Monday, June 06, 2005

State of the LAN

This is the article i wrote for the inaugural issue of "The Scholars' Avenue", IIT Kharagpur's student newspaper.

We love the LAN; we hate the LAN.

KGP’s love affair with the hostel network has now hit a rough patch. The semester began on a bad foot, with the network being held responsible for events that meant bad press for the institute. Curbs on the LAN were expected. Many measures were rumored imminent, and some steps the CIC took reinforced these rumors. In this report on the state of the LAN, ScholsAv tries to make sense of the institute’s unwritten network policy.


The speed of the net connection has fallen perceptibly this semester. Here’s our assessment of the events that led to this decline.

The total bandwidth of IIT’s external links has not decreased. Earlier there were four proxy servers, for the Singtel link and 213/214 for the VSNL link. Most people used direct connection, so these proxy servers did not carry much traffic.

This semester the institute decided to install URL blocking – direct connection was discontinued in order to force all traffic through the filtering proxy servers. Moreover, the VSNL link was made unavailable from the hostels. To handle the expected increase in the Singtel traffic, three new proxy servers were set up – The CIC did not buy new servers, so these are reportedly not the best hardware. The CIC denies this, but admits that the setup of proxies may not be “optimal”, and they’re working on it.

The bandwidth of the proxy servers are further choked by the filtering system. It searches within the URL for each request, comparing with a list of nearly 3000 blocked words and URL’s. The bandwidth capacity of the proxy servers must have been reduced considerably due to this.

The main task of the administrators now is to filter and block, not to optimize and improve. As long as this remains the case, the net is only likely to get slower.

any working pr0xy?

We used to laugh when newspaper articles said IIT Kharagpur had a “24 hour” LAN facility. “It’s not like someone has to sit there and push buttons all day…” Guess who had the last laugh.

In 2003, CIC blocked net access during the day (8 am to 5:30 pm), after some professors complained that internet access was luring students away from classes. This may have seemed such an obvious solution, that the actual effects of this measure were never seriously noted. However, it is not as straightforward as it seems.

For most of us, local student-run "servers" provide most of the entertainment – movies and songs from DC++, Mutter, Tourneys, Radios, etc. Other than keeping in touch with friends outside, the internet is only used for real learning purposes. This may not have been so when the ban was installed, as there were fewer student servers then, but this is the case now. If someone wants to spend time at his computer instead of attending class, blocking net access alone is not gonna change his mind.

On the other hand, forcing people to research at night stretches the KGPian’s already long day. According to the CIC website, bandwidth usage peaks around midnight and stays there till 4-5 am. If at 4 am KGP is downloading at 5 Mbps, it’s quite likely that people don’t turn up for that 7:30 class.

Instead of increasing attendance, the daytime block may actually be decreasing attendance in morning classes and delaying assignment submissions.

Welcome To .:: Hit Hi Fit Hai ::.

Filesharing is a big grey area. There were rumors at the beginning of the semester that there were going to be regulations on filesharing – an “official” hub, and a ban on other hubs. Those weren’t true – most of the CIC administrators are unaware of the DC network, and are definitely not responsible for the hub regulations.

To the question about whether filesharing was allowed at all, we were told, “Even if the institute decided that Shareaza should not be used, we cannot enforce such a rule.” We can assume that means filesharing is safe for now.

On the other hand there is a very good reason for the institute to encourage filesharing – economy. The bandwidth of the external links is only a few Mbps, while bandwidth within the LAN is several Gbps. If someone has already downloaded a particular file from the slower internet connection, others can get it over filesharing. This means that the file had to be downloaded from the internet only once – and not once for each user. This translates into huge savings of the external link’s bandwidth.
For similar performance gains by using a caching proxy, the proxy server has to have a 10,000 Gb hard disk!

The connection was refused…

The web (as in web pages) is not the only service on the internet. The normal proxies we have are only for web access, and allow connections only to port 80 and 81. The CIC provides another proxy server for accessing FTP and telnet (see box). We were told that other ports could be unblocked on request, if some academically useful software required this; such exemptions are usually granted on a per-ip basis.

So right now there is no official way to connect to internet services like email (POP, IMAP and SMTP), newsgroups (NNTP), etc. This had stopped Richard Stallman from checking his email while he was here… you’ll remember what he had to say about this, if you’d attended his lecture. It is difficult to see what this accomplishes, other than preventing P2P software from connecting. It does block a lot of useful communication tools, as well as a good number of software installers that check for updates.

Here’s a bizarre side story about this. The springfest web site was hosted on a server outside, and had to be updated through FTP. Back then the FTP proxy server wasn’t working. Guess how the web team made those changes – each time they’d write the website to a CD, take it to Goyal, and pay to use their internet connection. You’d think it were Goyal that had 10MBps international connectivity!

Access control configuration prevents…
Content filtering would be, if implemented properly, an acceptable policy for the institute to follow. It should not slow down the net significantly, and it should not block content that isn’t objectionable.

However, there is no such thing as a perfect filtering system – they would let some objectionable sites through, or block permissible sites too, or both. Moreover, filtering systems drastically reduce speed, and for this reason IIT officially follows a no-filtering policy. CIC denies they have had a filtering system installed on any proxy this semester. The truth, as we all know, is very different.

First some history – IIT used to have a filtering system initially, when the total external bandwidth was in kb’s and considered too precious. Now this has grown to 10 Mbps – any filtering system will only decrease speed, not conserve bandwidth.
The current* filtering system, hastily implemented after all the negative media attention, seems to be lifted from someone’s high school project. Much of the filtering is done by matching substrings – for example, if three x’s occur next to each other anywhere in the site’s address, it will be blocked. This causes a large number of perfectly permissible sites to be blocked.

What’s even more pathetic is that the system isn’t effective. It does not block several very well known pornographic sites because the URL’s are more subtle. Moreover it is not yet installed in all the official proxies, so if some site is getting blocked you could just try changing the proxy. On top of that, matching is case sensitive – if you do a google search for “teen” it will be blocked, but not if you typed “TEEN” or “Teen”…

And here’s what takes the cake. In their frenzy to filter sites that have “shit” in the URL, the admins have blocked the official Kshitij 2005 website. The Kshitij team sent countless emails to the “cache administrator” mentioned in the error page, but there were no replies and no action.

Stop, Refresh

The LAN and net access constitute one of the most important facilities the institute has for its students. Yet, no definite policy exists for its administration, and the regulations that exist today are mere knee-jerk reactions to events in the LAN’s short history. Many of these rules have no benefits, and yet seriously impede legitimate use of the network.

Things may be looking up, though. The institute has created a committee on IT policy, which is tasked with creating a comprehensive set of network policies. However nobody, not even members of the committee, expects this undertaking to be completed in the near future – the recommendations of the committee have a long journey up the IIT hierarchy before they can be implemented. The best course for IIT Kharagpur to take is to immediately adopt an established network policy of some other university. This policy can later be evolved by the IT policy committee.

The campus network is one of the biggest investments our institute has ever made. However, its benefits are being eroded away by the absence of focused policy-making. The system requires considerable improvements before it can justify being called “internet access in hostels” – today, these improvements can be made with no investment at all.

Except some time, and thought, from the authorities.

The information we have about the filtering block lists is as of January 31st. Things seem to have changed since then, but it’s not clear what the overall direction of those changes is.
We would like to acknowledge the information we received from the CIC, as well as “Tikli” and “Cyanide_Angel” without which this article wouldn’t have been possible.
Let’s take this occasion to thank the CIC, IIT Foundation, and everyone else who has made the LAN happen. Despite the gaalis we give it, we love the LAN.
Corrections, Arguments, Abuse, Threats:


Blogger SidSeth said...

A great read indeed. Came to know a lot about the LAN we have come to hate. Keep blogging dear.
Cheers !

07 June, 2005 22:59  
Blogger >|' ; '| said...

r u our aravattan???

08 June, 2005 21:43  
Blogger arvin said...

thanx sid... this was written quite a while ago, so there's a lot of new stuff tht shud be there but isn't. maybe Schols' Ave will commission a State of the LAN part 2 article :)

yo ashok... u bet it is!

11 June, 2005 03:15  
Blogger nanosage said...

dah... u didn't put the telnet and ftp proxies... how abt hacking into the system..huh!!

12 June, 2005 12:07  
Blogger arvin said...

telnet/ftp proxy not working any more :(

15 June, 2005 00:24  
Anonymous Anonymous said...

i left kgp quite late and telnet and ftp proxy were wrkin fine n 'bout hakin does it need a teacher to xplain stuff or there is a geek within u to be an efficient hacker

12 July, 2005 03:06  
Blogger arvin said...

this was meant for the general public not hardcore hax0r5 :D

and... the telnet/ftp server is working? at it was offline in the middle of summer, when i posted that comment.

12 July, 2005 03:14  
Blogger The Computer Guys said...

Hey, you have a great blog here! I'm definitely going to bookmark you!
I have a speed up computer freespeed up computer free site/blog. It pretty much covers speed up computer free Problems with your Windows Xp Computing !
Come and check it out if you get time :-)

05 November, 2005 13:51  
Anonymous free proxy list said...

Hi Everyone,

For fresh proxy list i have a good site.
here is a few proxies for you guys :

07 March, 2006 06:55  
Anonymous Anonymous said...

Hi is the Lan still blocked ? I am going to be in IIT KGP this year. If can provide me with an update of the situation it would help a lot.Are the usual voip ports that run out blocked ? My email address is rajrn72 @ Tnx for any help

23 June, 2006 02:29  
OpenID webhostings said...

Great informative post and i really likes your information, most of the peoples are likes your blog because its having the good knowledge. thanks for your good informative post.
web hosting in india

04 January, 2012 05:39  

Post a Comment

<< Home