Handling an Internet Bandwidth Hog

I noticed that our company internet was very slow – and it wasn’t long before one of the higher-ups also noticed and asked me about it.

I went to SpeedTest.net and ran a test – the speeds measured were a fraction of what we should have been getting.

So I went to our pfSense firewall and looked at the traffic graphs (in the Status menu). Sure enough, outbound traffic was maxed out. I noticed that one particular host was responsible for virtually all traffic across the firewall.

This means that not only is Internet traffic for all being slowed down, but so is any traffic bound for the remote data center.

I added a rule to block the host temporarily and then reset all of their connections using the States tab (under the Diagnostics menu).

Eventually the user came and we straightened everything out. I asked them what they were doing, and it was a massive download they had started. Handling the user and educating the user is as important as bringing the Internet back to normal.

Lessons in Communications and Reliability Learned from Egypt

You may have already heard about what has been happening in Egypt. If not, the Arab media source Al Jazeera has a dedicated page on the topic. You can watch a live Twitter stream from Twitterfall.

As a part of what is happening in Egypt, Internet access in the country was disrupted and blocked, and cell phone service was halted. In particular, DNS servers were shut down or blocked, and web sites such as Facebook and Twitter were blocked completely. The majority of Egyptian ISPs shut down as well, effectively removing all access to the Internet to Egyptian citizens.

Here are some of the resolutions to these problems that Egyptians found:

  • Broadcast access to Internet via open wireless access points. With wireless access points set up, only one person needs to set up the Internet in order for dozens to receive it. At least one ISP in Egypt remained up (due to government and bank usage) – providing an open hot spot expanded
  • Use gateways and proxies to reach forbidden web sites. Routing traffic to other sites – sites that aren’t blocked – permits access to the blocked sites. This is a form of “forced routing” that goes around censorship.
  • Use alternate DNS servers or IP addresses or both. There are public DNS servers available to all such as Google and OpenDNS; if DNS is down one can switch to these if you know how – and use IP addresses if you don’t.
  • Use out-of-country dialup services. Several ISPs gave out public access to their dialup services for Egyptian citizens to reach the outside.
  • Use non-internet-based methods of communication. In Egypt, there were printed leaflets, as well as amateur radio. When communication via the Internet is out, there are alternatives.

There is a web page that details all the possibilities for getting communication out of Egypt.

If you can handle a man-made disaster – such as the cutoff of Egypt from the Internet, or the dismantling of the Wikileaks technical structure – then natural disasters seem pale by comparison.

We’ll pray for safety and recovery in Egypt.

Court: FCC has no jurisdiction over the Internet

This court decision by the United States Federal Court of Appeals for the DC Circuit was not entirely unexpected, but it does not bode well for net neutrality. The case is Comcast v. FCC. Comcast put out a press release praising the decision and stated their commitment to “open Internet”. A party to the case, freepress, put out their own release. One notable quote from freepress is the following:

[Because of the decision, t]he FCC has virtually no power to make policies to bring broadband to rural America, to promote competition, to protect consumer privacy or truth in billing.

Net neutrality is the idea that all network traffic should be treated equally, without regard to content or source. What got Comcast in trouble with the FCC was interfering with peer-to-peer traffic such as BitTorrent.

Internet and legal blogs and press were all abuzz with talk of the decision. Bloggers that reacted included the Electronic Frontier Foundation, the Wall Street Journal (including WSJ blogs like Digits), Larry Downes (with the Stanford Center for Stanford Center Internet and Society), the New York Times, the Center for Democracy and Technology, Above the Law, the ACLU, and so many endless others.

If the Federal Communications Commission (FCC) cannot sanction a company (Comcast, in this case) for the way it throttled Internet access for its customers, then access to selected sites can be denied or slowed down upon an arbitrary decision by the company. Sites like Google could be charged different prices by their ISPs than other sites, web sites could be blocked, users charged different prices depending on their usage – how much and what kind – and more.

Imagine if your phone company could charge you more for making calls to businesses – or certain businesses. Imagine if the phone company decided that you couldn’t call certain companies. Imagine that your phone company decided you couldn’t order a pizza.

The way this decision stands, it sounds like the FCC no longer has any right to regulate the Internet at all – which leaves us at the mercy of the big ISPs. I hope this gets corrected by the US Supreme Court or the US Congress and soon.