Impacts of Encryption Everywhere (any solution?)

Mon May 28 19:19:21 UTC 2018

I know the fixed wireless space quite well. If there's no Internet to be had, it doesn't matter how quickly you can distribute it. 

He did say that (for whatever reason), relaying off of mountain-top sites to get to better connectivity wasn't a viable option. 

The yet-to-be-deployed satellite constellations don't do anyone any good today. 

----- 
Mike Hammett 
Intelligent Computing Solutions 

Midwest Internet Exchange 

The Brothers WISP 

----- Original Message -----

From: "Ben Cannon" <ben at 6by7.net> 
To: "Mike Hammett" <nanog at ics-il.net> 
Cc: nanog at nanog.org 
Sent: Monday, May 28, 2018 1:22:27 PM 
Subject: Re: Impacts of Encryption Everywhere (any solution?) 

I’m sorry I simply believe that in 2018 with the advanced and cheap ptp radio (ubiquiti anyone? $300 and I have a 200mbit/sec link over 10miles! Spend a bit more and go 100km) plus the advancements in cubesats about to be launched, even the 3rd world can simply get with the times. 

-Ben 

> On May 28, 2018, at 10:57 AM, Mike Hammett <nanog at ics-il.net> wrote: 
> 
> To be fair, most of the conversation is people not realizing the OP is in a third world country and believe that 1 mbit/s isn't enough for a single user much less a village. 
> 
> https://www.facebook.com/groups/ubntedgeos/permalink/1046305928855488/ 
> 
> 
> Also, I think it's 40 kilotbit/s per user (so probably dial-up), not 40 kilobit/s for the whole village. The whole village may very well have 1 megabit/s worth of dial-up connections, but everyone potentially able to go to 1 megabit is a lot more useful than capping each to 40 kilobit/s. 
> 
> 
> 
> 
> ----- 
> Mike Hammett 
> Intelligent Computing Solutions 
> 
> Midwest Internet Exchange 
> 
> The Brothers WISP 
> 
> ----- Original Message ----- 
> 
> From: "Grant Taylor via NANOG" <nanog at nanog.org> 
> To: nanog at nanog.org 
> Sent: Monday, May 28, 2018 11:17:10 AM 
> Subject: Re: Impacts of Encryption Everywhere (any solution?) 
> 
>> On 05/28/2018 08:23 AM, Mike Hammett wrote: 
>> To circle back to being somewhat on-topic, what mechanisms are available 
>> to maximize the amount of traffic someone in this situation could 
>> cache? The performance of third-world Internet depends on you. 
> 
> I've personally played with Squid's SSL-bump-in-the-wire mode (on my 
> personal systems) and was moderately happy with it. - I think that 
> such is a realistic possibility in the scenario that you describe. 
> 
> I would REQUIRE /open/ and /transparent/ communications from the ISP and 
> a *VERY* strict security control to the caching proxy. I would naively 
> like to believe that an ISP could establish a reputation with the 
> community and build a trust relationship such that the community was 
> somewhat okay with the SSL-bump-in-the-wire. 
> 
> It might even be worth leveraging WPAD or PAC to route specific URLs 
> direct to some places (banks, etc) to mitigate some of the security risk. 
> 
> I would also advocate another proxy on the upstream side of the 1 Mbps 
> connection (in the cloud if you will) primarily for the purpose of it 
> doing as much traffic optimization as possible. Have it fetch things 
> and deal with fragments so that it can homogenize the traffic before 
> it's sent across the across the slow link. I'd think seriously about 
> throwing some CPU (a single core off of any machine in the last 10 years 
> should be sufficient) at compression to try to stretch the bandwidth 
> between the two proxy servers. 
> 
> I'd also think seriously about a local root DNS zone slave downstream, 
> and any other zone that I could slave, for the purpose of minimizing the 
> number of queries that need to get pushed across the link. 
> 
> I've been assuming that this 1 Mbps link is terrestrial. Which means 
> that I'd also explore something like a satellite link with more 
> bandwidth. Sure the latency on it will be higher, but that can be 
> worked with. Particularly if you can use some intelligence to route 
> different CoS / ToS / DiffServ (DSCP) across the different links. 
> 
> I think there are options and things that can be done to make this viable. 
> 
> Also, considering that the village has been using a 40 kbps link, 
> sharing a 1 Mbps (or 1,000 kbps) link is going to be a LOT better than 
> it was. The question is, how do you stretch a good thing as far as 
> possible. 
> 
> Finally, will you please provide some pointers to the discussion you're 
> talking about? I'd like to read it if possible. 
> 
> 
> 
> -- 
> Grant. . . . 
> unix || die 
> 