Internet in Iraq

By stretch | Wednesday, December 10, 2008 at 9:25 a.m. UTC

I receive a fair amount of questions from readers concerning my Internet access here in Iraq, and I thought it would be neat to do a post on how I'm able to maintain a website from a forward operating base in the middle of the Iraqi desert.

Network Topology

topology.png

For Internet access, I lease a satellite connection from a company called Bentley-Walker, which provides service to regions in Europe, the Middle East, Africa, and South America. A 1.8 meter dish mounted on the roof of my billet functions as the antenna (pictured below).

satellite_dish.jpg

Inside, the satellite signal is fed to a ViaSat LinkStar S2 modem. The particular plan I lease provides a shared 2048 Kbps downstream and 512 Kbps upstream (I typically achieve 10% to 50% of these speeds). The modem (middle) connects to a Linksys WRT54GL SOHO router (top), which runs a custom firmware (more on that in a bit). The WRT54GL in turn connects to the Cisco 3550 (bottom) for layer two aggregation.

gear.jpg

A number of dumb switches not pictured are also scattered about my neighborhood to extend the service to neighboring buildings. Everything is wired; I don't have the patience to secure or troubleshoot wireless configurations on a bunch of home user-owned laptops.

Billing

Not including hardware costs, the service contract with Bentley-Walker for a 2 Mbps/512 Kbps connection (shared) runs about $3985 per quarter (that's $1330/mo, something to think about next time you complain about your ADSL bill). Of course, I don't pay all that out of pocket; acting as a mini-ISP, I share the uplink with other people who chip in at $80/mo each. With 16 people buying we just about break even on the monthly cost. $80 may seem steep given the quality of the connection, but it's not a bad deal for Iraq. Remember also that the costs mentioned are for an admittedly high-tier plan; lower bandwidth allocations are available for proportionately less cost.

Connectivity

To accommodate more than 13 clients on the LAN (a limit imposed by the provider-assigned /28 subnet), I had to install a router to double-NAT an internal subnet of my own. My first choice for this, like a good Cisco tool, was an ASA 5505, but this soon proved to be a poor fit. The ASA has a bunch of features I didn't need, while lacking a few I did. (Plus, when I eventually head back stateside and turn the network over to someone else to maintain, I'm not giving up my ASA.)

Recently I purchased a Linksys WRT54GL to act as an internal router and installed on it the custom Tomato firmware. Tomato sports some very handy features, like QoS enforcement and real-time bandwidth monitoring. Here's a 24-hour graph for example:

tomato_bw_graph.png

Tomato offers advanced configuration through an intuitive web-based administration interface, so Cisco experience won't be required of my successor when I leave.

Overall I've been pretty surprised at the quality of the satellite connection. It will drop out for brief periods once in a while, as is to be expected, but it has been largely trouble-free. Throughput isn't as bad as you might think, either: a 700 MB file typically takes between 12 and 18 hours to download, depending on how saturated the link is. Web browsing is responsive, and even Skype works under light load. Real-time gaming is a no-go, of course, because the propagation delay inherent in all satellite shots will always be there, regardless of the bandwidth allocated.

About the Author

Jeremy Stretch is a network engineer living in the Raleigh-Durham, North Carolina area. He is known for his blog and cheat sheets here at Packet Life. You can reach him by email or follow him on Twitter.

Posted in Random

Comments


Danail Petrov (guest)
December 10, 2008 at 10:28 a.m. UTC

Hi Stretch, what is the latency of this connection? For instance - what is the rtt reported by ping to yahoo.com?

Best regards!


Aaron Conaway (guest)
December 10, 2008 at 2:27 p.m. UTC

Good article, stretch. It's always good to see people making do with what they have; it makes me feel better about my OC12s. :)


Anonymous (guest)
December 10, 2008 at 5:23 p.m. UTC

Maybe you want to check out DD-WRT which is another good firmware for the WRT54GL, see the feature list http://www.dd-wrt.com/wiki/index.php/What_is_DD-WRT%3F#Features


jalal (guest)
December 10, 2008 at 7:14 p.m. UTC

I see , you are using KU_BAND but why you didn't chose C_BAND ?


Stanto (guest)
December 10, 2008 at 8:53 p.m. UTC

After recently trying the DD-WRT firmware, although the latest (2.4?) version has started to add features such as the bandwidth monitoring it can be quite buggy on some Linksys models. Regularly requiring restarts to clear it up and doesn't maintain much of a bandwidth log.

Perhaps good for experimenting with to see what is possible; but not good for heavy reliability.


Aus (guest)
December 11, 2008 at 1:30 p.m. UTC

Thanks for sharing this with us. Your blog is really outstanding...


Mike (guest)
December 11, 2008 at 4:35 p.m. UTC

Have you worked with any guys at Datapath?


Eric (guest)
December 11, 2008 at 8:18 p.m. UTC

So I am curious, you are deployed yes? And the gov doesnt cover any of this or is this entire setup for personal use?


stretch
December 11, 2008 at 9:54 p.m. UTC

@Danail: Delay across the shot varies widely depending on how saturated it is at any given moment, but the RTT to the other side of the shot and back is typically around 1000ms.

@jalal: This was the plan that seemed to give us the most for our money. In fact, I didn't pick it out myself; my predecessor was a satellite tech so I trust his judgment.

@Mike: Yep, I do currently.

@Eric: Yes, this is just for personal use. The military of course has its own array of networks for various purposes (some of which I'm paid to help maintain).


Scott (guest)
December 11, 2008 at 11:06 p.m. UTC

What's your ratio? We're using a Greek provider with a 10:1.


stretch
December 11, 2008 at 11:26 p.m. UTC

@Scott: Same here, 10:1.


Mike (guest)
December 11, 2008 at 11:36 p.m. UTC

Cool. I could probably name a few but that's beyond the scope of the post. Tomato looks very interesting but I love DDWRT.

Small world I tell ya.


Nicolas (guest)
December 12, 2008 at 12:46 p.m. UTC

Hey there ! Thanks for this blog , it s outstanding ... So much things i have to learn ...

Many thanks again ..

Are you working for the US Army ? cuz i'm working for the French Air Force and i'll may come there maybe soon .

Hope to hear from you


asm (guest)
December 13, 2008 at 2:46 a.m. UTC

Thanks for posting, and I enjoy your site.


Bob Dole (guest)
December 13, 2008 at 7:18 a.m. UTC

Leave it to a network geek to find internet....ANYWHERE!


phil (guest)
December 16, 2008 at 7:16 p.m. UTC

ay stretch.

i can't believe that they don't allow you to use their network and that you have to buy your own. what's the reasoning behind that?

another great post!!


phil (guest)
December 16, 2008 at 7:18 p.m. UTC

oh, one more thing, you should get rid of that little linksys box and use pfsense! check it out if you haven't pfsense.com


Brian (guest)
December 29, 2008 at 1:32 a.m. UTC

Tomato > DD-WRT


sama
December 16, 2009 at 5:22 p.m. UTC

What a small word stretch, you were in Iraq !! I think you can't tell where you were ( in which location ) in Iraq exactly ( for security reasons ), even if your mission is just completed. By the way, I'm in Baghdad. may be you visited our capital in your mission. I should say to you " Marhaba" instead of "Hello", it is the same thing but in Arabic. Great experience!


Sean (guest)
January 30, 2010 at 12:13 p.m. UTC

Quick question, in Iraq also and we went with Bentley Walker too, can't seem to get Skype to run right...any suggestions?


RM (guest)
April 24, 2013 at 5:03 p.m. UTC

Memories...

We sourced satellite service from one of our 'terps at FOB Summerall, circa 2006-2007. It was actually pretty good service.

I had a day off once, and spent the day surfing...what else? I was astounded at how fast the service was. Then the rest of the platoon came in off patrol. Within 10 minutes the speed slowed to unbearable. I started sniffing, only to find that everyone else was accessing the same content I was :)

So much for General Order #1...

Comments have closed for this article due to its age.