Monthly Archives: October 2015

Insecure Internet in Africa & Mauritius

2 years ago

In 2013, like many Internet Users I was deeply shocked when I learned about the extent of Pervasive Internet surveillance. Countries were monitoring your actions on the Internet, and they were secretly collecting your data. Many Internet institutions took a public stand: https://www.icann.org/news/announcement-2013-10-07-en

Now in 2015

2 years later, despite montevideo statement, Pervasive surveillance is still present. There is little indication that those countries are going to stop. Projects like DNSSEC & PKI(s) to improve the security of the internet are here. However, DNSSEC & PKI solve 2 specific problems. DNSSEC provides an authentication mechanism for DNS. You can have some level of confidence that www.ebay.com is secure when you connect to it via DNSSEC. One of the major limitations of DNSSEC is that the question/response is not encrypted. A 3rd party can monitor my DNSSEC messages, and build a profile about my surfing habits, such as the time I usually check my Bank account.

PKI

PKI can be leveraged by ISPs to prevent accidental or intentional prefixes from being hijacked. The most known incident is when Pakistan Telecom broke Youtube on the whole Internet. However, when we look at the Internet, there are more avenues to make the Internet more secure such as protecting against address spoofing, which is causing routine DDOS attacks to occur against such websites as github. The next question is who is taking care of securing the other bits of the Internet in our region ? How much is Africa investing into not only improving Internet connectivity, but also securing our Internet ? (BCP-38 anyone ?)

Banks in Africa

The local banks are discouraging me from getting my statements via mail. They send it to me by email. However, that email is not encrypted/ digitally signed. My bank is also discouraging me from doing transactions by writing on a paper in one of their offices. They want me to use their mobile application which goes through some secure encryption scheme through a hostile Internet. I poked around, and realised that there are some issues with their security scheme. Can we trust NIST recommendations for cryptography when NIST vetted specifications that contained backdoors ? (URL of a discussion: http://lists.elandnews.com/archive/mauritius/internet-users/2015/06/2128.html)

Everyday habits

A few days ago, Another set of document revealed that the NSA is breaking VPN, SSH and HTTPS on a massive scale (geeky details here: http://thehackernews.com/2015/10/nsa-crack-encryption.html) . Those technologies are those that I use for my banking transactions, and also accessing the office remotely when I need to work. They are also used when I read my mail whether corporate or personal. What's worse is that it's becoming frighteningly cheaper for a small organization to do that thanks to the dropping price of computing power.

What are our organizations doing ?

Isn't it time for our public and private sectors to seriously look into improving the security of our internet that we rely upon daily for doing important things ? What about the Cyber/Internet Institutions that have a mandate and a budget in Africa & Mauritius ?

Emtel <-> Orange peering problem

Peering problem again

It looks like peering problem between Emtel & Orange are more frequent than I thought ! With an average of 662ms , this is definitely BAD . A few days ago, I was getting 70ms as average.


ping 41.136.243.249
PING 41.136.243.249 (41.136.243.249): 56 data bytes
64 bytes from 41.136.243.249: icmp_seq=0 ttl=51 time=584.352 ms
64 bytes from 41.136.243.249: icmp_seq=1 ttl=51 time=607.247 ms
64 bytes from 41.136.243.249: icmp_seq=2 ttl=51 time=627.821 ms
64 bytes from 41.136.243.249: icmp_seq=3 ttl=51 time=667.448 ms
64 bytes from 41.136.243.249: icmp_seq=4 ttl=51 time=824.904 ms
^C
--- 41.136.243.249 ping statistics ---
5 packets transmitted, 5 packets received, 0.0% packet loss
round-trip min/avg/max/stddev = 584.352/662.354/824.904/85.746 ms

Emtel AirBox & Orange latency test



Emtel Airbox

When Emtel announced their Airbox, I was initially thrilled, like many other Internet Users. A number of people who were very annoyed with Orange, decided to switch, causing Emtel to struggle to cope with the demand.

Orange to Emtel latency test

I asked a friend to give me his Emtel AirBox IP address to test the latency from my ISP to him, and also the other way round.

PING 154.71.9.70 (154.71.9.70) 56(84) bytes of data. 64 bytes from 154.71.9.70: icmp_seq=7 ttl=54 time=31.8 ms 64 bytes from 154.71.9.70: icmp_seq=8 ttl=54 time=12.0 ms 64 bytes from 154.71.9.70: icmp_seq=13 ttl=54 time=18.5 ms 64 bytes from 154.71.9.70: icmp_seq=16 ttl=54 time=10.6 ms 64 bytes from 154.71.9.70: icmp_seq=17 ttl=54 time=16.5 ms 64 bytes from 154.71.9.70: icmp_seq=19 ttl=54 time=13.5 ms ^C --- 154.71.9.70 ping statistics --- 19 packets transmitted, 6 received, 68% packet loss, time 18037ms
Wohoo ! It looks like Emtel and Orange are finally moving to correct the peering issues that I identified earlier. We now moved from 78ms to an average of 13ms from Orange to Emtel Airbox.

From Emtel to Orange

Nishal advised to also test the other way: from Emtel to Orange. I asked my friend to ping my Myt30MB/s IP address. The results are:
ping 41.136.241.246 ping 41.136.241.246 with 32 bytes of data: ly from 41.136.241.246: bytes=32 time=17ms TTL=54 ly from 41.136.241.246: bytes=32 time=12ms TTL=54 ly from 41.136.241.246: bytes=32 time=12ms TTL=54 statistics for 41.136.241.246: Packets: Sent = 4, Received = 3, Lost = 1 (25% loss), roximate round trip times in milli-seconds: Minimum = 12ms, Maximum = 17ms, Average = 13ms
Awesome ! We are also getting an average of 13ms from Emtel Airbox to Orange.

Wait a second !

How come we are observing 68% packet loss from Orange to Emtel ? That means that on average, more than 3/5 of the traffic is lost, and eventually re-transmitted. That's bad ! It's killing performance for my friend's Internet Connection. In other words: high loss together can slow down TCP to a crawl.

High latency, and Packet loss is one of the major problems of Internet Users in Mauritius. Emtel should look into improving its wireless coverage to reduce packet loss to at most one tenth for the Emtel Airbox customers to enjoy a decent Internet Connection. I'm also happy to see some action from Emtel and Orange to fix the peering. However, there's still a lot of work ahead of us.

Emtel AirBox & Orange latency test



Emtel Airbox

When Emtel announced their Airbox, I was initially thrilled, like many other Internet Users. A number of people who were very annoyed with Orange, decided to switch, causing Emtel to struggle to cope with the demand.

Orange to Emtel latency test

I asked a friend to give me his Emtel AirBox IP address to test the latency from my ISP to him, and also the other way round.

PING 154.71.9.70 (154.71.9.70) 56(84) bytes of data. 64 bytes from 154.71.9.70: icmp_seq=7 ttl=54 time=31.8 ms 64 bytes from 154.71.9.70: icmp_seq=8 ttl=54 time=12.0 ms 64 bytes from 154.71.9.70: icmp_seq=13 ttl=54 time=18.5 ms 64 bytes from 154.71.9.70: icmp_seq=16 ttl=54 time=10.6 ms 64 bytes from 154.71.9.70: icmp_seq=17 ttl=54 time=16.5 ms 64 bytes from 154.71.9.70: icmp_seq=19 ttl=54 time=13.5 ms ^C --- 154.71.9.70 ping statistics --- 19 packets transmitted, 6 received, 68% packet loss, time 18037ms
Wohoo ! It looks like Emtel and Orange are finally moving to correct the peering issues that I identified earlier. We now moved from 78ms to an average of 13ms from Orange to Emtel Airbox.

From Emtel to Orange

Nishal advised to also test the other way: from Emtel to Orange. I asked my friend to ping my Myt30MB/s IP address. The results are:
ping 41.136.241.246 ping 41.136.241.246 with 32 bytes of data: ly from 41.136.241.246: bytes=32 time=17ms TTL=54 ly from 41.136.241.246: bytes=32 time=12ms TTL=54 ly from 41.136.241.246: bytes=32 time=12ms TTL=54 statistics for 41.136.241.246: Packets: Sent = 4, Received = 3, Lost = 1 (25% loss), roximate round trip times in milli-seconds: Minimum = 12ms, Maximum = 17ms, Average = 13ms
Awesome ! We are also getting an average of 13ms from Emtel Airbox to Orange.

Wait a second !

How come we are observing 68% packet loss from Orange to Emtel ? That means that on average, more than 3/5 of the traffic is lost, and eventually re-transmitted. That's bad ! It's killing performance for my friend's Internet Connection. In other words: high loss together can slow down TCP to a crawl.

High latency, and Packet loss is one of the major problems of Internet Users in Mauritius. Emtel should look into improving its wireless coverage to reduce packet loss to at most one tenth for the Emtel Airbox customers to enjoy a decent Internet Connection. I'm also happy to see some action from Emtel and Orange to fix the peering. However, there's still a lot of work ahead of us.

Mauritius Internet Exchange Point and Our Latency




What is an Internet exchange point ?


An Internet Exchange Point is basically a busy bus station where all of the island internet traffic meets. I have a friend who lives in Mont Roches, and he lives very close by. We often play Counter Strike or other games. He could be an Emtel customer, whereas I am an Orange customer. It makes no sense for his gaming session to go through Europe or the US, when he is playing against myself. The same goes for me. The Mauritius Internet Exchange Point is where my traffic and his internet traffic can meet other. Instead of going through Europe, his ISP can talk to my ISP through the Internet Exchange Point. The advantage of doing that for Internet Users is that the latency is reduced. The time it takes for his internet traffic to reach my computer is reduced. At least that's how it's supposed to be.


A few weeks ago ...

While doing a latency test from Emtel to Orange, I realised that the latency was almost 350 ms . That's huge for traffic which is supposed to be managed by the Mauritius Internet Exchange Point. In countries like Kenya, The Kenyan Internet Exchange Point can reduce latencies among local ISP to 2-10 ms . 350ms is the latency I usually get from gaming servers in Europe.

I send a mail

Being curious, I write a mail, and I get a reply from one of the members of the Mauritius Internet Exchange Point Association, asking for more technical details.

A few days later ...

I do the same test from Emtel to Orange, and I get 78ms as latency ! That's cut almost to one third. That's reasonable, but in my humble opinion, if Kenyan Internet Exchange Point can get 2-10ms, why can't we get that ? What is the advantage of a very low latency in Mauritius ? Well, we can get fluid experience for gamers hosting Local matches. We can get our viber/whatsapp for people who do voice calls. Below 50ms, Interesting mobile applications for the Mauritian market can hatch. Right now, the voice quality of viber calls is horrible in Mauritius. If we had a local viber node, and latency of around 20ms, we would get great experience talking to another Mauritian on the island.

The future

I sincerely hope that the Mauritius Internet Exchange Point fixes the latency issue. 78 ms is still quite high for Local Internet Traffic between ISPs , where other countries are reaching 2-10ms between ISPs. I'm positive that my dream of improving the Internet in Mauritius is slowly coming reality as many gamers are currently getting better latencies from Emtel Airtel to Orange FTTH, and vice-versa. We can still do better !