The premiere source of truth powering network automation. Open and extensible, trusted by thousands.
NetBox is now available as a managed cloud solution! Stop worrying about your tooling and get back to building networks.
Internet in Iraq
By stretch | Wednesday, December 10, 2008 at 9:25 a.m. UTC
I receive a fair amount of questions from readers concerning my Internet access here in Iraq, and I thought it would be neat to do a post on how I'm able to maintain a website from a forward operating base in the middle of the Iraqi desert.
Network Topology
For Internet access, I lease a satellite connection from a company called Bentley-Walker, which provides service to regions in Europe, the Middle East, Africa, and South America. A 1.8 meter dish mounted on the roof of my billet functions as the antenna (pictured below).
Inside, the satellite signal is fed to a ViaSat LinkStar S2 modem. The particular plan I lease provides a shared 2048 Kbps downstream and 512 Kbps upstream (I typically achieve 10% to 50% of these speeds). The modem (middle) connects to a Linksys WRT54GL SOHO router (top), which runs a custom firmware (more on that in a bit). The WRT54GL in turn connects to the Cisco 3550 (bottom) for layer two aggregation.
A number of dumb switches not pictured are also scattered about my neighborhood to extend the service to neighboring buildings. Everything is wired; I don't have the patience to secure or troubleshoot wireless configurations on a bunch of home user-owned laptops.
Billing
Not including hardware costs, the service contract with Bentley-Walker for a 2 Mbps/512 Kbps connection (shared) runs about $3985 per quarter (that's $1330/mo, something to think about next time you complain about your ADSL bill). Of course, I don't pay all that out of pocket; acting as a mini-ISP, I share the uplink with other people who chip in at $80/mo each. With 16 people buying we just about break even on the monthly cost. $80 may seem steep given the quality of the connection, but it's not a bad deal for Iraq. Remember also that the costs mentioned are for an admittedly high-tier plan; lower bandwidth allocations are available for proportionately less cost.
Connectivity
To accommodate more than 13 clients on the LAN (a limit imposed by the provider-assigned /28 subnet), I had to install a router to double-NAT an internal subnet of my own. My first choice for this, like a good Cisco tool, was an ASA 5505, but this soon proved to be a poor fit. The ASA has a bunch of features I didn't need, while lacking a few I did. (Plus, when I eventually head back stateside and turn the network over to someone else to maintain, I'm not giving up my ASA.)
Recently I purchased a Linksys WRT54GL to act as an internal router and installed on it the custom Tomato firmware. Tomato sports some very handy features, like QoS enforcement and real-time bandwidth monitoring. Here's a 24-hour graph for example:
Tomato offers advanced configuration through an intuitive web-based administration interface, so Cisco experience won't be required of my successor when I leave.
Overall I've been pretty surprised at the quality of the satellite connection. It will drop out for brief periods once in a while, as is to be expected, but it has been largely trouble-free. Throughput isn't as bad as you might think, either: a 700 MB file typically takes between 12 and 18 hours to download, depending on how saturated the link is. Web browsing is responsive, and even Skype works under light load. Real-time gaming is a no-go, of course, because the propagation delay inherent in all satellite shots will always be there, regardless of the bandwidth allocated.
Posted in Random
Comments
December 10, 2008 at 10:28 a.m. UTC
Hi Stretch, what is the latency of this connection? For instance - what is the rtt reported by ping to yahoo.com?
Best regards!
December 10, 2008 at 2:27 p.m. UTC
Good article, stretch. It's always good to see people making do with what they have; it makes me feel better about my OC12s. :)
December 10, 2008 at 5:23 p.m. UTC
Maybe you want to check out DD-WRT which is another good firmware for the WRT54GL, see the feature list http://www.dd-wrt.com/wiki/index.php/What_is_DD-WRT%3F#Features
December 10, 2008 at 7:14 p.m. UTC
I see , you are using KU_BAND but why you didn't chose C_BAND ?
December 10, 2008 at 8:53 p.m. UTC
After recently trying the DD-WRT firmware, although the latest (2.4?) version has started to add features such as the bandwidth monitoring it can be quite buggy on some Linksys models. Regularly requiring restarts to clear it up and doesn't maintain much of a bandwidth log.
Perhaps good for experimenting with to see what is possible; but not good for heavy reliability.
December 11, 2008 at 1:30 p.m. UTC
Thanks for sharing this with us. Your blog is really outstanding...
December 11, 2008 at 4:35 p.m. UTC
Have you worked with any guys at Datapath?
December 11, 2008 at 8:18 p.m. UTC
So I am curious, you are deployed yes? And the gov doesnt cover any of this or is this entire setup for personal use?
December 11, 2008 at 9:54 p.m. UTC
@Danail: Delay across the shot varies widely depending on how saturated it is at any given moment, but the RTT to the other side of the shot and back is typically around 1000ms.
@jalal: This was the plan that seemed to give us the most for our money. In fact, I didn't pick it out myself; my predecessor was a satellite tech so I trust his judgment.
@Mike: Yep, I do currently.
@Eric: Yes, this is just for personal use. The military of course has its own array of networks for various purposes (some of which I'm paid to help maintain).
December 11, 2008 at 11:06 p.m. UTC
What's your ratio? We're using a Greek provider with a 10:1.
December 11, 2008 at 11:26 p.m. UTC
@Scott: Same here, 10:1.
December 11, 2008 at 11:36 p.m. UTC
Cool. I could probably name a few but that's beyond the scope of the post. Tomato looks very interesting but I love DDWRT.
Small world I tell ya.
December 12, 2008 at 12:46 p.m. UTC
Hey there ! Thanks for this blog , it s outstanding ... So much things i have to learn ...
Many thanks again ..
Are you working for the US Army ? cuz i'm working for the French Air Force and i'll may come there maybe soon .
Hope to hear from you
December 13, 2008 at 2:46 a.m. UTC
Thanks for posting, and I enjoy your site.
December 13, 2008 at 7:18 a.m. UTC
Leave it to a network geek to find internet....ANYWHERE!
December 16, 2008 at 7:16 p.m. UTC
ay stretch.
i can't believe that they don't allow you to use their network and that you have to buy your own. what's the reasoning behind that?
another great post!!
December 16, 2008 at 7:18 p.m. UTC
oh, one more thing, you should get rid of that little linksys box and use pfsense! check it out if you haven't pfsense.com
December 29, 2008 at 1:32 a.m. UTC
Tomato > DD-WRT
December 16, 2009 at 5:22 p.m. UTC
What a small word stretch, you were in Iraq !! I think you can't tell where you were ( in which location ) in Iraq exactly ( for security reasons ), even if your mission is just completed. By the way, I'm in Baghdad. may be you visited our capital in your mission. I should say to you " Marhaba" instead of "Hello", it is the same thing but in Arabic. Great experience!
January 30, 2010 at 12:13 p.m. UTC
Quick question, in Iraq also and we went with Bentley Walker too, can't seem to get Skype to run right...any suggestions?
April 24, 2013 at 5:03 p.m. UTC
Memories...
We sourced satellite service from one of our 'terps at FOB Summerall, circa 2006-2007. It was actually pretty good service.
I had a day off once, and spent the day surfing...what else? I was astounded at how fast the service was. Then the rest of the platoon came in off patrol. Within 10 minutes the speed slowed to unbearable. I started sniffing, only to find that everyone else was accessing the same content I was :)
So much for General Order #1...