Sunday, March 16, 2008

On the African Internet, no-one can hear you scream

When Pakistan Telecom tried to kill the Internet in an effort to stop the public seeing evil things on YouTube the other week, there was instant media-reaction and a fairly swift fix by the organisations involved. Things are different when you're a small Kenyan ISP, though; for about a day now, Africa Online (AS36915) has been off the Net after a major backbone operator, Abovenet (AS6461), erroneously announced their IP block to the rest of the world and caused a routing loop (i.e. router A sent their traffic to router B, which routed it to A...).

The good people of NANOG were on the case directly, but there's still no solution. It's hard to avoid the conclusion that fixing a small African ISP's upstream connectivity just isn't a priority; it's the weekend in fabulous Amsterdam, after all. PCCW, and everyone upstream of them, had every incentive to fix the YouTube route hijack; not only would they have been facing a barrage of complaints from their residential customers (what? no lolcats? no funneh 70s TV ads? no home-made smut?), but they would have been in hot water with, ah, Google had it kept up. And there was the self-righteousness factor; everybody wants to be standing up for freedom of expression.

Sadly, however, the prospect of falling out with Africa Online in Kenya scares nobody, except any of their customers who were counting on Internet service. Further, they aren't going to be the biggest account at Abovenet; nor will they have much choice of transit provider. It's been said many times before that the topological centre of the African Internet is Tookey St, SE1, so the possible diversity is limited. This hits them in more ways than one; this particular problem is harder to fix than ISI vs YouTube for a very good reason.

Internet routing always prefers the most specific route offered to a given destination; PakTel leaked a more-specific route for YouTube. But Abovenet hasn't, so this can't be fixed just by splitting Africa Online's block into two equally sized more specifics. Instead, the misroute spread precisely because it came from a big and core-centric operator; Internet routing always prefers the most direct route (defined as the one that transits the fewest networks), and unless you're Kenyan Abovenet will always be more direct than Africa Online, as they are concentrated on the North Atlantic. There's much more detail at Danny McPherson's; including some cracking visualisations using RIPE's BGPlay tools.

Which I can't see because Firefox 2, OpenSUSE, and the Java Runtime won't play nicely. I've done the arse-paralysingly user-hating install - download the RPM, which isn't actually an RPM but a shell script and an RPM, be root, do a chmod to make it executable, cd to the directory you want to put it in, mv the file over, run the shell script, ok the EULA in the command line, then do a command line rpm install of the file name without the .bin extension, cd into your /usr/lib/mozilla/plugins/ directory, and ln -s /usr/java/jre1.6.0_05/plugin/i386/ns7/ ./ assuming you chose /usr/java/, then close and reopen your browser. Seriously. But it still doesn't fucking work. about:plugins doesn't show it, and it still wants to download the JRE. And yes, I tried the option of ns7/gcc29/ as well.

Apart from the urgent necessity of me either getting a clue or murdering Scott McNealy with a rusty coathanger, what does this tell us? Well, Africa Online's fate is an example that rules and freedom are indivisible, John Locke's old insight; without implementation of routing security, anybody can bugger up anybody else's network and the bigger, stronger, and not to say whiter you are, the worse trouble you can cause and the longer it takes to fix it. Which is why I love the EU.

No comments:

kostenloser Counter