Re: ASNs decimation in ZW this morning
On 15 Jan 2019, at 17:03, C. A. Fillekes <cfillekes@gmail.com> wrote:
Whole countries falling off the net? BUT TEH TOP POSTINGS!!!
I'm a little frustrated with the very existence of that thread.
Trying to constructively change the topic to something more interesting lol.
I guess the concerning thing to me is that the whole point of packet switched networks was to provide resilience in the face of e.g. civil disorder.
On Tue, Jan 15, 2019 at 11:50 AM Colin Johnston <colinj@gt86car.org.uk <mailto:colinj@gt86car.org.uk>> wrote: sorry top posting, yup whatsup doesnt work in harare. phone circuits land ok though and checked ok
col
Sent from my iPod
On 15 Jan 2019, at 15:42, C. A. Fillekes <cfillekes@gmail.com <mailto:cfillekes@gmail.com>> wrote:
On Tue, Jan 15, 2019 at 10:34 AM C. A. Fillekes <cfillekes@gmail.com <mailto:cfillekes@gmail.com>> wrote:
So @meileaben on twitter this morning notes:
Many #Zimbabwe <https://twitter.com/hashtag/Zimbabwe?src=hash> Internet routes withdrawn around 9:30 UTC amidst civil unrest in the country. near-realtime on #RIPEstat <https://twitter.com/hashtag/RIPEstat?src=hash> here: https://stat.ripe.net/ZW <https://t.co/sgJ4O3310z> #OpenNetworkIntelligence <https://twitter.com/hashtag/OpenNetworkIntelligence?src=hash> #ZimbabweShutdown <https://twitter.com/hashtag/ZimbabweShutdown?src=hash>
https://twitter.com/meileaben/status/1085118237157851136 <https://twitter.com/meileaben/status/1085118237157851136>
wondering if anyone here has additional info on that. Looing at stat.ripe.net/ZW <http://stat.ripe.net/ZW> now it looks as though one (out of an original 18, current 9) ASN has recovered, but kind of curious as to what exactly happened there.
So Bloomberg notes that a number of ISPs were shut down to quell online protest https://www.bloomberg.com/news/articles/2019-01-15/by-killing-the-internet-z... <https://www.bloomberg.com/news/articles/2019-01-15/by-killing-the-internet-zimbabwe-kills-commerce-and-the-lights> but are there no work-arounds available, if implemented?
zimbabwe situation link below re telecom problems https://www.zimbabwesituation.com/news/zimbabwe-telecoms-jammed-after-violen... <https://www.zimbabwesituation.com/news/zimbabwe-telecoms-jammed-after-violent-protests-report/> I was back in Zim myself last month as well to see family children, internet was working well then inc whats up, mobile and adsl. I wonder how they block social media sites/whats up, is it null routing on peering cores or filtering since did not see filtering in place from ZIM<>UK last month... Colin
On 16/Jan/19 15:54, Colin Johnston wrote:
I wonder how they block social media sites/whats up, is it null routing on peering cores or filtering since did not see filtering in place from ZIM<>UK last month...
In Africa, the majority of connectivity happens over mobile networks. So it's easy to "fix" it, since mobile networks have some of the most advanced DPI's in any network. For those not aware, Emmerson Mnangagwa, the Zimbabwean president, increased fuel prices from US$1.24/litre to US$3.11/litre for diesel, and US$1.31/litre to US$3.31/litre for petrol. This is what led to (violent) protests, and as such, networks being asked to shutdown services. Mark.
Im confused as to what exactly happened and how it was implemented. I assume the government wanted to restrict access to sites like whatsapp, facebook, twitter, etc.,. So did they tell national ISPs/Mobile (strong-arm) to simply block access to those sites, or they did they tell them to completely shutdown and go dark until the protests were over. Im just curious as to how an ISP/Mobile would selectively block access under government influence, reason being... understanding how can help us think of ways to get around it. For example, lets say the mobile networks null routed all traffic destined to twitter and facebook networks... not a complete IP shutdown. So a local citizen is using email from a local provider (non-gmail, etc.,.) and still has access to email, Twitter knows they are blocked in ZW, but they still try to email updates to this example citizen. If their networks are being null routed, they can simply deliver the email via an alternate network/platform. The whole thing is very disturbing, I mean this is 2019 right? Not 1984... -John On 1/16/19 9:06 AM, Mark Tinka wrote:
On 16/Jan/19 15:54, Colin Johnston wrote:
I wonder how they block social media sites/whats up, is it null routing on peering cores or filtering since did not see filtering in place from ZIM<>UK last month...
In Africa, the majority of connectivity happens over mobile networks. So it's easy to "fix" it, since mobile networks have some of the most advanced DPI's in any network.
For those not aware, Emmerson Mnangagwa, the Zimbabwean president, increased fuel prices from US$1.24/litre to US$3.11/litre for diesel, and US$1.31/litre to US$3.31/litre for petrol. This is what led to (violent) protests, and as such, networks being asked to shutdown services.
Mark.
On 16/Jan/19 19:49, John Von Essen wrote:
Im confused as to what exactly happened and how it was implemented. I assume the government wanted to restrict access to sites like whatsapp, facebook, twitter, etc.,. So did they tell national ISPs/Mobile (strong-arm) to simply block access to those sites, or they did they tell them to completely shutdown and go dark until the protests were over. Im just curious as to how an ISP/Mobile would selectively block access under government influence, reason being... understanding how can help us think of ways to get around it.
For example, lets say the mobile networks null routed all traffic destined to twitter and facebook networks... not a complete IP shutdown. So a local citizen is using email from a local provider (non-gmail, etc.,.) and still has access to email, Twitter knows they are blocked in ZW, but they still try to email updates to this example citizen. If their networks are being null routed, they can simply deliver the email via an alternate network/platform.
The whole thing is very disturbing, I mean this is 2019 right? Not 1984...
It's not unusual for networks to be shutdown, particularly during riots and/or elections. I'm not saying it's right or wrong, I'm just saying it's not unusual. This happened during the recent elections in Uganda and Kenya, for example. Typically, the operating licenses issued by the gubbermints to operators provide for legal avenues by the gubbermint to shutdown services. It is not the gubbermint's responsibility as to how this is implemented by the operators, just that it be done. In recent years, social media resources have been targets, so Facebook, WhatsApp, Twitter et al. However, if the gubbermint takes a broader approach, it's up to the operator to figure out how to do it. Failure to comply can result in arrests, fines, jail or even revocation of the license. All mobile operators have terribly advanced DPI infrastructure, so it's not difficult to shut services down at a very granular level. Operators that deliver services via terrestrial means also employ DPI infrastructure, because selling bandwidth access by the Gig-loads is big business :-\. So they, too, can implement shutdowns with a reasonable degree of granularity. Mark.
On 17 Jan 2019, at 09:07, Mark Tinka <mark.tinka@seacom.mu> wrote:
On 16/Jan/19 19:49, John Von Essen wrote:
Im confused as to what exactly happened and how it was implemented. I assume the government wanted to restrict access to sites like whatsapp, facebook, twitter, etc.,. So did they tell national ISPs/Mobile (strong-arm) to simply block access to those sites, or they did they tell them to completely shutdown and go dark until the protests were over. Im just curious as to how an ISP/Mobile would selectively block access under government influence, reason being... understanding how can help us think of ways to get around it.
For example, lets say the mobile networks null routed all traffic destined to twitter and facebook networks... not a complete IP shutdown. So a local citizen is using email from a local provider (non-gmail, etc.,.) and still has access to email, Twitter knows they are blocked in ZW, but they still try to email updates to this example citizen. If their networks are being null routed, they can simply deliver the email via an alternate network/platform.
The whole thing is very disturbing, I mean this is 2019 right? Not 1984...
It's not unusual for networks to be shutdown, particularly during riots and/or elections. I'm not saying it's right or wrong, I'm just saying it's not unusual.
This happened during the recent elections in Uganda and Kenya, for example.
Typically, the operating licenses issued by the gubbermints to operators provide for legal avenues by the gubbermint to shutdown services. It is not the gubbermint's responsibility as to how this is implemented by the operators, just that it be done.
Would a service be viewed as the same as (layer2 connectivity to a out of country layer3/layer4 endpoint). ie ip source out of country but connectivity layer in country ? satcomms in effect but terrestrial based pvc with leaf router out of country. Colin
In recent years, social media resources have been targets, so Facebook, WhatsApp, Twitter et al. However, if the gubbermint takes a broader approach, it's up to the operator to figure out how to do it. Failure to comply can result in arrests, fines, jail or even revocation of the license.
All mobile operators have terribly advanced DPI infrastructure, so it's not difficult to shut services down at a very granular level.
Operators that deliver services via terrestrial means also employ DPI infrastructure, because selling bandwidth access by the Gig-loads is big business :-\. So they, too, can implement shutdowns with a reasonable degree of granularity.
Mark.
On 17/Jan/19 11:29, Colin Johnston wrote:
Would a service be viewed as the same as (layer2 connectivity to a out of country layer3/layer4 endpoint). ie ip source out of country but connectivity layer in country ? satcomms in effect but terrestrial based pvc with leaf router out of country.
Logically, Layer 2 services would not apply. But this is because gubbermints are clueless about the differences between the various layers. Mark.
However, like the Internet Off switch installed in the Pentagon after 911 (which shutdown the DNS Severs), you may find that you have to reboot the Internet so you can upload your Save the World video to Twitter ... --- The fact that there's a Highway to Hell but only a Stairway to Heaven says a lot about anticipated traffic volume.
-----Original Message----- From: NANOG [mailto:nanog-bounces@nanog.org] On Behalf Of Mark Tinka Sent: Thursday, 17 January, 2019 02:47 To: Colin Johnston Cc: nanog@nanog.org Subject: Re: ASNs decimation in ZW this morning
On 17/Jan/19 11:29, Colin Johnston wrote:
Would a service be viewed as the same as (layer2 connectivity to a out of country layer3/layer4 endpoint). ie ip source out of country but connectivity layer in country ? satcomms in effect but terrestrial based pvc with leaf router out of country.
Logically, Layer 2 services would not apply. But this is because gubbermints are clueless about the differences between the various layers.
Mark.
On 17/Jan/19 16:57, Keith Medcalf wrote:
However, like the Internet Off switch installed in the Pentagon after 911 (which shutdown the DNS Severs), you may find that you have to reboot the Internet so you can upload your Save the World video to Twitter ...
On 18 Jan 2019, at 11:52, Mark Tinka <mark.tinka@seacom.mu> wrote:
On 17/Jan/19 16:57, Keith Medcalf wrote:
However, like the Internet Off switch installed in the Pentagon after 911 (which shutdown the DNS Severs), you may find that you have to reboot the Internet so you can upload your Save the World video to Twitter ...
https://www.youtube.com/watch?v=RYHci_KYIT4
Mark.
someone needs to tell Zim Gov that BACS-IP payroll needs IP connectivity to banks to pay gov employees otherwise.... Col
participants (4)
-
Colin Johnston -
John Von Essen -
Keith Medcalf -
Mark Tinka