African Union Project Helps Set Up IXPs in Six African countries

Six African countries have set up Internet Exchange Points (IXPs), after two years of the Arfican Union’s African Internet Exchange System (AXIS) project, managed by the Internet Society.

Under the project, the Internet Society was to provide technical training to AU member countries. The initial engagement involved building a local stakeholder driven process to start the dialogue for countries without IXPs with an end goal of establishing a national IXP based on global best practices. The second part involved  initiating a regional process to support the growth of existing national IXPs and ISPs to become Regional IXPs (RIXPs) and Regional Internet carriers (RICs) respectively. Technical training was held in 28 countries, attracting more than 500 participants.

“This is the first major initiative in Africa that has utilised the multi-stakeholder approach towards the implementation of IXPs. Governments have played a facilitative role towards the establishment of IXPs in five countries launched in 2014 and are actively involved in the 3 preparing to be launched in 2015. As a result, there has been more IXPs launched in the last 12 months than in the 5 years before,” said Michuki Mwangi, Internet Society’s Senior Development Manager for Africa.

The new IXPs are in Namibia, Burundi, Swaziland, Gambia, Gabon and Seychelles  . Africa currently has 33 IXPs and according to Packet Clearing House (PCH), Africa’s domestic bandwidth production grew by 145 percent, from 113Gigabits in April last year to 277 Gigabits in April this year.

The engagement in countries involved bringing together government representatives, ISPs, content, research and education network operators, amongst others likely to be peering at the exchange. The countries also received, technical trainings that involved assessment of technical preparedness for networks expected to participate, discussion on benefits of setting up an IXP and benefits of getting Internet resources IP addresses and Autonomous System Numbers (ASNs) from AFRINIC.

“The five workshops at the regional level achieved their goal, which was to enhance interconnectivity within the region, encourage local content development and data localization by promoting investments in data hosting infrastructures and data centers as well as through cost-saving peering and content distribution mechanisms,” said the final report forwarded to the AU.

In terms of availability of technical experts in the area of IXPs, Africa is still considered lower than other regions, which means AXIS training has produced a high number of experts.

“The number of people trained and countries covered in the project was more than in the entire history of Africa and IXPs,” said Michuki Mwangi “Through the project we have developed a pool of subject matter experts in the African region. In addition, the process has enabled us to attach regional and international experts, to continue supporting the respective countries through their efforts to establish the IXP.”

 

//

Africa records major increase in domestic bandwidth production

African Internet Exchange Points have recorded a big increase in domestic bandwidth production, as a result of growth in sharing of Google cache, e-government services, local hosting infrastructure and services.

According to Packet Clearing House (PCH), Africa’s domestic bandwidth production grew by 145 percent, from 113Gigabits in April last year to 277 Gigabits in April this year. The number of IXPs also grew from 25 last year to 37 this year, a 48 percent increase.

“There is a general observation of significant traffic increase at IXPs where members have mutually agreed to share Google Cache and other CDN cache traffic; there is also considerable traffic being generated from e-government services, growth of local hosting services supported by the availability of local hosting infrastructure,” said Michuki Mwangi,

One of the fastest growing IXPs in Sub-Sahara Africa is NAPAfrica,. It has three locations in South Africa; Johannesburg  (Est. 2012), Cape Town (Est. 2012) and Durban (Est. 2014). NAP Africa Johannesburg records 20Gbps peak traffic, Cape Town has 5Gbps, while Durban has 100Mbps peaks traffic. Two NAPAfrica IXPs have recorded significant growth within a very short period. On the other hand, the INX operated by the South Africa ISP Association (ISPA) and also hosted in data centers in Johannesburg (JINX est. 1996), Cape Town (CINX est. 2009) and Durban (DINX est. 2012) have equally high traffic at JINX (14Gbps peak) and CINX (3.8Gbps peak) by the regions levels. However, it is of interest to observe that NAPAfrica’s two facilities have achieved higher traffic levels over a shorter time compared to the INX in similar locations.

“NAPAfrica is an IXP located in one of the few carrier neutral data center facilities in Africa operated by Teraco. As a result, NAPAfrica is in a prime location to attract membership from a diverse range of businesses collocated inside the carrier neutral facility. I believe that, the carrier neutral data-center factor has played a significant role in the impressive growth seen at NAPAfrica over a short period,” added Mwangi.

Considering that most carrier neutral CD’s are often served by major operators. It is likely that NAPAfrica’s growth is buoyed by its ability to easily connect and cross connect providers within the data centre and at high speed, without the need for procuring additional links with infrastructure operators.

According to preliminary data from research being conducted by Africa IXP Association, 35 percent of the IXPs charge port fees (monthly/annual) which is considered a global best practice to ensure sustainability of the IXP operation. This position is enforced by the fact that 35% of the IXPs that do not charge are planning to implement fees in the future. If this would be considered it would be safe to say that soon, at least 70% of all the IXPs in region would be self-sustainable and capable of establishing themselves as regional hubs.

The survey also highlighted that majority of the IXPs (55%) have small networks and content friendly peering policies. This policies appear to be in line with the current level of development where most of the IXP members are small networks and are looking to attract content providers. Fifteen percent of the IXPs have bilateral peering which is friendly to large networks, that prefer to have the choice of whom they interconnect with at the IXP. The remaining 30% of the respondent IXPs have less favorable peering policies that enforce peering for all IXP participants. The mandatory peering policies are often favored by startup IXPs to develop the peering culture. These policy tend to be reviewed as the IXP grows and members have a better understanding of the benefits of peering.

AFIX was formed in 2013, to provide an enabling environment for IXP operators and to help IXPs maximise their value, to improve connectivity within the region and increase Internet’s value for all.

Even though the research shows growth and stability in terms of power back up and security in the IXP facilities, many IXPs are struggling to grow the number of networks peering and the capacity exchanged locally.

“To grow their capacity, the African IXP operators need to consider expanding the target market of the IXP membership to include a diverse range of non-traditional members such as banks, government networks, media, academia, research and education networks,” said Mwangi.

With the massive investments in ICT infrastructure, Mwangi says IXPs need to develop strategic partnerships with terrestrial infrastructure and submarine cable operators to provide suitable  ackages for connectivity to the IXP facility. This will serve as an incentive to connect the new diverse range of (local and cross-border) businesses to the IXP and with higher capacity.

Mwangi concluded that the notable growth in traffic exchanged at IXPs is a clear indication of the regions potential and future growth potential is dependent on the stakeholders ability to nature and leverage on the relationships formed within the IXP’s ecosystem.

//

 

AMS-IX and TESPOK end Mombasa Internet Exchange partnership

After one year of joint operations, Amsterdam Internet Exchange (AMS-IX) and the Telecommunications Service Providers of Kenya (TESPOK) have terminated the agreement for operations at the Mombasa Internet Exchange, a Point of Presence (POP) based at the SEACOM landing station.

The decision to terminate the agreement was reached after the POP failed to attract more users to exchange content, commonly known as peers. Google, a Content Delivery Network (CDN) is currently peering in Mombasa, exchanging content with three other Kenyan networks.

“Since the exchange point went live in mid 2014 it has proved difficult to attract parties to participate in the exchange. This has led to the difficult decision to close the East Africa Exchange Point as of June 1st. This doesn’t mean that the development of the Internet infrastructure in East Africa has reached a standstill,” said a statement posted on AMS-IX website.

In response, TESPOK sent out a statement saying it had launched the Mombasa Internet Exchange Point in August 2009 at the SEACOM Landing station. The partnership with AMSIX was to support the growth of the already existing POP in Mombasa and add value to the region.

“This partnership has seen the location attract several international operators and at the same time brought to the fore some of the challenges of the set up in Mombasa,” said Fiona Asonga, TESPOK CEO.

In the statement, Asonga blamed the failure of the partnership on the challenges of set up in Mombasa, such as; lack of appropriate local government support for ICT infrastructure investment, absence of carrier neutral data centers in the region and the costs of transit between Nairobi and Mombasa to facilitate peering at both the Nairobi and Mombasa locations.

“TESPOK is determined and will continue to run Mombasa Internet Exchange Point as it had began in 2009 and with the standards it has used to operate  the Nairobi Kenya Internet Exchange Point POPs since 2002,” added Asonga.

On its part, AMS-IX promised to continue supporting peering and interconnection in Africa through forums such as Africa Peering and Interconnection Forum (AfPIF) through sharing of knowledge and experience, and the provisioning of equipment to developing Internet exchanges.

 

//

Cyber Security report by TESPOK, Serianu is just shoddy

Last year, was the first time I read the Cyber Security report by TESPOK and Serianu, a security company. I remember thinking “why is this report so hollow?” but I thought it was because it was the first year and they didn’t have the materials.

You can imagine the question I asked this time round, when I read this report on TESPOK website. You can read my story for the IT World.

So, what are my issues with the report?

1. Shoddy, sketchy work

If you read the report, the point where you find the statistics, is the honey pot side, which is a security system put in place at TESPOK to capture data from all the ISPs peering or exchanging content at the Kenya Internet Exchange Point.

If you read the other information on areas such as banking, the data is devoid of any statistics or any information that can add value. They may just as well have given this desk research to a journalist and they probably would have come up with a better write up.

The intro is written by a guy from Equity bank, who could at least have alluded to all the fraud and security issues that security experts say Equity Bank is vulnerable to. Not to admit but all that marketing rubbish of how they have the systems in place, even though we know it is a lie.

Some of that info may not be disclosed by if you are security experts, you will have insiders who will indicate how much, say, every bank or at least the major banks are losing to cyber threats.

In short, that report could have been consolidated by the folks at TESPOK, either they are just lazy or they feel that partnering with Serianu given TESPOK more credibility, its an industry body, they needed Serianu to just compile?

 

2. Advertising for Serianu

If you read the report, it has several pages advertising what Serianu does and very minimal or none of what TESPOK does. Again, I ask, who needed who? If TESPOK just needed to advertise Serianu, don’t call it research, call it an advertorial or white paper or something.

 

3. Naming and shaming ISPs

The report talks about ISPs that are prone to malware, again, this is from the Honey pot. The report names the 20 ISPs but doesn’t give their names. When will they ever learn if the information is hidden?

I know that exposing an ISP’s cybersecurity vulnerability affects its bottom line but they will improve if consumers are able to know which ISPs are most secure. Its more like touting yourself as a researcher in media and corruption, then instead of naming the most corrupt media houses, you just give us number one to ten then present the percentages, how does that help us?

Yes, ISPs are members of TESPOK and do not want to be shamed but if you want the ISPs to take the research seriously, then name them, make use of the honey pot and forget these essays that we can google and download.

The closest I got to identifying the ISPs was in the publication of AS numbers for the IPs considered lethal. With the AS numbers I identified Access Kenya, JTL, Safaricom, among others as the culprits.

 

4. Role of KE CERT

I think the best statement was towards the end, when the report says there is a need for a strong CERT in Kenya, this was like a kick to the CCK and their dismal efforts, which you can read on their website.

 

Of course this is just my opinion…….you can read the report and be the judge.

TESPOK now wants to manage KENIC

About a week ago, I received a press release, which I guess was widely circulated. It was from the Telecommunications Service Providers of Kenya, commonly known as TESPOK.  It was sent by the Access Kenya PR machine, maybe because Kris Senanu, Access Kenya MD is the chair of TESPOK.

Since then, a lot has been said and you can read John Walu’s blog in the nation online and if you are new to matters KENIC and domain names in Africa, you can read some posts I have done over the years.

Back to TESPOK, their concern was that the Communications Commission of Kenya (CCK) soon to be Communications Authority of Kenya (CAK) had not consulted them on the idea of commercialising the .ke domain. The release was responding to a story appearing in the papers to that effect.

Kris Senanu, TESPOK Chair

Kris Senanu, TESPOK Chair

Now, TESPOK sits on the KENIC board, the release clearly indicates that it is one of the founding stakeholders and at the height of the crises at KENIC board, TESPOK gladly took over the technical functions at KENIC. It may well be that TESPOK didn’t want the disruption of services for .ke owners but it may also be that TESPOK was comfortable with the status.There was even a proposal for revenue sharing for performance of technical function.

At the point when it emerged that the new law would change the structure of KENIC, I expected TESPOK to be more vocal and to be the leading light, but maybe its just me, maybe they started the debate earlier.

When I got the release, my first reaction was: What changed at the KENIC board? The balance has been altered.

Then I got to the last segment of the release…. boom….

“Unfortunately, over the last five years interference of CCK, now CAK, in the day to day operations of KENIC has seen the organization experience unprecedented turnover of both Board and staff; with 5 CEO changes. The functions of KENIC have continued to be delivered because TESPOK maintained its commitment to the local industry as per the ICANN Agreement to provide technical and logistical support to the .ke manager.  It is important for CCK/CAK to give the .ke ccTLD manager the opportunity to deliver on agreed key deliverables that have not been met in the last five years. Commercialization is not a solution to meeting the identified and agreed industry gaps within the local internet community.

 TESPOK has both the technical and administrative resources necessary to continue as a sole guarantor of the ccTLD if and when CAK pulls out. It has provided such support in the past. This will evidently lead to consolidating the Internet technical community shared resources under one umbrella body; a move very similar to, the consolidation of the various government agencies handling government ICT deployment and implementation under the Kenya ICT Authority. The scenario would then consolidate KENIC (the .ke manager), KIXP (Africa’s fastest growing Internet Exchange Point) and I-CSIRT (Internet Computer Security Incident Response Team) under the TESPOK stewardship.”

 

The last para is where the weight is, TESPOK wants to handle the .ke registry. It is very clear that they have outlined their capacity. Please note, it says TESPOK can continue as the sole guarantor of the ccTLD, (.KE) and not of KENIC.

Technical capacity? But, KIXP was recently moved to the Liquid Telecom data centre, does it mean the KENIC registry will be moved there too?

There is a registrar organisation known as DRAKE that is represented in the KENIC board, are they ok with this? (Aly Hussein used to be the representative, now I have no idea how to get to the new rep, if you know, please help me 🙂

I am told of  battles of supremacy between DRAKE and TESPOK over who is the industry voice and who is king. There are some who think that registries like .ke thrive because of registrars example Nominet in the UK, while others feel the role of ISPs is vital.

It depends on which camp you are because there are arguments that ISPs have shifted from domain and hosting business and left it to smaller players who make it their core business.

There is no doubt that the KENIC story is convoluted and the decision for CCK to leave KENIC board and be replaced by the ICT Authority doesn’t make much sense. It is the same government, CCK and ICTA are brothers or sisters, whatever they want to do they can, let us not kid ourselves.

CCK says it has extended the comments on the new law by a week and when the time comes for the application process, I wonder whether TESPOK will put in a separate bid or will seek to protect KENIC and have it continue with the functions.

Time will tell…….