IS there any way to detect number of users sharing the same PON cable?

[Kick933]

@Anurag Bhatia
I have read your blog earlier and checks it out for new posts.
I had few questions regarding the working of BSNL.
1. If they have bought bandwidth, it is definitely possible for them to peer outside of India with various networks and cloud services having straight control ove routing. What exactly is the resistance point because AFAIK it's just a little configuration to be completed on any of their end router which announces routes? Moreover, the termination of most circuits is an exchange (my assumption).
2. What exactly is the issue with buying circuits? I assume they still have control over how they route their traffic based of the target IP location. So, It should still work and work even better since they basically have dedicated capacity from one end to another. Is it just stupid personnel who are lazying around instead of creating better routing rules or this "buying bandwidth" has some effect on it?

 

[Kick933]

@Realme
AFAIK, there are equipments available in market specifically able to listen to the optical signals. They usually send a packet "which dissociate the connection" forcing a reconnection request and catches the encryption key, essentially listening to most of the traffic. But they are useless until you have access to root trust provider, which can give you access to keys.(I still suspect that there are back doors in most hardwares)
You can even re-configure an ONT to listen to all the traffic or to keep sending packets to block services of other users. You would just need access to documentation of the hardware and some knowledge of the programming.(I know javascript, I know it's not enough)

 

[Anurag Bhatia]

@Anurag Bhatia
I have read your blog earlier and checks it out for new posts.
I had few questions regarding the working of BSNL.
1. If they have bought bandwidth, it is definitely possible for them to peer outside of India with various networks and cloud services having straight control ove routing. What exactly is the resistance point because AFAIK it's just a little configuration to be completed on any of their end router which announces routes? Moreover, the termination of most circuits is an exchange (my assumption).
2. What exactly is the issue with buying circuits? I assume they still have control over how they route their traffic based of the target IP location. So, It should still work and work even better since they basically have dedicated capacity from one end to another. Is it just stupid personnel who are lazying around instead of creating better routing rules or this "buying bandwidth" has some effect on it?

This would need a long answer thus excuse a longer reply.

1. Peering outside India is surely doable but practically it's not that straightforward for a Govt. operator. Do not under estimate logistics as well as Govt. policies around purchase of colocation, hardware, services etc. BSNL has circuits from India to Los Angeles and they just buy transit there. If today they decide to go ahead with peering at say any large IX over there, say Equinix Los Angeles then they have to do a few things: Buy colocation. Can they legally just pick and decide a datacenter colo, I doubt that. Most of things would require to call for a tender/invitation for bidding. Will Equinix and other datacenters will pick that text heavy Indian paper work, may be yes, may be no. So you see it's hard for the decision maker to justify specific datacenter as well as specific IX. I think they have some workaround but it remains hard bureaucracy wise. Assume that part is navigated, next you hit issue: American datacenter would typically expect money in USD and not INR to avoid currency exposure. They would typically not sell/do contract in INR because if INR losses value over short periods, it can cause issues for them. Can BSNL negotiate in USD? Would be hard as would need approval of dept. outside of BSNL like finance ministry and even RBI to issue payments. Assume this part is navigated, next they have to deploy hardware - essentially a router & atleast a switch etc. How you do that? Can you ship hardware from India? That would be expensive and even counterproductive. Can you buy or lease locally - well again how you decide vendor? At each step where purchase is required they will not have the free hand. Assume this part is navigated. Next comes - how do you install and maintain that gear which is far away from India? Again you need local vendor/RHS support etc. So do not underestimate the fact that lot of logistics is involved here. Plus BSNL would typically not have free hand in making purchases as the private players. Lack of free hand introduces inefficiency and giving a fully free hand may likely lead to corruption. So it's a hard problem to solve.

2. It's not an issue if BSNL peers with networks at those locations instead of buying IP transit/wholesale bandwidth. Peering is hard as I explained in above due to fact that they are a Govt. organisation. If they pick IP transit outside of India BGP will not always pick best path. Have a look at slide 27 here to read BGP path selection algorithm. So looking at routing right now I see BSNL has IP transit from Airtel, Tata Comm (domestic), Tata Comm (outside of India), Sri Lanka Telecom, Cogent, GTT, Telia, Century Link etc. Let's pick any one specific transit and find any specific prefix announced there say from GTT AS3257.

route-server> sh ip bgp regexp 3257 9829
BGP table version is 0, local router ID is 64.62.142.154
Status codes: s suppressed, d damped, h history, * valid, > best, = multipath,
i internal, r RIB-failure, S Stale, R Removed
Origin codes: i - IGP, e - EGP, ? - incomplete

Network Next Hop Metric LocPrf Weight Path

• i59.88.208.0/20 62.115.181.197 48 70 0 1299 3257 9829 i
• i 62.115.181.197 48 70 0 1299 3257 9829 i
• i 216.218.252.173 48 70 0 1299 3257 9829 i
• i 216.218.252.176 48 70 0 1299 3257 9829 i
• i 216.218.252.154 48 70 0 1299 3257 9829 i
• i 216.218.252.82 48 70 0 1299 3257 9829 i
• i 216.218.252.184 48 70 0 1299 3257 9829 i
• i 216.218.252.189 48 70 0 1299 3257 9829 i
• i 62.115.181.197 48 70 0 1299 3257 9829 i

(and more)

GTT is American player & from looking at routes, I can confirm BSNL is taking this transit in the US. Let's now trace from a few locations in the Europe. Ideally it should be Europe > India as direct submarine cables exist. Let's read a few traces:

DigitalOcean UK > BSNL India

traceroute to 59.88.208.1 (59.88.208.1), 30 hops max, 60 byte packets
1 * * *
2 10.80.4.42 (10.80.4.42) [*] 0.882 ms 0.883 ms 0.881 ms
3 138.197.249.98 (138.197.249.98) [AS14061] 1.138 ms 1.218 ms 1.219 ms
4 138.197.251.128 (138.197.251.128) [AS14061] 0.802 ms 0.813 ms 0.811 ms
5 212.187.195.85 (212.187.195.85) [AS3356/AS9057] 1.984 ms 1.997 ms 1.997 ms
6 ae1.3115.edge7.London1.level3.net (4.69.166.2) [AS3356] 1.996 ms 1.782 ms 1.729 ms
7 GTT-level3-London1.Level3.net (4.68.72.202) [AS3356] 5.948 ms 5.949 ms 5.948 ms
8 ae3.cr6-nyc6.ip4.gtt.net (213.200.121.34) [AS3257] 95.635 ms 95.395 ms 95.336 ms
9 * * *
10 * * *
11 218.248.113.66 (218.248.113.66) [AS9829] 243.614 ms 244.164 ms 244.152 ms
12 218.248.113.65 (218.248.113.65) [AS9829] 243.523 ms 243.408 ms 243.388 ms
13 59.88.208.1 (59.88.208.1) [AS9829] 243.635 ms 243.784 ms 244.050 ms

Custodian datacenter AS50300 > BSNL India

traceroute to 59.88.208.1 (59.88.208.1), 30 hops max, 60 byte packets
1 rtr-151.cdc.custdc.net (109.74.240.241) [AS50300] 0.684 ms 0.769 ms 0.764 ms
2 rtr-121.thn.custdc.net (109.74.255.251) [AS50300] 1.793 ms 2.082 ms 2.161 ms
3 xe-8-2-1-1141.cr1-lon1.ip4.gtt.net (77.67.122.149) [AS26769] 1.049 ms 1.052 ms 1.049 ms
4 ae3.cr6-nyc6.ip4.gtt.net (213.200.121.34) [AS3257] 70.177 ms 70.181 ms 70.200 ms
5 * * *
6 * * *
7 218.248.113.66 (218.248.113.66) [AS9829] 243.023 ms 243.058 ms 243.110 ms
8 218.248.113.65 (218.248.113.65) [AS9829] 242.990 ms 243.037 ms 243.105 ms
9 59.88.208.1 (59.88.208.1) [AS9829] 241.716 ms 241.697 ms 241.811 m

Let's pick somewhere else in Europe. Say Germany & Netherlands


AS62874 Germany > BSNL India

traceroute to 59.88.208.1 (59.88.208.1), 30 hops max, 60 byte packets
1 167.160.40.64 (167.160.40.64) [AS62874] 1.309 ms 1.357 ms 1.331 ms
2 ae0-463.fra30.core-backbone.com (5.56.17.169) [AS33891] 0.628 ms 0.623 ms 0.614 ms
3 ae12.cr2-fra6.ip4.gtt.net (87.119.97.185) [AS34991] 13.022 ms 12.987 ms 12.978 ms
4 ae3.cr6-nyc6.ip4.gtt.net (213.200.121.34) [AS3257] 84.396 ms 84.391 ms 84.383 ms
5 * * *
6 * * *
7 218.248.113.66 (218.248.113.66) [AS9829] 263.942 ms 264.031 ms 263.972 ms
8 218.248.113.65 (218.248.113.65) [AS9829] 263.652 ms 263.516 ms 263.500 ms
9 59.88.208.1 (59.88.208.1) [AS9829] 263.882 ms 263.863 ms 263.919 ms

AS12859 Netherlands > BSNL India

traceroute to 59.88.208.1 (59.88.208.1), 30 hops max, 60 byte packets
1 cust-cloud01-gw.jun2.galilei.network.bit.nl (212.114.113.3) [AS12859] 0.361 ms 0.352 ms 0.352 ms
2 xe-1-0-1.jun1.bit-1.network.bit.nl (213.136.1.73) [AS12859] 5.154 ms 5.157 ms 5.157 ms
3 83.231.213.57 (83.231.213.57) [AS2914] 1.775 ms 1.775 ms 1.875 ms
4 ae-3.r20.amstnl07.nl.bb.gin.ntt.net (129.250.7.86) [AS2914] 1.751 ms 1.754 ms 1.752 ms
5 ae-0.a00.amstnl07.nl.bb.gin.ntt.net (129.250.7.65) [AS2914] 1.752 ms 1.752 ms 1.752 ms
6 ae15.cr4-ams1.ip4.gtt.net (46.33.83.249) [AS3257] 3.302 ms 3.152 ms 3.136 ms
7 ae3.cr6-nyc6.ip4.gtt.net (213.200.121.34) [AS3257] 77.283 ms 88.641 ms 88.637 ms
8 * * *
9 * * *
10 218.248.113.66 (218.248.113.66) [AS9829] 245.653 ms 245.656 ms 245.656 ms
11 218.248.113.65 (218.248.113.65) [AS9829] 243.647 ms 243.652 ms 243.637 ms
12 59.88.208.1 (59.88.208.1) [AS9829] 242.699 ms 242.743 ms 242.550 ms

So it's just a endless list. In all these cases traffic is going from the respective country in Europe (from where we initiate trace) to BSNL India via the US. ae3.cr6-nyc6.ip4.gtt.net - tells that it's New York router of GTT and hence most of traffic here is routing via New York. So instead of latency being 130-170ms (depending on where the destination is in India) it's as high as 250ms.

Why BGP is taking this unoptimised path. That's due to the fact that BSNL is announcing routes only in the US via these large networks and not in Europe. Hence for anyone to send traffic entry point is only the US. Besides GTT, for the same pool BSNL is also using Tata Comm AS6453 but again outside of India. Here are a couple of traces to show the same:

(multi part reply to stay in word limit)

 

[Anurag Bhatia]

(rest of reply)


Leaseweb Germany AS28753 > BSNL India

traceroute to 59.88.208.1 (59.88.208.1), 30 hops max, 60 byte packets
1 185.17.144.254 (185.17.144.254) [AS28753] 1.241 ms 1.235 ms 1.608 ms
2 et-6-35.ce02.fra-10.de.leaseweb.net (46.165.226.254) [AS28753] 0.369 ms 0.418 ms 0.416 ms
3 be-2.br02.fra-10.de.leaseweb.net (178.162.223.152) [AS28753] 2.103 ms 3.419 ms 3.422 ms
4 ix-ae-10-0.thar1.f2c-frankfurt.as6453.net (195.219.61.21) [AS6453] 1.876 ms 1.882 ms 1.880 ms
5 if-ae-2-2.tcore1.fnm-frankfurt.as6453.net (195.219.156.129) [AS6453] 148.042 ms 148.050 ms 148.050 ms
6 if-ae-6-2.tcore1.av2-amsterdam.as6453.net (195.219.194.149) [AS6453] 148.111 ms 148.737 ms 148.732 ms
7 if-ae-2-2.tcore2.av2-amsterdam.as6453.net (195.219.194.6) [AS6453] 150.120 ms 148.728 ms 148.784 ms
8 if-ae-14-2.tcore2.l78-london.as6453.net (80.231.131.160) [AS6453] 152.067 ms 152.066 ms 152.113 ms
9 if-ae-18-2.tcore1.nto-newyork.as6453.net (80.231.131.73) [AS6453] 149.152 ms 149.159 ms 149.157 ms
10 if-ae-36-2.tcore1.sqn-sanjose.as6453.net (63.243.128.167) [AS6453] 146.899 ms 146.915 ms 146.913 ms
11 if-ae-18-2.tcore2.sv1-santaclara.as6453.net (63.243.205.73) [AS6453] 148.589 ms 148.624 ms 148.622 ms
12 if-ae-0-2.tcore1.sv1-santaclara.as6453.net (63.243.251.1) [AS6453] 148.556 ms 148.563 ms 148.533 ms
13 if-ae-8-2.tcore1.lvw-losangeles.as6453.net (66.110.59.8) [AS6453] 148.000 ms 148.196 ms 148.176 ms
14 * * *
15 117.216.207.220 (117.216.207.220) [AS9829] 255.286 ms 255.292 ms 255.288 ms
16 218.248.113.66 (218.248.113.66) [AS9829] 274.285 ms 274.288 ms 274.151 ms
17 218.248.113.65 (218.248.113.65) [AS9829] 271.723 ms 271.730 ms 270.167 ms
18 59.88.208.1 (59.88.208.1) [AS9829] 271.704 ms 271.802 ms 271.730 ms

Linode London AS63949 > BSNL India

traceroute to 59.88.208.1 (59.88.208.1), 30 hops max, 60 byte packets
1 router2-lon.linode.com (212.111.33.230) [AS15830] 0.723 ms 0.679 ms 0.771 ms
2 109.74.207.2 (109.74.207.2) [AS63949/AS15830] 0.559 ms 0.547 ms 0.542 ms
3 ix-ae-13-0.tcore2.ldn-london.as6453.net (80.231.62.149) [AS6453] 0.790 ms 0.785 ms 0.799 ms
4 if-ae-32-2.tcore3.nto-newyork.as6453.net (63.243.216.22) [AS6453] 140.269 ms 140.265 ms 140.258 ms
5 if-ae-26-2.tcore1.ct8-chicago.as6453.net (216.6.81.29) [AS6453] 147.411 ms 147.408 ms 147.402 ms
6 if-ae-22-2.tcore2.ct8-chicago.as6453.net (64.86.79.1) [AS10937] 148.078 ms 147.884 ms 147.834 ms
7 if-ae-20-4.tcore1.sv1-santaclara.as6453.net (63.243.251.58) [AS6453] 148.129 ms 148.304 ms 148.272 ms
8 if-ae-8-3.tcore1.lvw-losangeles.as6453.net (63.243.250.59) [AS6453] 150.424 ms 150.385 ms 150.439 ms
9 * * *
10 * * *
11 218.248.113.66 (218.248.113.66) [AS9829] 290.285 ms 290.385 ms 290.377 ms
12 218.248.113.65 (218.248.113.65) [AS9829] 289.256 ms 289.253 ms 289.219 ms
13 59.88.208.1 (59.88.208.1) [AS9829] 289.210 ms 289.224 ms 289.168 ms

Besides only transit there, another factor BGP would very often use is preference of downstream customers over peers (see slide 29 here). So even if say BSNL taking IP transit from Tata Comm AS4755 in India (which they do have actually) and announce routes to that as well as over this GTT circuit in New York, then entire GTT network as well as their single homed customer (who only buy from GTT) would always prefer GTT > BSNL path no matter even if has to go a few continents. That AS_PATH is shorter, plus upstream here (GTT) would have high localpref on routes via a customer (BSNL) where they make money compared to same route from a peer like Tata Comm which very likely is settlement free peer and where they won't make money by sending traffic. BSNL can in theory tweak it and control a bit i.e by using BGP communities. They could signal to transits in the US (GTT/Tata Comm in this example) to announce that route only to their peers and customers in the US, South America etc and not in Europe, Singapore etc and have setup in place to take care of traffic from Europe.

With all that being said - please also understand that while there are 65000+ ASNs/networks the world, typically top 20-30 carry as much as 90% of traffic towards an eyeball like BSNL, Jio, Airtel, MTNL, ACT etc via peering as well as caching nodes. And out of those top 20-30, BSNL can easily peer with top 15-20 within India. Once you are peered to those for remaining 64970 ASNs you are looking at 10-20% of traffic and that too diminishing as more traffic aggregates to large CDNs and cloud player (for good or bad, whatever but that's happening). Thus I would say BSNL could just do good domestic peering, drop all long haul ILD circuits and take local IP transits to save from management as well as traffic engineering efforts. That's more realistic, easy and efficient. There's a funny ratio in our industry - bandwidth cost is like 1:3:10. So if at core it's $1, it would $3 on middle mile and $10 at last mile (where end user is connected). Thus whether BSNL keeps inefficient routing while keeping it's purchase price at $3 or $2.8 that matters less if users paying $10 to them start leaving due to latency issues.