-FZ is published on the official legal-information portal, and 149-FZ "On Information, Information Technologies and Information Protection" is in open legal databases. The registry of prohibited resources is maintained by Roskomnadzor, which publishes a check at blocklist.rkn.gov.ru. Links to all three sources are given in the TSPU section above.

Check your website right now

Check your site →
More articles: Networking
Networking
What Is MTU: Fragmentation and How to Fix Issues
13.07.2026 · 23 views
Networking
How Roskomnadzor Blocks Websites: EAIS, TSPU, DPI
13.07.2026 · 25 views
Networking
Fix ERR_QUIC_PROTOCOL_ERROR: QUIC / HTTP3 Error Guide
13.07.2026 · 29 views
Networking
ERR_CONNECTION_TIMED_OUT Fix
23.06.2026 · 104 views