Impacts of Encryption Everywhere (any solution?)
Ben Cannon
ben at 6by7.net
Mon May 28 18:22:27 UTC 2018
I’m sorry I simply believe that in 2018 with the advanced and cheap ptp radio (ubiquiti anyone? $300 and I have a 200mbit/sec link over 10miles! Spend a bit more and go 100km) plus the advancements in cubesats about to be launched, even the 3rd world can simply get with the times.
-Ben
> On May 28, 2018, at 10:57 AM, Mike Hammett <nanog at ics-il.net> wrote:
>
> To be fair, most of the conversation is people not realizing the OP is in a third world country and believe that 1 mbit/s isn't enough for a single user much less a village.
>
> https://www.facebook.com/groups/ubntedgeos/permalink/1046305928855488/
>
>
> Also, I think it's 40 kilotbit/s per user (so probably dial-up), not 40 kilobit/s for the whole village. The whole village may very well have 1 megabit/s worth of dial-up connections, but everyone potentially able to go to 1 megabit is a lot more useful than capping each to 40 kilobit/s.
>
>
>
>
> -----
> Mike Hammett
> Intelligent Computing Solutions
>
> Midwest Internet Exchange
>
> The Brothers WISP
>
> ----- Original Message -----
>
> From: "Grant Taylor via NANOG" <nanog at nanog.org>
> To: nanog at nanog.org
> Sent: Monday, May 28, 2018 11:17:10 AM
> Subject: Re: Impacts of Encryption Everywhere (any solution?)
>
>> On 05/28/2018 08:23 AM, Mike Hammett wrote:
>> To circle back to being somewhat on-topic, what mechanisms are available
>> to maximize the amount of traffic someone in this situation could
>> cache? The performance of third-world Internet depends on you.
>
> I've personally played with Squid's SSL-bump-in-the-wire mode (on my
> personal systems) and was moderately happy with it. - I think that
> such is a realistic possibility in the scenario that you describe.
>
> I would REQUIRE /open/ and /transparent/ communications from the ISP and
> a *VERY* strict security control to the caching proxy. I would naively
> like to believe that an ISP could establish a reputation with the
> community and build a trust relationship such that the community was
> somewhat okay with the SSL-bump-in-the-wire.
>
> It might even be worth leveraging WPAD or PAC to route specific URLs
> direct to some places (banks, etc) to mitigate some of the security risk.
>
> I would also advocate another proxy on the upstream side of the 1 Mbps
> connection (in the cloud if you will) primarily for the purpose of it
> doing as much traffic optimization as possible. Have it fetch things
> and deal with fragments so that it can homogenize the traffic before
> it's sent across the across the slow link. I'd think seriously about
> throwing some CPU (a single core off of any machine in the last 10 years
> should be sufficient) at compression to try to stretch the bandwidth
> between the two proxy servers.
>
> I'd also think seriously about a local root DNS zone slave downstream,
> and any other zone that I could slave, for the purpose of minimizing the
> number of queries that need to get pushed across the link.
>
> I've been assuming that this 1 Mbps link is terrestrial. Which means
> that I'd also explore something like a satellite link with more
> bandwidth. Sure the latency on it will be higher, but that can be
> worked with. Particularly if you can use some intelligence to route
> different CoS / ToS / DiffServ (DSCP) across the different links.
>
> I think there are options and things that can be done to make this viable.
>
> Also, considering that the village has been using a 40 kbps link,
> sharing a 1 Mbps (or 1,000 kbps) link is going to be a LOT better than
> it was. The question is, how do you stretch a good thing as far as
> possible.
>
> Finally, will you please provide some pointers to the discussion you're
> talking about? I'd like to read it if possible.
>
>
>
> --
> Grant. . . .
> unix || die
>
More information about the NANOG
mailing list