One concept that continues to elude many IT managers is the impact of latency on network design. 11 years ago, Stuart Cheshire wrote a detailed analysis on the difference between bandwidth and latency ISP links. Over a decade later, his writings are still relevant. Latency, not bandwidth, is often the key to network speed (or lack thereof).
I was reminded of Cheshire’s article and the underlying principles recently when working on an international WAN design. What Cheshire noted was that light signals pass through fibre optics at roughly 66% of the speed of light, or 200*10^6 m/s. Regardless of the equipment or protocols you use, your data cannot exceed that theoretical limit. This limit equals the delay between when a packet is sent, and when it is received, aka latency.
In the US, we tend to focus on bandwidth and carrier technology when ordering circuits, completely ignoring latency. For instance, when choosing between cable and DSL for your house do you ever ask the carrier for its latency SLA? Maybe you should. Using a cable connection a ping to www.google.com in Mountain View, CA from my house (137 KM) yields an average ping time (aka round-trip time or RTT) of 73ms. The theoretical latency for this distance (round trip) is 1.37ms meaning my cable connection is roughly 50 times worse than the theoretical limit. No surprise that Comcast focuses on bandwidth and not latency in its marketing. (read more…)
Recently, I was evaluating ISP’s for my hosting requirements. If you take a gander at 1-and-1, or most of the providers on the Personal Colocation site (and almost every other hosting provider in the world) they apportion your bandwidth in GB per month. Exactly what does this mean to people that are more familiar with buying bandwidth by the circuit? Exactly how much bandwidth is 500GB/Month? Is that equivalent to T1 internet (DS1 or E1 for you euros?) (read more…)
Today we launched our own anonymous web proxy: http://www.edgeproxy.net. Like most security tools, anonymous proxies are incredibly useful but also controversal. Web proxies mask your activities on the net in two ways: First, they allow you to access one web site through another, hiding you IP address from the target; Second, they encode the target URL hiding it from any local firewalls or proxies you might be sitting behind. They are great for pen testing where you want to hide your activities, especially if you want to mask your location. They are a nightmare if you are trying to manage a web filter and your users are able to bypass your filters.
Web Proxies are very popular among with students whose schools block access to MySpace and Facebook. We launched it because we needed a reliable proxy we control for testing. We debated whether it was wise to provide a public vehicle for bypassing someone else’s security controls, but felt in the end that adding one more proxy on the net will not increase the web’s threat profile. Our TOCs state that we will cooperate will law enforcement if we determine that our site is being used for nefarious purposes. Hopefully, that will be enough to scare away those who hide behind proxies to abuse the web.