Searching \ for '[OT]: ISP-based whitelisting service?' in subject line. ()
Make payments with PayPal - it's fast, free and secure! Help us get a faster server
FAQ page: www.piclist.com/techref/index.htm?key=isp+based+whitelisting
Search entire site for: 'ISP-based whitelisting service?'.

Exact match. Not showing close matches.
PICList Thread
'[OT]: ISP-based whitelisting service?'
2006\06\26@101912 by Patrick Murphy

flavicon
face
Hi everyone,
I have been asked to help come up with a "content-managed" Internet
solution for a few dozen Hutterite colonies in southern Manitoba,
Canada, and also for colonies in the midwestern USA; a total of
perhaps 50 to 75 colonies in North America. The Internet use would be
to have access to email and to a specific, limited list of sites.

The currently desired solution is to have access (satellite or dial-up
may be the most feasible option for some more rural colonies) where
the colonies would specify the web sites to which they would want
access to, and the ISP would block access to all other sites. I do
understand this would severely limit the usefulness of the Internet,
but it's better than no Internet at all. :-)

I called two satellite ISP's (Xplorenet.com and GalaxyBroadband.ca)
and they told me they do not offer such a filtering service, so I
thought I'd ask on the PIClist if anyone knows or can come up with a
solution.

Some colonies are buying SonicWalls or FortiGate devices, and setting
up servers, but since most all of the colonies are looking for much
the same results, it seems worthwhile to seek an ISP or two who would
be willing to do this for us, rather than collectively buying all that
hardware. I googled bypassing the SonicWall, and then tried bypassing
a FortiGate device and was able to bypass it in some cases. It does
seem however, to be a useful device, but if we just use them to limit
access to a whitelist, then I think it would be overkill, especially
if we can find an ISP to filter for us.

One (remote?) possibility would be to look into becoming our own ISP,
or a "virtual" ISP, but I know little about it.

I am aware of software solutions as well - such as NetNanny, but the
concern with them is that they may be able to be bypassed with a Linux
boot CD.

If anyone has any suggestions, solutions or questions, I would very
much appreciate hearing them!

--
Best regards,
Patrick Murphy
James Valley Colony

2006\06\26@111358 by Shawn Tan

flavicon
face
On Monday 26 June 2006 14:12, Patrick Murphy wrote:
> One (remote?) possibility would be to look into becoming our own ISP,
> or a "virtual" ISP, but I know little about it.

i just googled for "Hutterite".. never heard of it before this..

yes, you could set up your own community gateway and set up your own filtering
rules on the gateway.. however, this would require some knowledge in
networking and firewall configuration..

it's relatively inexpensive as you can just use any old computer as a
gateway.. install a special firewall linux distribution like
http://www.smoothwall.org/.. configure it to block everything except approved
sites..

then, you'd just need to make sure that all community traffic flows through
this gateway..

cheers..

with metta,
shawn tan.

2006\06\26@113557 by Alan B. Pearce

face picon face
>it's relatively inexpensive as you can just use any old computer
>as a gateway.. install a special firewall linux distribution like

That was my thought as well. With a bit of web programming on it they could
even update the white and black lists themselves, and have a means of
sending updates around the other similar machines at the other communities,
possibly by email or some form of auto-update.

2006\06\26@120547 by Tim N9PUZ

picon face
Shawn Tan wrote:

> yes, you could set up your own community gateway and set up your own filtering
> rules on the gateway.. however, this would require some knowledge in
> networking and firewall configuration..
>
> it's relatively inexpensive as you can just use any old computer as a
> gateway.. install a special firewall linux distribution like
> http://www.smoothwall.org/.. configure it to block everything except approved
> sites..
>
> then, you'd just need to make sure that all community traffic flows through
> this gateway..

Good idea. Are the computers in each community in a central location
or spread around in individual homes?

If they are spread out is the community physically small enough that
maybe a satellite could connect to the gateway described above and
then the community could be networked with WiFi routers?

Tim

2006\06\26@125207 by Gerhard Fiedler

picon face
Patrick Murphy wrote:

>>>it's relatively inexpensive as you can just use any old computer
>>>as a gateway.. install a special firewall linux distribution like
>
>> That was my thought as well. With a bit of web programming on it they could
>> even update the white and black lists themselves, and have a means of
>> sending updates around the other similar machines at the other communities,
>> possibly by email or some form of auto-update.
>
> This sounds good - but I'd have some learning to do. I still don't
> have the big picture yet - how do I get the colonies to access that
> gateway - and no other? I'll do some more searching.

Patrick, it sounds to me as if you should explain the geographical
situation (how many computers, how far away) better. It seems that some
here think of a local network connected to an ISP, which doesn't sound as
if this was your case.

Basically, it is the network connection that determines who can access
what. If you have only a wire to the local gateway (typical in a LAN), then
that's your only way to connect to the internet. Or if you have only a
wireless point-to-point connection to the location where the gateway sits,
then that's again your only way to connect to the internet.

But if, as you mentioned, every location has their own connection to a
satellite provider, things get a bit more complex, and you can't easily
enforce people to access the internet through a gateway of yours: they are
already connected to the internet through the satellite. (Of course you may
also buy a corporate style point-to-point satellite link and again route
all this traffic through your one gateway, but they probably are more
expensive than straight internet access.)

Gerhard

2006\06\26@130014 by Mark Jordan

flavicon
face

       Is there any special reason to block or filter Internet access to people?
       Are the users children?




2006\06\26@145542 by Robert Ammerman

picon face
First, let me see if I understand the problem correctly:

1) There are quite a few communities which want to be able to access the
internet in a controlled fashion.

2) The local community leadership decides what the community should be able
to access.

3) The desired white-list is community specific (although probably quite
similar from community to community)

4) There is some form of inter-community cooperation that would make a
'global' solution appropriate.

5) Each community will have its own physical connection to the internet,
probably through many different ISPs.

--------------------------------

If those are the parameters, then this is the solution I see:

1) The connection to the local ISP is made through hardware only accessible
to the community leadership.

2) A simple router be inserted between the community and the ISP connection.

3) Disable any 'default' routes on the router and establish explicit routes
to the 'whitelist' sites only.

4) Use remote administration from a central location to manage the routers.

5) Have a standard 'white-list' default of routes that is sent to all the
routers.

6) Allow each community to establish a private 'white-list' extension and
'blick-list' override using a web tool to the central location.

7) This central location could also maintain SMTP and POP3 servers to manage
email for all the communities. This would allow virus detection/removal and
spam control to be done centrally.

Bob  Ammerman
RAm Systems






2006\06\26@150759 by Marcel duchamp

picon face
Robert Ammerman wrote:
> First, let me see if I understand the problem correctly:
>
> 6) Allow each community to establish a private 'white-list' extension and
> 'blick-list' override

Yup. Bob Blick runs one of *those* sites... ;>

2006\06\26@151420 by Gerhard Fiedler

picon face
Robert Ammerman wrote:

{Quote hidden}

Possibly use routers with built-in address filtering. For example, my old
SMC Barricade has a setting that allows blocking of 30 URLs. You may find
one with more elaborate settings in this area.

> 3) Disable any 'default' routes on the router and establish explicit routes
> to the 'whitelist' sites only.

Which then would be permitted URLs instead of routes. One disadvantage of
explicit routes to whitelist sites is that AFAIK these don't follow
automatically IP changes of the whitelist URLs.

> 4) Use remote administration from a central location to manage the routers.

Most of the hardware routers allow remote administration through http.

Gerhard

2006\06\26@173431 by Robert Ammerman

picon face
> Which then would be permitted URLs instead of routes. One disadvantage of
> explicit routes to whitelist sites is that AFAIK these don't follow
> automatically IP changes of the whitelist URLs.

It would be a responsibility of the remote adminstration to update routing
when IPs change.

Bob Ammerman
RAm Systems

2006\06\26@203810 by Gerhard Fiedler

picon face
Patrick Murphy wrote:

> I just got a reply from a satellite ISP that said it would be possible
> to become a commercial VNO, or Virtual Network Operator.
>
> <http://www.idirect.net/vno.shtml>
>
> Her email, which I don't understand fully, states:
>
>> To establish the VNO (Virtual Network Operator):
>>
>> VNO package includes:
>> 1 Protocol Processor “PP”
>> 1 Network Management Server “NMS”
>> 1 RX/TX Line card
>>
>> For a small additional fee they can purchase Co-Location space to
>> place a Policy router or other equipment needed to provide them the
>> content filtering or other routing or filtering they desire.

I don't understand it fully either, and there are probably others here who
have more experience with this.

This sounds as if they would provide you with the satellite infrastructure
to send data to each of your locations, from one central location. At that
central location, you may place "equipment" (some kind of computer) that
acts as a central gateway/router for everybody on your satellite network.
This sounds like you'd then have a satellite network that is basically a
"virtual LAN": (almost) as if all your computers were at one location,
connected by wire to one gateway/router.

Gerhard

2006\06\26@204814 by Gerhard Fiedler

picon face
Herbert Graf wrote:

> Since the router with VPN is their only connection to the rest of the
> internet only physical access can bypass it (unless they manage to hack
> the VPN router, possible, but easy enough to secure).

I think this may be a downside of this approach. Patrick talked about young
boys with technical inclinations... I think it won't be long before one
finds out how to bypass the VPN router and hook up a computer directly to
the unfiltered internet on the WAN side of the router. Of course, if a
password is needed, then this may work.

This is basically the same as the satellite operator offer, with the
difference that with the satellite solution, there is no unfiltered
internet at the individual locations.

Gerhard

2006\06\26@215255 by Herbert Graf

flavicon
face
On Mon, 2006-06-26 at 21:47 -0300, Gerhard Fiedler wrote:
> Herbert Graf wrote:
>
> > Since the router with VPN is their only connection to the rest of the
> > internet only physical access can bypass it (unless they manage to hack
> > the VPN router, possible, but easy enough to secure).
>
> I think this may be a downside of this approach. Patrick talked about young
> boys with technical inclinations... I think it won't be long before one
> finds out how to bypass the VPN router and hook up a computer directly to
> the unfiltered internet on the WAN side of the router. Of course, if a
> password is needed, then this may work.

Obviously, physically securing the hardware is an issue, but I don't see
that as a big issue.

> This is basically the same as the satellite operator offer, with the
> difference that with the satellite solution, there is no unfiltered
> internet at the individual locations.

But a benefit here is cost and ISP transparency. I'm a big believer in
never setting something up that limits you to a particular ISP. By using
a VPN solution and your own box you are ISP neutral, if they raise rates
you can go to their competition with little issue. Cost is a big benefit
as well since aside from the upfront cost (which isn't trivial, I
admit), there is only the cost of administration, but can be very cheap
since there's only one thing to configure.

TTYL

2006\06\27@005756 by Dave Lag

picon face
Patrick Murphy wrote:
{Quote hidden}

Patrick are you sure you spoke to the right divisions in the ISPs?

The major ISPs have security/hardware divisions and (IMHO) a joint
proposal should be able to provide a solution. If it meets you
pricepoint is another issue.

Methinks you need to be speaking with the major accounts or wholesale
divisions?

I prolly can dig up some sales execs if interested- email me
Dave


2006\06\27@040207 by Alan B. Pearce

face picon face
>> That was my thought as well. With a bit of web programming on it they
could
>> even update the white and black lists themselves, and have a means of
>> sending updates around the other similar machines at the other
communities,
>> possibly by email or some form of auto-update.
>
> This sounds good - but I'd have some learning to do. I still don't
> have the big picture yet - how do I get the colonies to access that
> gateway - and no other? I'll do some more searching.

My thought was that each colony would have its own gateway - I think that is
going to be the only way you are going to get the filtering you are after,
just as each company has their own firewall. A firewall type arrangement is
effectively what you are setting up.

Then each gateway connects to a convenient ISP, be it satellite, cable or
dialup. You then arrange a convenient way of communicating your black and
white list changes between gateways. This could be as simple as an email
message to the gateway maintainers to say you have found a certain website
to be suitable or unsuitable, and they manually update their lists as
appropriate, to a fully fledged automatic update between gateways, although
this latter method could result in one community setting a site to the white
list, while another community sets the same site to the blacklist, and the
automatic update results in confusion.

2006\06\27@113356 by Aaron

picon face


Patrick Murphy wrote:

>Hi everyone,
>I have been asked to help come up with a "content-managed" Internet
>solution for a few dozen Hutterite colonies in southern Manitoba,
>Canada, and also for colonies in the midwestern USA; a total of
>perhaps 50 to 75 colonies in North America. The Internet use would be
>to have access to email and to a specific, limited list of sites.
>  
>
Patrick,

I read your posts and the subsequent follow-ups with great interest.

I have a backgroup with a group of Christain 'plain-people' that is also
seeking to understand how to deal with the internet.   If you are
interested, I would like to discuss this in greater detail off-list.

Aaron

2006\06\27@120438 by Bob Axtell

face picon face
Aaron wrote:
{Quote hidden}

I believe that this can be done by writing a Perl script and running it
on an Apache server. The script
could restrict access to acceptable sites and email only. It will have
to be well-written to prevent bogging
down the server.

For those few users, a small server site, say in a home or church could
do the job, as long as a T1 was
available, with as few as two UNIX PCs. In essence, people would dialup
or access that server only,
and it would provide that service. But in my opinion, such a server
would do well financially, as the open
web is a cesspool of filth.

The reason I say this is that a few years ago, a small office complex
had its own servers & ISP, and it
totally rejected porn sites automatically for everyone in the office
complex, and I saw it work, down in
a Melbourne, FL suburb.

Carrying this further, there ARE ISP's that might perform this service
for you, creating, running and maintaining
the script, for an extra fee.  Ask around, especially servers that are
managed by Perl programmers.

--Bob

2006\06\27@133904 by Gerhard Fiedler

picon face
Patrick Murphy wrote:

> That password barrier sould be a good deterrent. I'm a bit uncertain,
> however, what device would require a password - do modems themselves
> allow the requiring of passwords? It's been a while since I've tried
> it, but IIRC, I was able to connect my laptop directly to my broadband
> modem and surf the net.

This depends mostly on your specific ISP. Some require a password, some
don't. My cable connection works like yours: no password required. However,
it won't work by just exchanging one computer for the other, unless it has
the same MAC address. When exchanging computers, it requires a DHCP release
from the first computer, or a certain wait time before connecting a
different computer (i.e. with a different MAC address).


> I like the idea of ISP transparency - some colonies can only get an
> expensive satellite connection, while others would be able to choose a
> less expensive connection.

I'd advise to test anything satellite before committing to it. Satellite
internet connections don't necessarily behave like other connections.
You're not even allowed to open a VPN channel over some of them.

Gerhard

2006\06\28@081825 by Tim N9PUZ

picon face
Good advice. I have one site that uses a Direcway "Business Class"
connection. The throughput is horrible during certain times of the day
and there are only three users with email at the location.

Using a VPN connection from there to our main office for certain apps
is very slow. I believe the nature of the encryption algorithms used
to make the VPN secure really messes with the satellite equipments
ability to efficiently compress the data.

Tim

Gerhard Fiedler wrote:

> I'd advise to test anything satellite before committing to it. Satellite
> internet connections don't necessarily behave like other connections.
> You're not even allowed to open a VPN channel over some of them.

2006\06\28@093810 by Gerhard Fiedler

picon face
Tim N9PUZ wrote:

> Using a VPN connection from there to our main office for certain apps
> is very slow. I believe the nature of the encryption algorithms used
> to make the VPN secure really messes with the satellite equipments
> ability to efficiently compress the data.

Hadn't thought of that one. Sounds plausible.

There's also the fact that many apps you run over VPN are designed for a
LAN environment with very low latency. So they use many short data
exchanges in a row -- quick on a LAN, but deadly slow on a satellite link
with its 700+ ms latency. You can try that with Windows Explorer: barely
workable over a VPN link between standard broadband locations in the US,
almost not workable over a VPN link between standard broadband locations in
the US and Brazil, and not workable if there's a satellite link it between.

Gerhard

2006\06\28@132154 by Robert Ammerman

picon face
> FWIW, there is a Linksys router (I think it's Linksys) that hosts Linux.
> It
> has quite a community also. More flexible than other, "normal" hardware
> routers.
>
> Gerhard
>

Now you're talking!

Because the router doesn't have conventional media (ie: floppy or CD) access
it would be much more secure than a standard PC.

Also, I have figured out how to handle the whitelist/blacklist based on
domain name instead of IP address. This is very important because, for
example:

   xxxx.mydomain.com

and

  yyyy.mydomain.com

can have completely unrelated IP addresses.


So, now my solution is:

1) At each colony have the LINKSYS router running LINUX with the following
pieces in it:

A) Normal router and NAT functionality. The routing table will only have
explicit routes to whitelist sites for that router.

B) The upstream DNS server for the router will be the central server. Thus,
when anyone at the colony attempts to access a site by a domain name that
hasn't been seen, the router will send that name to the central server for
resolution.

B) A custom server program to allow remote maintenance of the routing table.
Rather than using standard remote access tools this will make hacking less
likely I would think.

C) Port filtering to firewall all ports except a limited set. Email ports
would only be open to the central server.

Note that each colony can use whatever ISP they wish and will get the
bandwidth and latency they pay for. However, it is important that the ISP
provide a reasonably secure connection requiring a password, and that the
password never be in the possession of untrusted people at the colony, or
else that the physical connection to the ISP be secure.

2) A central location running a server providing the following functions:

A) Providing a generic whitelist of default usable domains for all colonies.

B) Providing password-protected web access to trusted colony personnel to
add custom whitelist entries for their colony to a database on the server.

C) Providing password-protected web access to trusted colony personnel to
view the generic whitelist and checkmark any entries that they wish
blacklisted for their colony.

D) Maintaining a local shadow copy of the routing tables for each of the
remote sites.

E) A tweaked DNS server that compares DNS inquiries from the sites to the
local database. If the domain is in the whitelist for the colony, then the
server will resolve it, and if necessary, update the routing table at the
colony to include a route to the IP address of the site, before returning
the DNS result to the colony's router. If the domain is not valid, then the
server will resolve it to the IP of a virtual web server running on the
central web server which will return a "So Sorry: The website you tried to
access is bad news! Now be nice!" message.

F) Remotely maintaining the routing tables at the colonies by updating them
when whitelist/blacklist changes occur, and also when a DNS search shows a
new IP address for a site.

G) Provide email servers for use by all the colonies with appropriate spam
filtering.


Finally, a modest extension of this scheme would allow multiple whitelist
levels in a community, with password access to more open lists.



Bob Ammerman
RAm Systems


2006\06\28@142306 by Tim N9PUZ

picon face
Patrick Murphy wrote:

> If I use a computer running Linux, that should be a good deterrent by
> itself, as there are very few in the colonies that have any experience
> with Linux.

Never under estimate the ability of a bright, inquisitive teenager to
learn new things!

I would not overlook Linux in general either. If your organization
does not absolutely require a product that runs on a Microsoft or Mac
platform a Linux distribution that puts Open Office, Firefox (Web),
and Thunderbird (Email) on the desktop of a modest machine could save
you substantial money even if you opt for a distribution of Linux that
lets you purchase some outside support if required.

Tim

2006\06\28@142943 by Tim N9PUZ

picon face
Patrick Murphy wrote:

> I just got off the phone with a Skycasters rep., a Satellite ISP. She
> told me their latency is 1/3 of the satellite industry average, and
> that VPN's, and VoIP are well supported. I didn't ask for the latency.
> I don't see how VoIP would work well with 700+ ms latency, which,
> IIRC, I've read is the industry standard for satellite transmission.

Ask a LOT of questions. I notice on one web page that mentions them
that for some of their solutions they are re-selling Direcway
services. Their VSAT service sounds interesting though.

Do you have a budget in mind for monthly operating expenses?

Tim

2006\06\28@205507 by Gerhard Fiedler

picon face
Patrick Murphy wrote:

> I just got off the phone with a Skycasters rep., a Satellite ISP. She
> told me their latency is 1/3 of the satellite industry average,

Now that is strange :)  See, the satellite latency is limited by the time
the signal needs to get to the satellite and back. Since you want to be
able to point an antenna to the satellite, it has to be a stationary
satellite. The distance of a stationary satellite is pretty much fixed. So
the only way she can claim a shorter latency is when she compares a
satellite that's straight over your head with one that's just a bit above
the horizon... Don't know where their satellites are, and I don't know
where the "industry average" satellites are. But "1/3 of the industry
average" sounds like marketing speak :)  Ask for latency in milliseconds.

> and that VPN's, and VoIP are well supported.

Ask which VPN protocol if you're interested in VPN at all. A common one is
PPTP (Microsoft), another common one is IPSec (not sure who came up with
this, but it seems wider supported). Which one to use depends mostly on the
router equipment that you're planning on using.

> I don't see how VoIP would work well with 700+ ms latency,

Not well, but possible. Probably not very attractive in the USA, with the
possibilities you have through standard POTS lines. This can be different
in other locations where sometime international phone service is much more
expensive.

Gerhard

2006\06\28@220224 by William Chops Westfield

face picon face

On Jun 28, 2006, at 10:19 AM, Robert Ammerman wrote:

> 1) At each colony have the LINKSYS router running LINUX
>  with the following pieces in it...

I'll be interested in hearing whether the linux software
replacements for the linksys boxes include the sorts of
filtering capabilities that you're looking for.  Open source
software authors tend to support a political agenda that
doesn't approve of anything that smells like censorship.
(unless of course it's censorship of spam!)

BillW

2006\06\29@102528 by Robert Ammerman

picon face
> I'll be interested in hearing whether the linux software
> replacements for the linksys boxes include the sorts of
> filtering capabilities that you're looking for.  Open source
> software authors tend to support a political agenda that
> doesn't approve of anything that smells like censorship.
> (unless of course it's censorship of spam!)

The software that runs in the linksys boxes is really just a copy of linux,
with all source code available. It does include firewalling capability. The
routing table can be set to a manual mode and all routing discovery
protocols turned off.

The only piece of custom code that would have to be written for the router
would be a server to allow remote administration of the routing table. Even
that is not absolutely required because it could be done through existing
remote access protocols like ssh.

Its just a SMOC (small matter of configuration).

Bob Ammerman


2006\06\29@112842 by Gerhard Fiedler

picon face
William ChopsWestfield wrote:

>> 1) At each colony have the LINKSYS router running LINUX with the
>> following pieces in it...
>
> I'll be interested in hearing whether the linux software replacements
> for the linksys boxes include the sorts of filtering capabilities that
> you're looking for.  Open source software authors tend to support a
> political agenda that doesn't approve of anything that smells like
> censorship. (unless of course it's censorship of spam!)

Since DNS serving, firewalling and routing and even spam filtering are such
common functions, I imagine that the required functionality would be part
of most packages -- independently of the political inclinations of the
creators :)

I don't know *x programs well enough to be able to tell easily what one can
do with a certain program, but here they list a few that are part of a
standard distribution that seems to work with the Linksys router:
http://wiki.openwrt.org/OpenWrtDocs/Configuration

Specifically they list iptables and dnsmasq, which look like they would be
able to provide at least part of the functionality. And I imagine that for
someone familiar with Linux it's probably not too difficult to integrate a
different firewalling or routing program with this distribution.

The hardware table for OpenWrt has more than I thought there would be:
http://wiki.openwrt.org/TableOfHardware

Gerhard

2006\06\29@113720 by Gerhard Fiedler

picon face
William ChopsWestfield wrote:

> On Jun 28, 2006, at 10:19 AM, Robert Ammerman wrote:
>
>> 1) At each colony have the LINKSYS router running LINUX
>>  with the following pieces in it...

It doesn't have to be Linksys either:
http://linuxdevices.com/news/NS2939623667.html
http://linuxdevices.com/articles/AT3089542120.html

Gerhard

2006\06\29@123222 by Tim N9PUZ

picon face
Patrick Murphy wrote:

> Okay, I will. She did say something about proprietary compression
> algorithms, but I'll ask her about milliseconds, next time. Lower
> latency should result in faster uploading and downloading, if a large
> file was being sent, right? So I could ask each ISP how long it should
> take to send, say a 100 MB file?

Latency refers to the amount of time between when a character or
packet of data leaves your network, travels up through the satellite
and back to Earth and is put back on the rest of the public Internet
by the satellite service provider. You will probably notice longer
latencies more in situations where many smaller packets are sent like
checking email, filling out web forms, etc. Note that if you are doing
something where you get a result it takes at least 2 x latency--one
for your mouse click, etc. and the other for your result to be returned.

The compression algorithms used are usually more effective when
sending big blocks of data like files. There's a certain amount of
"overhead" bytes associated with each packet of data sent. If the
packet contains only a few characters or a single mouse click there's
not much to compress. Most humans feel that they have received an
instantaneous response from a machine or system if they get some form
of feedback or result in under 100mS. Longer than that and the delay
begins to become perceptable without actual measurement.

I would stick to asking for an actual time in milliseconds as well as
information on how they arrived at the figure. In my opinion the more
open and forthright they are about their benchmark information the
higher the probability you would be pleased with the results.

On our Direcway system no sophisticated measurements are required to
tell that it is much slower for certain applications like checking
email. When your connection is through a terestrial network
downloading a hundred emails appears like a continuous stream where
they come one after another. Through the satellite connection it's
readiliy apparent that each one is being received and acknowledged
individually.

None of this means you should not use any satellite based system. I
would look carefully at any claims of my satellite is significantly
faster than brand X.

Tim

2006\06\29@124753 by Tim N9PUZ

picon face
Patrick Murphy wrote:

>>Ask a LOT of questions. I notice on one web page that mentions them
>>that for some of their solutions they are re-selling Direcway
>>services. Their VSAT service sounds interesting though.
>
> I want to mention your negative experience with Direcway to them.
>

We had seen a demonstration of the system before we bought it so we
knew what we were getting into. At the time it was the least costly
alternative. We did not want to pay for a dedicated data line each
month to serve a few users. The nearest town is about 18 miles away
and the installation and ongoing costs would have been very high.

> One tower-based ISP is already offering the colonies in Alberta VoIP,
> whitelisted Internet, and email for $400 a month. I estimate that
> colonies pay between $300 to $500+ a month for long distance telephone
> service, so they are getting some colonies to sign up, and such a
> solution is attractive to us.

I primarily work from my home and use a wireless DSL service like that
for my connection. I don't use a VOIP phone service but I have used
online voice chatting, etc. and it works nicely with our relatively
slow 384K connection.

> However, as I see it, the land line, long distance market is rapidly
> changing. We are paying 4.5 cents a minute to call within Canada, but
> the competition (i.e. http://www.telehop.com) is offering as low as 3 cents
> (and only a flat $10 fee for residential!), so how much we should pay
> monthly for a land-based, broadband Internet connection should take
> this into account.

It is a wild business. The one thing is to try and keep capital
equipment costs low and avoid long term commitments if you can so
changing as new things become available is easier financially.

> Another way to consider costs is to look at what some colonies are
> already paying for Internet access and the use of a SonicWall or
> FortiGate device. I assume broadband access at at least $40 a month,
> and the maintenance fee for those devices at around the same amount,
> but I could be wrong. Those already set up with such devices would
> likely not want to pay more to switch.

In general I know what those devices do but I don't have any first
hand knowledge. So far I have been able to do anything I wanted with
the simpler Linksys or D-Link products or a PC running IPCop. There
are no monthly fees associated with them.

Tim

2006\06\29@125315 by Tim N9PUZ

picon face
Robert Ammerman wrote:

> At the speed of light (186,000 miles per second) a simple round trip to the
> satellite is about 320 ms. Since it takes two such roundtrips (one from you
> to the satellite and one from the satellite to the ground station) you are
> looking at a round trip latency of 600+ ms before you take into account any
> latency in the ground based equipment.

Somewhere I have a cartoon that shows a Police officer standing next
to a group of scientists and a pile of smoking equipment. He's writing
a ticket. The Policeman is speaking and the caption reads "186,000
miles per second may not be fast enough; but it's the law."

Tim

2006\06\29@131542 by Bob Axtell

face picon face
Patrick Murphy wrote:
{Quote hidden}

You will discover than Win2000 works better than WinXP across the board,
too. I regret going
to WinXP every day of the week.

--Bob

2006\06\29@162906 by Gerhard Fiedler

picon face
Patrick Murphy wrote:

> Okay, I will. She did say something about proprietary compression
> algorithms, but I'll ask her about milliseconds, next time. Lower
> latency should result in faster uploading and downloading, if a large
> file was being sent, right? So I could ask each ISP how long it should
> take to send, say a 100 MB file?

You've got already a number of comments on this :)

So let me just add here as summary: latency and bandwidth are two largely
independent characteristics of a connection (even if there are some
relationships, both in user feel and fact).

Look at it that way: a 100 MB file gets sent in many small packets. The
latency determines how long it takes for such a packet to get from sender
to recipient (the length of the pipe, so to speak), the bandwidth
determines how many of those packets you can send/receive per second (the
diameter of the pipe, so to speak). Depending on what you are doing, one or
the other can be more important.

For downloading large files (like 100 MB) through ftp or http, the latency
is almost irrelevant and the bandwidth is crucial. Whether the download
starts 700 ms earlier or later is not really important, but the bandwidth
determines whether it will take 2 minutes or 2 hours or 2 days...

For using VoIP services OTOH, the bandwidth is almost irrelevant (as long
as it is above whatever your compression algorithm needs, something like
100 kb/s or so is safe for most) and the latency determines how the user
experiences the connection. The needed bandwidth is restricted to whatever
your filtering/compression algorithm needs, and anything above that just
won't affect quality. But latencies above 100 ms are easily perceptible,
and result in confusion for users not familiar with the situation. (I have
around 400 ms to the US, and this works well with a bit of discipline.
Anything more is definitely not good.)

Also consider that whatever bandwidth they tell you, it's usually a
/maximum/ bandwidth. There are very few services (and usually more
expensive ones) that guarantee you a /minimum/ bandwidth.


> Oh, okay. Being satellite-based, they do think globally.

It's not /that/ globally... the satellites have a quite limited area of
coverage. Often they publish coverage maps for their satellites.

Gerhard

2006\06\29@202429 by Gerhard Fiedler

picon face
Harold Hallikainen wrote:

>>> My daughter is on a mission trip in China this summer and calls us via
>>> VOIP from her computer to our POTS phone.

>> Bob, what's involved with getting that up and running?

> I use http://www.sipphone.com .

I use both Skype and Broadvoice (SIP); Skype through its own client,
Broadvoice through the X-Lite softphone on WinXP.

I have both because X-Lite/SIP doesn't work well through my SMC router;
incoming calls are fine, for outgoing calls I have to put my computer in
the DMZ. Sometimes I do that, but other times I just use Skype. What I
don't like about Skype is that it's proprietary, but what I like is that it
seems to be the one that works best and pretty much through everything that
lets normal internet traffic pass without any fiddling with the router,
firewall, whatever.

Voice quality is about the same.

Gerhard

More... (looser matching)
- Last day of these posts
- In 2006 , 2007 only
- Today
- New search...