Local Loop : Internet and Networking in South Africa

TLUG Talk: Fiber optic networking

I’m presenting a talk at the TLUG meeting in Pretoria tonight, on fiber optic networking. These meetings are open to the public. See the link for details.

Tagged fiber optic, presentation, TLUG

2010 03 01 Simeon Miteff Technical Comments (0) Permalink

RSAWeb (sort of) responds

Shortly after my post revealing that RSAWeb (among others) provide hosting for known South African spammers, I got an email from their Technical Director, Mark Slingsby, asking how recent my lookups were¹, and requesting me to name the offenders² so that his sysadmin team can follow up.

I replied with a detailed response, noting that the MX record points to a web virtual-hosting box at RSAWeb that isn’t accepting SMTP (I imagine having a broken MX suits Dynamic Seminars just fine), and that the website is a RSAWeb domain parking page.

Mark responded with this:

Thanks for putting this out in the wild, we do not condone spam & spammers. Unfortunately its always difficult to isolate these spammers as they tend to be small and difficult to detect unless we notice an abuse pattern or receive spam complaints! However we always make a concerted effort to stop these guys. Spam is inherintly evil and we have terminated the services of spammers that havent even made this ISPA hall of shame list (and will continue to do so).

He also said they’ve suspended the hosting until they have concluded their investigation. When I checked this afternoon, the domain parking page was still up, so I don’t know what they mean by “suspended”. Also, the specific spammer is number one out of twenty-five on the ISPA list, which hardly makes them small, or difficult to detect.

Nevertheless, RSAWeb at least took notice, which is probably more than I can say for the others in my ISPA members hall of shame.

The post started with the words “This morning”… [↩]
Couldn’t they get the list off the ISPA site and do their own lookups? [↩]

Tagged fail, ispa, RSAWeb, spammers

2010 02 18 Simeon Miteff General
Regulatory
Technical Comments (0) Permalink

ISPA members provide hosting for local spammers

This morning I read this article on MyBroadband about the ISPA “hall of shame” list of South African spammers, and conducted a quick (somewhat non-scientific) investigation to see where the mail servers for the domains provided on the ISPA list are hosted.

After filtering out domains without MX records, MX records without valid A records, and IP addresses for which whois lookups failed, the 63 listed domains whittled down to 44 servers, of which 14 are hosted by ISPA members.

So Localloop.co.za hereby presents the ISPA member hall of shame:

Hetzner (4 servers, 2 of which are hosted in Germany)¹
Webafrica (4 servers, 3 of which are hosted in the US)
Internet Solutions: (2 servers)²
Datapro (2 servers)
RSAWeb (1 server)³
AboutIT (1 server)

The only non-ISPA member is Intekom (Telkom SA) with one spammer mail server.

This does not prove the spammers listed use these mail servers for sending spam (they could use any other ISP for that, and judging by recent complaints on the IOZ list, Vodacom SA is one of the favorite providers for spammers).

Having said that, wouldn’t you expect ISPA members to uphold the spirit of the anti-spam clause in the ISPA code of conduct by not hosting mail servers for the ISPA’s own list of spammer domains?

Tie with Webafrica, but I put them first because one of WA’s spammer mail servers is hosted by Hertzner. [↩]
Tie with Datapro, but I put them first because AboutIT’s spammer mail server is hosted by IS. [↩]
Tie with AboutIT, but I put them first because they have their own data center. [↩]

Tagged hosting, ispa, spammers

2010 02 12 Simeon Miteff General
Regulatory
Technical Comments (1) Permalink

New year, new job

After a year and and a bit as a software developer at the Remote Sensing Research Unit of the CSIR’s Meraka Institute, I’ve now transferred to a new team (still inside Meraka), where I’ll be working on SANReN’s design and roll out, thus moving the focus of my day job back to networks.

SANReN will no doubt lead me to interesting discoveries that I hope to publish here¹ so please keep reading :-)

None of it will be confidential information. Also, none of the views expressed here represent any official position of my employers. [↩]

Tagged csir, dayjob, sanren

2010 02 02 Simeon Miteff General Comments (0) Permalink

Because you asked #1: Pricing transit costs in South Africa

Someone did a Google search for “how to price ip transit costs south africa”, and ended in my apache logs when they followed the search result to this site.

Having never worked in the ISP industry, I’m not really qualified to answer, but here goes anyway:

If you have this much bandwidth:

ZA can has traffic?

…then do this:

Randomly choose a price thats so expensive that it’s economically infeasible for your customers, then dial it back until you have ~100 reluctant customers.
Bill for transit by traffic volume in giga-bytes, call this a “quota”.
Hard-cap the “quota” so that the customer would exhaust it on the first day of month.
Expire (steal) the customer’s unused quota at the end of the month.
Oversubscribe like a lunatic, and then be vague about this to your customers.
Redefine “Internet access” to exclude certain popular protocols, and then buy a router that forwards those specific packets slower, or not at all.

If, on the other hand, you have this kind of bandwidth:

MOAR please.

…then do this:

Bill customers monthly for a 5-minute average traffic rate (Mbps).
Offer a variable per-Mbps discount if they commit to a minimum rate, and allow them to set the rate (to zero, if they like).
Don’t fine them for traffic spikes, instead, discard the top 5% or 10% of the 5-minute averages each month.

Here is the thing though, aren’t the graphs symptoms, and not causes of the pricing strategy?

Tagged because you asked, pricing, transit

2010 01 31 Simeon Miteff General Comments (0) Permalink

ISPs posing as Internet exchanges

An Internet exchange or peering point provides layer 2 switching to enable direct and efficient interconnect for parties who wish to enter into peering or transit agreements. You get a port and an IP, then you get to use one MAC address to exchange IP packets with other customers.

So, back in the nineties, Telkom SA decided to call their ISP division “South African Internet Exchange”. That is also the last time SAIX updated their web site, but I digress. I think it’s possible that Telkom chose this name because from their PSTN perspective, an ISP looked like a telephone exchange for the Interwebs.

SAIX doesn’t pretend to be an IX (in fact, they don’t participate in any peering points in South Africa) so I’m willing to attribute their confusing name to misunderstanding.

However, the recently launched Africa Independent Network Exchange’s skilled professionals with many years of experience in the ISP industry should know that when you offer consumer broadband and hosting, you’re most definitely an ISP, so what’s with the name?

To be clear, their “peering service” is either IP transit (ISP business), or layer 2 circuits (telco business).

Tagged africa inx, internet exchange, lies, peering, SAIX

2009 12 15 Simeon Miteff General Comments (8) Permalink

Power over Ethernet makes CAT5 cable less tasty?

Failed Canine DDoS (note multiple attack vectors)

ph33r muh h4x0r sk1LLz

Motivated by frustration, our 5-year old dachshund launched a Distributed Denial of Service attack on our Internet connection, but failed (left). He made quick work of a nearby antenna feed coaxial cable, and he’s destroyed much tougher things, but he couldn’t nail this UTP cable…

I suspect the 24V DC on one of the copper pairs discouraged him. So could this be a solution for making network cabling less appetizing to the spectrum of gnawing and chewing creatures? Perhaps. But until it’s patented as anti-chew technology, who could be angry with a little furry being bearing a face like that :-)

2009 11 26 Simeon Miteff Uncategorized Comments (1) Permalink

A coherent SA government plan for telecoms?

Broadband Infraco was issued an I-ECNS license, but refused an I-ECS license, meaning they’re permitted to provide wholesale, but not retail services. Dominic Cull commented on an earlier post of mine:

The whole IECS debate now seems pretty irrelevant given that the Minister of Comms has decided they will not get one ..

To allow ~500 licensed operators (including Telkom, which is also partially state-owned) to be vertically integrated, and to deny this to Broadband Infraco seems inconsistent (and unfair?).

Then I read this in an ITWeb article:

ITWeb is in possession of an advance copy of the department’s new draft broadband policy, which is expected to be gazetted in the next few days.

The new draft policy has realigned the state’s role in the provision of broadband. It specifically states that “government should not operate directly in retail service provision, but leave these markets to the private sector players”.

Does that mean the state will dispose of their Telkom shares?

Perhaps the future holds something even more interesting. To quote Gartner analyst Will Hahn commenting on the Competition Commission’s recommended R3.6 billion Telkom fine:

In most mature telecom regimes, the company in Telkom’s shoes has had to undergo either rigorous functional separation between network ops/wholesale on the one hand and retail on the other, or it has gone further, approaching structural separation (where these functions would be vested in completely separate companies).

Although highly unlikely, if there is a coherent government plan to put an end to the turf war between the DPE and the DOC and get their telecoms house in order, it might be in the form of what Hahn is talking about.

Tagged broadband infaco, doc, DPE, telkom

2009 11 03 Simeon Miteff Regulatory Comments (2) Permalink

Setting interface MTU using DHCP

DHCP can be used to set the interface MTU on end hosts using option 26. For example (with dnsmasq), to set the MTU of clients on the lan interface to 1400 bytes, use: dhcp-option=lan,26,1400

I’m using this to work around MTU issues caused by a tunnel. It seems to work well so far… no need for IP fragmentation or TCP MSS re-adjustment by a router.

The corresponding Debian /etc/network/interfaces magic for static iface stanzas is "mtu 1400",

Tagged dhcp, fragmentation, MSS, MTU, tunnels

2009 10 19 Simeon Miteff Technical Comments (0) Permalink

IP sub-netting for fun and profit

IP sub-netting is one of the first things one learns about network administration.

You have a /22, you want /24’s, 2 bits give you 4 sub-nets. Or you want one /24, so you break the /22 into two /24’s and a /23. Not rocket science. It’s the kind of thing you can do in your head and keep track of in a spreadsheet or a text file if you don’t have too many networks.

When you’re planning an IP addressing scheme, you probably have the luxury of time, to think about it. But what if you need to do this in a crisis situation? Fortunately it has never happened to me, but I can think of scenarios where you need to do this very quickly:

Apparently, if you use BGP to advertise a network to the Internet and specific hosts within that network become the target of a DDoS attack, one way to mitigate the attack could be to stop advertising the /24 sub-nets being attacked. Although this means the attacker still succeeds in taking down his intended targets (because he made you take them down), at least you can remove the attack traffic from your link, and the rest of your network can remain available.

Another scenario might be someone hijacking part of your network by advertising a more specific route than you are (either intentionally, or due to a BGP filtering misconfiguration). This happened to youtube last year.

Either way, you’ll need to split the network into at least two (in the case of a /23) sub-nets to get a /24, which is generally the longest prefix accepted on the Internet. In the former case, you want to withdraw the more specific network, and in the latter you want to advertise it.

To this end, I have written a script that accepts a list of networks (in CIDR format, one per line) from STDIN, and the desired sub-net as the first command line argument. It loops through the input subnets, looking for the one that overlaps with the desired prefix. If a network doesn’t match, the script just prints it out untouched, if it does, then the script will de-aggregate that network into the minimum number of sub-nets in order to get the desired sub-net as one of the outputs. It prints the surrounding pieces, and unless you specify “-exclude” as the second argument, the desired sub-net itself is also added to the output:

#!/usr/bin/python
# deaggregate.py - deaggregate a network for a specific subnet, yielding the minimum number of subnets
# Add -exclude to only output the surrounding subnets. Subnet is read from stdin, all non matching subnets
# are output untouched. Use as a filter, rinse, repeat.
# Simeon Miteff <simeon@localloop.co.za>
from IPy import IP
import sys
 
def split(ip,sub,exclude):
    if ip==sub:
        if not exclude:
            print ip
    else:
        a = IP(str(ip.net())+'/'+str(ip.prefixlen()+1))
        b = IP(str(IP(ip.net().int()|2**(32-(ip.prefixlen()+1))))+'/'+str(ip.prefixlen()+1))
        if a.overlaps(sub):
            print b
            split(a,sub,exclude)
        elif b.overlaps(sub):
            print a
            split(b,sub,exclude)
 
if __name__=="__main__":
    if len(sys.argv)<2:
        sys.stderr.write("Usage: %s CIDR_prefix [-exclude]\n" % sys.argv[0]) 
        sys.exit(1)
 
    sub = IP(sys.argv[1])
 
    exclude = False
    if len(sys.argv)==3:
        if sys.argv[2]=='-exclude':
            exclude = True
 
    for line in sys.stdin:
        pre = IP(line.strip())
        if not pre.overlaps(sub):
            print line.strip()
        else:
            split(pre,sub,exclude)

An example run:

simeon@capybara:~/personal$ cat routes.txt
10.0.0.0/10
192.168.0.0/16
simeon@capybara:~/personal$ python deaggregate.py 10.0.100.0/24 < routes.txt
10.32.0.0/11
10.16.0.0/12
10.8.0.0/13
10.4.0.0/14
10.2.0.0/15
10.1.0.0/16
10.0.128.0/17
10.0.0.0/18
10.0.64.0/19
10.0.112.0/20
10.0.104.0/21
10.0.96.0/22
10.0.102.0/23
10.0.101.0/24
10.0.100.0/24
192.168.0.0/16
simeon@capybara:~/personal$

It requires the IPy module (apt-get install python-ipy). To handle multiple desired sub-nets, run the script again for each subsequent sub-net, using the output of the previous run as the input. Note that your (and your upstream’s) filters might need to be updated (unless your original prefix is allowed with something like "le 24").

I’ve added this to the code page. Thanks for listening :-)

Tagged bgp, ddos, prefix hijack, python, subnetting

2009 10 12 Simeon Miteff Technical Comments (0) Permalink

Local Loop

TLUG Talk: Fiber optic networking

RSAWeb (sort of) responds

ISPA members provide hosting for local spammers

New year, new job

Because you asked #1: Pricing transit costs in South Africa

ISPs posing as Internet exchanges

Power over Ethernet makes CAT5 cable less tasty?

A coherent SA government plan for telecoms?

Setting interface MTU using DHCP

IP sub-netting for fun and profit

Pages

Categories

Blogroll

Family & Friends

Interesting

Other Projects

RSS Feeds

Meta

Blog Search