Thank you very much Andrew. I am completely 100% on your side. We should know that no ISP can really tell whether one is torrenting or binge watching video at 4k. What they look for is patterns. If “you” are not sleeping, at 100% bandwidth for 48 hours straight, you are a bot, perhaps torrent software. In my opinion, the timing of disclosing of the FUPs are not the issue. No one lamented when Safaricom doubled the bandwidth at the same cost, last year this time. Did they read the T&Cs. Many did not. We are now being “forced" to be aware of what we are doing with bandwidth we did not have when we started with on our package of choice. We have to decide to take the limitation or find some other ISP. We don’t like that. So like good Kenyans, we complain loudly. Unless we have forgotten our cybercafe (“cyber") experiences, bandwidth restraints were a horror for all of us who were not seeking to score cheap points on “Demonoid” or some other torrent network. “Normally” if you wanted, say Photoshop (most globally ‘pirated’ software at that time), you would spend the day at the cybercafe doing getting your torrent of bootleg stash. But there were those people who leave torrents flowing from the previous night or early morning once the cyber is running and go to work, hoping to come back later and pick their “gigs” of software. Clients come to the cyber and take a seat at a computer, paying for the time and find that someone’s torrent is running in the background of the computer they are on. No way. Torrent … gone or at best switched off. However, the cyber management started charging for these “services" and once clients started paying for CDs and DVDs of software or even movies, this problem eased even as the overall bandwidth increased. However, “peculiar" habits have not changed, these practices have just moved to the house. So two things are coming out of this: 1) Many of the buildings that were wired and had “Corporate Fibre accounts” have been abandoned. The SMEs have moved. So there needs to be an “SME” package with 100Mbit to 500Mbit speeds with no caps at the market price. These should be for business use, which will be recovered by the business as a utility cost. Safaricom and other ISPs need to cater for “SMEs" that are now working from “home”. 2) Safaricom and other ISPs need to track those who ‘misuse’ bandwidth and tell them about their patterns and suggest an upgrade to the SME packages we have talked about. That would be a win / win. Overall, we need to be reasonable. This attitude of “I am paying for it” while not accepting the realities governing the ISPs needs to addressed. Either we are looking out for the other people using the same services as we are at a particular ISP or we accept “free” (not fair) market forces and that will hurt everyone. PS: Your details on packet inspection are gold for any network engineer wannabe. Jimmy Gitonga @Afrowave Web : Motion On 18 Feb 2021, 10:49 +0300, kictanet-request@lists.kictanet.or.ke, wrote:
Send kictanet mailing list submissions to kictanet@lists.kictanet.or.ke
To subscribe or unsubscribe via the World Wide Web, visit https://lists.kictanet.or.ke/mailman/listinfo/kictanet or, via email, send a message with subject or body 'help' to kictanet-request@lists.kictanet.or.ke
You can reach the person managing the list at kictanet-owner@lists.kictanet.or.ke
When replying, please edit your Subject line so it is more specific than "Re: Contents of kictanet digest..."
Today's Topics:
1. Re: Safaricom changes to home fibre ToS (Andrew Alston)
----------------------------------------------------------------------
Message: 1 Date: Thu, 18 Feb 2021 07:47:05 +0000 From: Andrew Alston <Andrew.Alston@liquidtelecom.com> To: Ali Hussein <ali@hussein.me.ke> Cc: KICTAnet ICT Policy Discussions <kictanet@lists.kictanet.or.ke> Subject: Re: [kictanet] Safaricom changes to home fibre ToS Message-ID: <VI1PR03MB50562B03C2DCE9AC3DC34B49EE859@VI1PR03MB5056.eurprd03.prod.outlook.com>
Content-Type: text/plain; charset="utf-8"
Safaricom did tell you about the FUP ? unlike most ISP?s in the world that never disclose what those FUP?s are.
Also ? I?d be very careful about alleging that ISP?s are all looking at user data ? particularly because it?s a patently false allegation that all data is analyzed on all links. Yes ? some ISP?s probably do do that kinda DPI on every circuit ? but it certainly isn?t the case for a large portion of them ? because its not economically feasible to do it.
Again, someone would have to pay for those analytics engines ? and having written a significant amount of code to detect ddos attacks using pure packet headers (metadata) ? I can tell you flatly that this belief that an ISP is sniffing every packet and analyzing it ? is a conspiracy theory with very little basis in fact.
To back this up ? on a software based platform ? the following is the processing pipeline for packet analytics of packet metadata
1. Receive the packet 2. Categorize the packet * By the Ethernet Protocol ID (IPv4, IPv6, possibly .1q tags) * By the Layer 4 Protocol byte (Specifically byte 9 of the IP header in V4 traffic) * Store the 32bit Source and Destination ? combined with the Source and Destination port of the Layer 4 header dependent on if its UDP or TCP * Hash the whole lot and place it into a lookup table against the 5 way tuple. 3. Even if you vectorize that process ? you are still looking at a coupla milliseconds per packet ? times millions of packets a second. A modern server can do that kinda accounting at ~20gigabit/second if they bypass kernel which bloats things ? but ? they haven?t touched the data segment of the packet. 4. If you look at Cisco routers ? if you do port mirroring ? you are limited to mirroring the first 128 bytes of the packet ? because the replication of anything beyond that kills performance, it can?t be done at line rate 5. If you look at Juniper routers ? you can port mirror for analytics on the full packet ? but at the cost of performance. 6. On hardware asic based routing ? analytics such as you are referring to requires CPU punt ? because the asics aren?t designed to do what you are proposing.
A 10gig circuit can be running in excess of a million packets a second ? even if you are vectorizing the packet processing ? just analyzing the headers to categorize it ? before you attempt to hash it and bucket it ? requires a minimum of 100 instructions post packet receipt ? add the hashing and bucketing ? you?re looking at a few thousand instructions to the CPU *per packet* - add the payload analytics ? this goes up by orders of magnitude ? last I checked ? ISP?s don?t have super computers lying around.
If you want full DPI to the level of analytics you are proposing ? you HAVE to analyze the full payload content of the packet ? and while there are boxes that can do this ? they cost *millions* (of dollars not KSH) ? and ISP?s generally aren?t gonna spend that kinda money unless they have to ? because the cost has to be passed to the users.
Andrew
From: Ali Hussein <ali@hussein.me.ke> Date: Thursday, 18 February 2021 at 10:32 To: Andrew Alston <Andrew.Alston@liquidtelecom.com> Cc: KICTAnet ICT Policy Discussions <kictanet@lists.kictanet.or.ke> Subject: Re: [kictanet] Safaricom changes to home fibre ToS Andrew
Wacha kizungu mingi (I think you are Kenyan enough to understand what I've just said). ?
Let me put you on the spot. To come up with FUP's you already know whose doing what so that 'innocence' of telling us about privacy now is moot. You all use these tools to snoop on us. Period. Now do it for the benefit of the customer. Not yours. This is really very simple. You all are crying foul about costs blah blah...but when you were wooing us you didn't tell us about FUP...
Do the right thing mate...Be on the right side of history.
Regards
Ali Hussein
Digital Transformation
Tel: +254 713 601113
Twitter: @AliHKassim
Skype: abu-jomo
LinkedIn: http://ke.linkedin.com/in/alihkassim<http://ke.linkedin.com/in/alihkassim>