Author: Xie Ying
Since July of this year, Starlink, the satellite internet service operated by Elon Musk’s SpaceX, has experienced large-scale network outages, exposing technical and operational shortcomings during its rapid expansion. As the world’s largest low Earth orbit satellite internet provider, covering 140 countries and serving 6 million users, Starlink’s failures have not only affected civilian services but also impacted military communications and commercial collaborations, reflecting the “growing pains” of a massive constellation.

Recovery of the “Starship”. Image source: Starlink official website
Recently, China has launched five batches of low Earth orbit satellites, and the construction of the Chinese version of “Starlink” is also reaching a climax. So, what risks are associated with satellite internet space networking? How can we ensure safety and reliability?
Investigation of Starlink Failures:
Core Network Software Issues Recur
On July 24, Starlink experienced a core network software service failure, causing 61,000 users across the U.S., Europe, and other regions to lose connectivity for 2.5 hours. Starlink officially acknowledged this as an “internal critical software failure,” with Musk apologizing and promising a fix.
On August 19, the global service interruption information aggregation platform Downdetector recorded thousands of outage reports, affecting areas including Dallas and San Francisco in the U.S., as well as South America and Australia. This outage coincided with the day after T-Mobile launched its “Starlink Direct Connect” service, severely damaging market trust in the new business.
Starlink employs a “satellite-ground station-core network” three-tier architecture. The root cause of the July failure was identified as a “software upgrade program for the ground computing cluster,” which led to a network-wide outage due to traffic redistribution overload. This incident revealed the inadequacy of its core network software’s dynamic scheduling capability—low Earth orbit satellites have an overhead time of only 3 to 5 minutes, requiring real-time switching between thousands of satellites, and the coupling defects in the software modules can easily trigger a chain reaction.
Although Starlink has not officially confirmed the correlation between the August and July failures, both incidents occurred during peak business periods, highlighting flaws in the core network’s fault tolerance design for sudden traffic spikes. After the July failure, Starlink promised to conduct a “root cause analysis and repair,” but the recurrence of the August failure indicates that its software architecture has not achieved substantial decoupling.
It can be concluded that the August failure is a “recurrence” of the core network software issues from July, exposing the software architecture flaws in Starlink’s massive constellation scheduling. This suggests that Starlink needs to shift from a “rapid aerospace iteration” model to a “telecommunication-grade reliability design” to truly achieve telecom-level service quality.
How to Make the Chinese Version of “Starlink” Safer
The Chinese version of “Starlink” adopts the same “satellite-ground station-core network” three-tier architecture, which can be simply understood as a three-layer collaborative “space signal system.” The satellites act as “mobile signal towers” (space-based base stations + transmission nodes), capable of both sending signals and relaying data; the ground stations serve as “super relay stations” (super base stations + intelligent gateways), responsible for receiving satellite signals on the ground; the core network is the “brain” of the entire system, managing critical aspects such as “who can access the internet” and “where data is transmitted.” The security of “Starlink” hinges on the core network and ground stations.
First, let’s discuss how to secure the “brain”. Generally speaking, the security secret of the core network is “multiple backups and self-healing capabilities.” It’s like equipping the brain with “spare parts” that can be immediately replaced in case of issues.
One approach is to have multiple “sub-brains” for backup. The core network is not a solitary “brain” but is divided into 3 to 5 “sub-brains” (regional nodes) that manage different areas. They can be interconnected via encrypted dedicated lines to synchronize user internet information in real-time. Even if one “sub-brain” fails, the adjacent “sub-brain” can take over immediately, preventing a total network collapse. Below the “sub-brains,” there are “mini-brains” (edge core nodes) managing even smaller areas. If a “mini-brain” fails, the “sub-brain” can directly take over, reducing the spread of issues.
Another approach is to have a “primary and backup” setup for critical devices. Key devices in the core network that manage user logins and data routes must have a primary and backup, with both systems synchronizing information in real-time. If the primary device fails, the backup can take over within 100 milliseconds, ensuring users remain unaware of any disruption. Additionally, databases storing user information should also have multiple backups.
Furthermore, the core network should be capable of “intelligent route planning, allowing data to be retransmitted if lost.” The core network will coordinate with the satellite system to anticipate when satellites will pass overhead and plan the best signal routes for devices accordingly. If a particular “sub-brain” is too busy, it can automatically delegate some tasks to idle nodes to avoid congestion. Moreover, if data is lost or tampered with during transmission, the core network should seize the brief window when a satellite passes overhead to request a retransmission, ensuring data integrity.
Next, let’s examine how the ground “super relay stations” can prevent failures. Ground stations are the “first line of defense” for signals from space to the ground, and their security relies on “multiple sites, multiple devices, and multiple lines”. Specifically, there are three principles.
First, multiple stations should be built in one area to avoid disaster zones. Two or three ground stations can be established in the same region, distributed in different locations to avoid total failure during extreme events like earthquakes or typhoons. Additionally, important “main relay stations” should have backups in different large areas, while smaller “relay stations” can have one primary and one backup.
Second, if a device malfunctions, the backup should immediately take over. Key devices at the ground station, such as antennas and signal processors, must have “spare parts”. For instance, if the primary antenna device fails, the backup antenna can quickly activate; power supplies should have a “three-layer insurance” system consisting of the normal power grid, uninterruptible power supply, and diesel generators, ensuring that devices remain operational for at least 72 hours even during power outages.
Third, multiple data lines should be in place, allowing for quick switching if one fails. The data lines from the ground station to the core network should connect at least two different operators’ fiber optics. If one line fails, the system can switch to another within 10 seconds; if both lines fail, signals can still be transmitted via microwave or satellite, ensuring that the “path” remains open.
Additionally, the system should continuously monitor the status of ground stations, automatically redirecting signals from satellites to nearby stations if any station is too busy or experiences a failure, preventing situations where “no one is available to receive signals” when a satellite passes overhead.
In summary, ground stations rely on “multiple sites and device backups” to secure the signal entry point, while the core network stabilizes overall scheduling through “multiple regions and backups”. This creates a “double insurance” for the network—ensuring that the front-end access points remain operational and the back-end brain does not collapse, together forming a safety net that is resilient at the edges and robust at the core, allowing users to feel more secure using the Chinese version of “Starlink”.
Learning from Starlink’s Experiences and Lessons
With the rapid development of communication technology, China’s internet population coverage has exceeded 98%, but the land area coverage is estimated to be less than 40%, leaving vast mountainous, grassland, plateau, desert, and Gobi regions without network coverage. From 1G analog communication, 2G digital communication, 3G multimedia communication, 4G broadband multimedia communication to the high bandwidth, low latency, and massive connections of 5G, the challenge for 6G is to solve the problem of ubiquitous coverage. I believe the ultimate answer to this problem is “satellite internet”.
In April 2020, the National Development and Reform Commission first clarified the scope of new infrastructure, including satellite internet as part of communication network infrastructure.
The recent failures of SpaceX’s Starlink system provide us with valuable insights. Musk’s aerospace practices represent a disruptive breakthrough in traditional thinking, but to provide telecom-grade service quality for the integrated terrestrial and space wireless ubiquitous network of 6G, Starlink still needs to address shortcomings in reliability and stability.
As a “follower,” China must deeply learn from Starlink’s successful experiences in rapid iteration and commercial closure while also specifically avoiding the lessons learned from Starlink regarding network security and service continuity. By adhering to the principle of balancing cost and reliability, we can build a Chinese version of “Starlink” and lay a solid foundation for the next generation of terrestrial and space networks and the “Belt and Road” space information route.
(The author is a member of the Satellite Application Committee of the Astronautical Society and the chief satellite expert at China Communications and Transportation Consulting Design Institute Co., Ltd.)
Source: China Science Daily (2025-08-27, Page 4, Comprehensive)

Editor: Shen ChunleiLayout: Jiang Zhihai

Please scan the QR code below for 3 seconds