A TCP check from Hohhot (AS37963) attempts a SYN-ACK handshake to your host on the specified port and measures connection time. Unlike ping, TCP checks reflect real firewall policy and GFW filtering behaviour. The GFW performs TCP-level blocking on known ports and IP addresses — a connection attempt to a blocked IP will receive a TCP reset injected by the firewall rather than a genuine reset from the server.

TCP resets injected by the GFW arrive very quickly — typically within 1–5 ms of sending the SYN, significantly faster than the actual RTT to the foreign host. If a TCP check from Hohhot returns a reset in an implausibly short time (say, 5 ms to a host in the US), the reset is coming from a GFW border router, not from the destination server. A clean TCP handshake that completes in the expected RTT range confirms the host is genuinely reachable from China.

For services that need to be accessible from China, the TCP check is the most reliable reachability test. Common scenarios: confirming that port 443 is reachable for HTTPS, checking that a CDN origin is not blocked, or verifying that a game or application server is accessible from Chinese ISP networks. Ports commonly associated with circumvention tools (such as specific WireGuard or Shadowsocks ranges) are subject to active probing by the GFW and may show inconsistent TCP results.

China's public internet is controlled by three state-owned carriers: China Telecom (AS4134), China Unicom (AS4837), and China Mobile (AS9808). These three operators hold exclusive rights to international gateway capacity, meaning all traffic entering or leaving China passes through their border routers. There is no neutral open IX market comparable to DE-CIX or AMS-IX — domestic peering occurs through state-managed exchange points in Beijing and Shanghai rather than through independent, carrier-neutral facilities.

The Great Firewall (GFW) operates at the international gateway level, filtering and blocking traffic based on IP, SNI, and deep packet inspection. BGP routes announced inside China are not affected by the GFW for domestic paths, but any traffic destined for or arriving from non-Chinese IP space crosses inspection points at each carrier's border. This means latency measurements from inside China to foreign destinations include not only geographic RTT but also any queuing or inspection delay at the border routers.

Our probe node is located in Hohhot, Inner Mongolia, running on Alibaba Cloud infrastructure (AS37963). Hohhot has become one of China's largest data center hubs due to cold climate reducing cooling costs and access to low-cost coal and wind electricity. Alibaba, China Telecom, and China Mobile all operate hyperscale facilities in the region. Hohhot connects to the rest of the Chinese backbone via China Telecom and Unicom long-haul fiber running east toward Beijing and south toward Shanghai.

International latency from China reflects both geography and the GFW border transit. Hohhot to Frankfurt runs approximately 170–195 ms over well-routed paths. Hohhot to London is around 180–200 ms. Hohhot to Los Angeles sits around 130–155 ms, as trans-Pacific cable capacity is better developed than China-Europe terrestrial routes. Within the Asia-Pacific region, Hohhot to Tokyo is approximately 60–80 ms and to Singapore around 90–110 ms. These figures vary by which state carrier handles the international segment.

Results from our Alibaba Cloud node in Hohhot reflect what a server looks like from inside Chinese state carrier infrastructure, specifically through AS37963 which peers with all three national carriers domestically. For sites targeting Chinese users, this is a meaningful test location — it shows whether your server is reachable from inside China, what latency Chinese users experience, and whether the GFW is affecting connectivity to your domain or IP range.