The world gets cloudier: AWS goes to Sao Pablo
Amazon launched the Sao Paulo region today for their AWS cloud services. I’m glad to see cloud providers branching out to new markets beyond the US and Europe. Apparently, both South American companies and international companies looking to serve the South American market have been clamoring for such a move from Amazon.
While this will be great for the tech scene there, I’m interested to know how this new infrastructure will benefit the broader community of South American Internet users, and in particular how this will impact the cost of international bandwidth in South America. Historically, international bandwidth costs have been a key limitation for the proliferation of affordable Internet access throughout the developing world. This makes sense: running international fiber is expensive, and it often requires a consortium of telco’s working together to make it happen (e.g., EASSy). The major cloud providers, on the other hand, have plenty of capital to finance submarine cable construction. Heck, they could build their own cable infrastructure if they wanted to: I’m sure Google and Amazon have the expertise to manage it well, too. In any case, I’m hopeful that we’ll see similar cloud infrastructure built in other traditionally underserved areas, such as Africa and South Asia, in the near future.
Bro IDS Cheat Sheet
My friend Matthias just posted a Bro language cheat sheet for the Bro IDS. Bro is a great tool for network measurement and monitoring. I’ve been using it for some traffic analysis I’m doing for my research. I’m still learning how to use Bro, but it’s one of those tools that I’m more excited about using every time I learn a bit more about it.
Why wireless mesh networks won’t save us from censorship
Or “why the reddit ‘Darknet Plan’ is a fun but misguided solution to the wrong problem”.
It’s exciting to see so much interest of late in the Darknet Plan hatched by redditors to build a second, people-owned, censorship-free Internet using a large-scale wireless mesh network. Freedom of speech on the Internet is an important issue and it’s important for all of us to take it seriously. Additionally, as someone who thinks wireless networks are the bee’s knees (and who does research on wireless networks in his day job), it’s exciting to see so much interest in using wireless to circumvent censorship.
That’s why it’s painful for me to say, “hey guys, this isn’t going to work”.
I got into this space about five years ago to build a community-owned Internet using solar power and wireless mesh networks — censorship circumvention wasn’t an explicit goal, but it was part of the broader vision. I actually wound up building a couple sizable networks using equipment like this (Orangemesh grew out of this work). After a couple years I developed a pretty good understanding that wireless mesh networks aren’t actually a good way to build a real network. These are a few of those reasons.
Read More »Pirate Party wins 8% of vote in Berlin elections
I remember when the first Pirate Party was created in 2006 (back in the days when I still read 2600 and went to high school). I’m thrilled to see that in the ensuing years the party has taken hold in multiple countries and has expanded its agenda to become more than a single-issue party. To paraphrase a point made by Evgeny Morozov at a talk I was at yesterday, the best outcome for a movement started on the Internet is the formation of a party that can engage with the political system in a meaningful way to create change.
The Case of the Mystery IGMP Query Request
I’ve spent two days trying to track down the source of mystery IGMP query requests on a network emulation testbed I’m building. All the machines are (essentially) stock installations of Ubuntu 11.04, with no services running besides sshd.
One of my machines acts as a poor man’s Ethernet tap. Its two NICs, which are connected to the two machines that run the system I’m testing, are bridged together, allowing me to run tcpdump on the bridge interface (br0) to capture packet traces from the experiments I run*.
I noticed some strange IGMP queries originating from this monitor machine, and after several hours of hunting for the source I found that it was actually coming from this bridge device! It turns out that the bridge module in Linux supports IGMP snooping. I’m sure this is a useful feature for certain scenarios, but when you’re trying to make sure no non-intentional traffic is moving across your NICs it is not at all useful.
Anyway, once you’ve figured this out the solution is simple: just disable IGMP snooping. You can (thankfully) do this via a sysctl variable:
cd /sys/devices/virtual/net/br0/bridge
echo 0 | sudo tee multicast_snooping
Once you do this, the pesky IGMP queries will go away. You can make this permanent (in Ubuntu, anyway) by adding these lines to a script under /etc/network/if-up.d/.
This page was helpful in solving this problem, as it provides documentation about the sysfs features of the bridge module.
*Yes, I know this is not a real Ethernet tap, but with the equipment, budget, and schedule I have (as well as my desire to run at 1Gbps, rather than 100Mbps) this is the best I can do.