Search RPD Archives
Limit search to: Subject & Body Subject Author
Sort by:

[rpd] Re: Factors affecting in-region utilization - way forward?

Mukom Akong T. mukom.tamon at
Mon Jul 21 08:44:18 UTC 2014

On Mon, Jul 21, 2014 at 11:42 AM, Seun Ojedeji <seun.ojedeji at>

> Below is the order that is experienced
> 1) We don't think its necessary to change - Infact this is mostly the
> case and when ICT directorate of an institution don't think there is any
> benefit/need to run native v4 every other item below get stalled!


a) So long as we are using NAT, the more users we worse performance will
get. Show the IT director graphs that show that even though Internet is
slow, we are still within our bandwidth usage. (The pain here which they
feel is poor performance. Yes I've used this before ...successfully)

b) Let's start with the network engineers, eliminate NATs internally! Route
your RFC1918 space to and NAPT at the the edge. This has two implications

    * You get visibility into your own internal nework
    * You make it easier to see that NAT is the bottleneck because your NAT
kludge is not distributed everywhere on the network.

c) It should be easy to make the case for a larger block of public IPv4
space for services. (and hint, if you work on some cool internal services
that the management and users love but suddenly can't use them when they
are not in the office on campus, then you have one more reason to justify
what that service should be on a public IP address.)

> 2) We understand the need to change but scare of security implications

[Counter] "What security implications are those?". Education is the first
weapon against fear. "Look your fear in the eye and it will lose its power
over you"

a) User behavior (clicking strange links, visiting hostile sites etc)
already by-pass whateve security they think NAT provides.

b) SPI whence from the perceived benefits of NAPT come from isn't an
inherent part of NAPT - it just happens to be often co-exist with a NAPT
service. If for some reason you really want to do that with a public IP
address, it is possible to do.

> 3) Our ISP is hindering our change due to extra recurring charges

Specify your requirements that will work for you in your new RFP and put
your ISP on notice. Only in rare cases does an institution not have options
in ISP for a whole 3 years

> 4) Our management may not approve extra cost of internet (its not
> something to feel and touch like classrooms :))

Most universities actually do highly value ICT as an investment to better
the institution. The question is that does the ICT Director and his team
know what the elements of effective ICTs are? So long as ICT infrastructure
becomes another word for "Internet access" on campus, then of course while
there is some Internet ... there's no need to improve.

Effective ICTs for the service of education is quite a lot about putting in
place infrastructure that helps students, staff and administration both
on-campus and off campus. These services should be available on campus but
also when people move off campus. Things like

- MOOC or e-Learning services hosted on campus but that can be accessed off
- Online registrations systems
- Transcript application services
- Time-tables
- etc etc

I have a philosphy that one uses responsibility to buy freedom and
credibility. I doubt that there's a university where the network and sys
admin team have worked hard to put in place a routed internal RFC1918
network with useful services and still fail to make the case of a large
block of public space. If there are, I'm offering to help guide them how to
make the case to their suits.

And no, a simple request to management of let's get public IPv4 space for
every user will most likely get ignored and ridiculed because of the mere
size. If the top 10 universities on this continent decided to give each
network user 1 public IP address, your favourite RIR's v4 space won't last
a year.


Mukom Akong T. |  twitter: @perfexcellent
“When you work, you are the FLUTE through whose lungs the whispering of the
hours turns to MUSIC" - Kahlil Gibran
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <>

More information about the RPD mailing list