This study systematically uncovers the mechanism of control-plane and data-plane decoupling employed during Iran’s nationwide internet shutdowns between 2019 and 2026. By integrating passive scanning from Censys, multi-vantage-point active TCP probing, and BGP snapshot analysis from RIPE RIS, the research identifies a centralized null-routing strategy that preserves BGP announcement stability while evading conventional monitoring. The findings confirm that 96.5%–97.4% of Iranian IP prefixes were null-routed, while revealing structural exemptions for academic networks and ArvanCloud CDN. Furthermore, the study demonstrates that the anomalous increase in visible hosts during outages is a measurement artifact and provides the first quantitative assessment of persistent connectivity within these exempted networks.

Iran conducted two nationwide Internet shutdowns in January and March 2026, the latter ongoing at the time of writing and the longest documented Iranian disruption. Using a three-plane methodology combining passive Censys scan data, active TCP reachability probing from five vantage points, and BGP analysis across 33 RIPE RIS snapshots from 2019 to 2026, we show that the 2022 and 2026 shutdowns are enforced via forwarding-plane null-routing at a centralized border while BGP announcements remain stable, and that Iran shifted from partial BGP withdrawal in 2019 to pure null-routing by 2022. This control- and forwarding-plane decoupling prevents BGP-based outage monitors from detecting shutdowns. Active probing of 4,571 BGP-visible Iranian prefixes shows that 96.5 to 97.4% are null-routed across all vantage points, indicating a centrally coordinated mechanism. Passive scan analysis reveals a 3.7 times increase in visible hosts between shutdown events due to measurement artifacts rather than recovery, along with two structural exemptions: academic networks rise from 1.4 to 66.6% of visible hosts during partial recovery, and ArvanCloud CDN retains 99.7% visibility while other major operators drop by at least 77%.