Know Your Poison


Dr. Nitin Chandrachoodan is an associate professor from the Department of Electrical Engineering who works in the areas of digital system design and VLSI/FPGA implementations of DSP systems. He graduated from IITM in 1996. He is the main faculty member in charge of the campus network. He’s been interviewed by T5E before and is probably tired of talking to us by now, especially about the internet.

(Students interested in helping out in network setup or in writing scripts to handle various network related issues can contact Dr. Nitin Chandrachoodan at [email protected]. If you have some past experience, it will be useful.)

Why was the internet so slow a few months back?

The primary reason was Facebook. Moving Facebook to another proxy along with some restructuring of the proxy setup has made internet access bearable, if not excellent. Another major culprit eating up resources is tunneling. People usually tunnel into Department Computing Facility (DCF) machines or other servers in the academic zone. We can stop this by either blocking internet access for the machines in the academic zone or by preventing Secure Shell (ssh) connections from the hostel zone to the academic zone. Neither of these solutions is feasible because there are students using machines in the academic zone for legitimate purposes late into the night. Some departments have their DCF machines on all the time and it’s really hard to block people who shouldn’t be tunneling without also blocking those who actually need access to run applications.

Also, about a year back, peer-to-peer traffic was choking the institute’s link to the internet as traffic from one hostel to another was being routed through the core network and slowing down access for everyone. Now, however, there are separate pipes for traffic between hostels and peer-to-peer connections are no longer an issue with regard to internet speed.

Do we have bandwidth and hardware issues? If yes, are we looking to switch to something like Google Fiber in the future?

The overall bandwidth we get is not a problem. We have a 2 Gbps connection to the National Knowledge Network (NKN) but that connection is just to the next link in the network and along the way a lot of traffic gets added. Still, we’ve been hitting in excess of 400 Mbps download overall recently, due to the restructuring (it was around 200 Mbps earlier), which is making access bearable. As for hardware, although it is 5 to 6 years old, Cisco has verified that we are good to go for another few years – our switches are actually capable of handling much more bandwidth than they are currently. The hardware problem is more pronounced in the residential zone, where switches are kept outdoors; the trees and bushes around them attract lightning which occasionally leads to the switches getting fried. Some of them are hard to access, so sometimes people in the residential zone lose access for prolonged periods… you guys don’t know how good you have it in the hostel zone.

Some people from Google we’ve been in touch with have told us that they are not in a position to support Google Fiber in India at the moment and even if they were, there would problems using it since Google is not registered as an Internet Service Provider (ISP) in India at the moment. Getting an ISP license in India is quite a task and they don’t want to get into it right now.

Are you looking at rolling out any new features in the coming months?

We are looking at limiting the amount of data usage per user per day and resetting the limit every night. This would be for data over the internet and not over peer-to-peer networks since that goes over different pipelines and we’re not bothered about it right now. This approach is followed in some universities abroad. We are also looking at moving student email onto Google Apps for Education which would be an improvement over our current setup. Also, alumni accounts wouldn’t have to be deleted and would stay the way they are. We were about to roll it out when we got news saying that the government is not going to allow any official correspondence using an email service like Gmail or Yahoo because their servers are not in India and so our data will be sitting in places where we have no jurisdiction. We’re now planning to say something like “student email is not official correspondence” but that’s something we have to work on now and it will take time.

For security reasons we might introduce a captive portal (an initial webpage which requires you to input some details before you get network access) soon, similar to the ones at airports, so that people logging on with new machines cannot stay on the network indefinitely. Only registered machines will be able to access the internet for prolonged periods of time. This will also help us simplify the process of providing internet access for guests. Also, we might put in place some sort of URL filtering, not from a moral standpoint, but from a security one so that dangerous URLs which could introduce viruses into our network are blocked. We’re looking at upgrading our firewall as well getting specific hardware for Dynamic Host Configuration Protocol (DHCP) which takes care of IP address allocation for machines logging on to the network.

Is there any sort of policing of our internet usage or activity on peer-to-peer networks?

There is no policing of internet usage. The usage data is kept for a few months and then it is erased. Keeping these proxy logs is a Government of India requirement and is useful for detecting anomalous usage patterns. For example, there are instances when our IEEE access has been revoked due to systematic downloading of material and in such a case, we use these logs to track down the people indulging in these activities and stop them so that our access is  eventually restored. Apart from extreme cases like these, no one has the time to go through the usage data which runs into, say, a 100 million lines of data everyday. I occasionally summarize the usage data to look for abnormal usage, but if you’re visiting websites which you shouldn’t be, I don’t care.

Technically speaking, DC++ is blocked and the institute does not recognize the peer-to-peer network which exists within the campus, but on a practical note, every time I block a port on which DC++ is being run, people promptly switch to another. So, this is not an arms race worth fighting and we don’t care about it for the most part, but if and when somebody comes to us with a specific complaint about certain material being hosted on DC++, then we take action. If someone is being harassed, for instance, we take a very serious view of things since that amounts to cybercrime and the appropriate measures are taken to put an end to it. Also, if there is ever a complaint from a company about pirated copies of its software being used by students within the institute, then you are on your own since IITM has never condoned or officially recognized the peer-to-peer network being used to perpetrate this piracy. IITM is just providing a medium, what you do on it is your business. This is however, only my personal view, and the institute’s official stand is that internet access is provided in the hostels solely for academic purposes. The Senate decided to give you guys internet access so that you could use it for your studies and any other use is not supported.

On a related note, the Acceptable Use Policy has been put up for a reason and it’s your job to read it and follow it. Just because some laws are broken without thinking on a regular basis does not make breaking them acceptable. With regard to piracy, there could potentially be huge lawsuits if the companies find out and decide to take action, and these lawsuits will be against you individually and the Institute will not step in to save you. This point cannot be stressed enough.

Do you have any guidelines for us to follow so that the overall usage experience improves for everyone?

1. Once you’re done using Facebook, close the tab. If you leave it open, even when you’re not doing anything on it, it continues to send and receive data which ultimately ends up  unnecessarily consuming network resources.

2. Clean up your computers and make sure they don’t have any viruses. Most viruses tend to attack other computers on the local network immediately and some cause huge amounts of traffic which slows down the network access for everyone.

3. Most new computers are configured in a way that makes them good for small networks at home or in an office, but terrible in a LAN setup like ours. For example, as soon as a computer is connected to a network, it starts looking for printers and other devices, and this causes a lot of unnecessary traffic. So, on your computers, ensure that these sort of default network settings are changed.

4. Form an internal knowledge base and have points of contact for network related issues in every hostel so you don’t have to trouble the Computer Centre (CC) for every small thing. I mean, you’re engineers after all, so figure out how to solve your own problems and help out others in your vicinity. At least step out of your room and ask around before dashing off a pained mail to me or CC. It’ll be good if the student community can form a network management team of its own which will attempt to solve network issues on its own first. If any students are interested in helping set up the network or write essential scripts, they can contact me and we’ll see if we can set up a formal or informal student body, maybe even arrange for some sort of remuneration.

Finally, what are your views on the LAN cut?

Personally, I believe you are all adults and if you want to stay up all night gaming, miss classes, mess up your grades, it’s your choice. However, the prevailing opinion is that since this is a residential campus, the administration and faculty have some degree of responsibility in preventing such things from happening and it was with this view that the decision was taken. My understanding is that matters have improved since the timing restrictions were imposed and although I am neutral on the matter, I think the decision was a good one at the time given the prevailing conditions. It may be time to review this policy but the issue has been discussed quite a bit in the Senate and simply walking into the Dean’s office saying it’s meaningless is likely to get you thrown out. History has to be taken into account when understanding the LAN cut.

T5E conducted a survey on internet usage by students in the institute. You can find the results and comments here.

Write a Comment

Your email address will not be published. Required fields are marked *