[governance] Pakistan: National URL Filtering & Blocking System.

Brett Solomon brett at accessnow.org
Thu Feb 23 10:40:53 EST 2012 

The terms of reference for the RFP is enlightening below. I also note this
from the RFP:

"Technical proposals must be delivered at the address given below before
1500 hrs (PST), on 2nd March, 2012 ...... Upon submission, Technical
Proposals shall be opened at 1530 hrs, on 2nd March, 2012 *in presence of
all applicants who choose to be present.*"

Seeing the advertising process is so 'transparent', I think its worth
ensuring that the names of the companies that apply for the RFP is equally
'transparent'.

Brett

*
TERMS OF REFERENCE*

Internet access in Pakistan is mostly unrestricted and unfiltered. The
Internet traffic is coming from two IP backbone providers, i.e., PTCL and
TWA. The Internet Service Providers (ISPs) and backbone providers have
currently deployed manual URL filtering and blocking mechanism in order to
block the specific URLs containing undesirable content as notified by PTA
from time to time.

Many countries have deployed web filtering and blocking systems at the
Internet backbones within their countries.* However, Pakistani ISPs and
backbone providers have expressed their inability to block millions of
undesirable web sites using current manual blocking systems. A national URL
filtering and blocking system is therefore required to be deployed at
national IP backbone of the country.
*
ICT R&D Fund has decided to fund the* indigenous development,* deployment,
operations and maintenance of such a system by companies, vendors, academia
and/or research organizations with proven track record.

This system would be indigenously developed within Pakistan and* deployed
at IP backbones in major cities, i.e., Karachi, Lahore and Islamabad.* Any
other city/POP could be added in future. The system is proposed to be
centrally managed by a small and efficient team stationed at POPs of
backbone providers.

The system would have a central database of undesirable URLs that would be
loaded on the distributed hardware boxes at each POP and updated on daily
basis. The database would be regularly updated through subscription to an
international reputed company maintaining and updating such databases.

System requirements would be as follows:

1. Should be capable of URL filtering and blocking, from domain level to
sub folder, file levels and file types.
2. Should be able to block a single IP address or a range of IP address.
3. Hardware should be stand-alone that can be integrated into any
Ethernet/IP network.
4. Hardware should be carrier grade, 1+1 redundant configuration, 100%
uptime, redundant power supplies (-48 V DC) with minimum power consumption
and other carrier grade specifications.
5. The system should be capable of network monitoring via SNMP. The system
should also report critical system statistics, like CPU/Memory utilization,
network throughput, etc.
6. The solution should support offline configuration with zero packet delay
to the original traffic.
7. The system should operate on OSI layer 2 or 3.
8. The bandwidth handling capacity should be scalable. The current
bandwidth of Pakistan is about 85Gbps in total as of December 2011, growing
at 40-50% per year. The solution should be scalable and modular to cater
for bandwidth expansion of future. Bandwidth expansion should be handled by
adding/stacking hardware boxes in modular form. The solution should be
deployed in distributed model with filtering boxes placed at the
distribution points of backbone providers in major cities. Each hardware
box should be capable of handling 10Gbps (or more) of traffic at line rate.
The installation at PTCL IP Gateways at Karachi (Pak Capital and Marston
Road Exchange requires to TAP 20 (twenty) 10G interfaces. The system should
be able to handle 100Gbps traffic at each node.
PTCL has decided to install 100Gbps interfaces at above location in near
future, therefore the system should be able to support 100Gbps interfaces.
Minimum change should be required to migrate from 10Gbps interfaces to
100Gbps interfaces.
Similar design approach should be adopted after reviewing the core network
of TWA.
9. The system should be modular and scalable to any number of interfaces at
the backbone router/switches.
10. The system should have the ability to intercept the flow in both
directions (in-bound or out-bound traffic).
11. The system should be rapidly programmable to support new protocols and
applications.
12. The system should be preferably plug and play and require minimum
configuration for setup.
13. The total delay introduced by each hardware box should not be more than
1 milliseconds at line rate of 10Gbps. In case of offline configuration
there should be Fail Safe operation.
Page 5 of 5
14. Each box should be able to handle a block list of up to 50 million URLs
(concurrent unidirectional filtering capacity) with processing delay of not
more than 1 milliseconds.
15. The system should support multiple languages to capture URL in any
language.
16. The system must support IWF or any other equivalent 3rd party external
URL Database.
17. Master Database update time should be user configurable.
18. The Master Database should be locally installed with support to update
the Database from network.
19. The system should allow Proprietary DB definition or integration.
20. The Database should be flexible and could be locally modified to meet
customer needs.
21. The Database should be flexible to add/remove filters or categories.
22. The backend control of the system to view access to block list URL
database should be only with the solution holder (backbone operator). The
solution supplier should not have access to view the categories defined by
the customer.
23. The solution supplier should be able to provide remote and onsite
support on 24 x7 basis in major cities of Pakistan.
24. The solution supplier should propose and quote for providing operations
and maintenance (O&M) support of the system with service level agreement
(SLA) for five years after system installation and commissioning.
25. System supplier should quote cost of yearly maintenance and
up-gradation of the system.
26. No one should be able to view or access the customer defined categories
in Database.
27. Separate hardware fast-path for delay-sensitive traffic, ensuring very
low latency (~10micS) should be provided. The system should have load
balancing and failover capabilities. In case of failure or degraded
performance of the system, it should be capable of automatic bypass through
a fail-safe port.
28. Updating of URL Database should be done through CLI commands. Support
for bulk load through file/network should also be provided.
29. The solution should also support Web based administration via HTTP or
HTTPS.
30. The solution should provide easy to use, user friendly web based
application to easily block/unblock URL categories.
31. The solution should provide a hierarchical authentication system with
configurable hierarchal access to the system management.
32. Blacklist database must be protected with some encryption technology
method/key to protect tampering.
33. The system should allow to view statistics related to packet TX and RX.
34. The system should allow reset to factory default mode. User should be
prompted if Database is to be reset too.
35. The system should allow to enable/disable all the features listed under
filtering/blocking.
END OF RFP




On Thu, Feb 23, 2012 at 9:32 AM, Shahzad Ahmad <shahzad at bytesforall.pk>wrote:

> Thanks Anriette for the kind message.
>
> We think that this advertisement is just to complete the bidding and
> documentary process as it is required now otherwise, competing parties end
> up in the court. The system would have already been in place by now... who
> knows?
>
> Right now, we are working on our public statement against the proposed
> system. Will post it here and send to you separately.
>
> Best wishes
> Shahzad
>
>
> -----Original Message-----
> From: governance-request at lists.igcaucus.org
> [mailto:governance-request at lists.igcaucus.org] On Behalf Of Anriette
> Esterhuysen
> Sent: Thursday, February 23, 2012 6:47 PM
> To: governance at lists.igcaucus.org
> Subject: Re: [governance] Pakistan: National URL Filtering & Blocking
> System.
>
> Thanks for this Shahzad. Very relevant for next week's panel. The
> transparency of putting out a public call for bids for filtering and
> blocking systems is quite remarkable :)
>
> It shows confidence, it sends a strong public message, and it will also
> encourage competition and innovation in the internet industry to come up
> with 'smarter' ways of filtering.  All very disturbing.
>
> Anriette
>
>
> On 23/02/12 06:14, Shahzad Ahmad wrote:
> > Folks,
> >
> >
> >
> > Forwarding for your kind information, the little news and the grand
> > plans of Government of Pakistan to build Great Firewall.
> >
> >
> >
> > We believe that it coincides well with the UN's Experts Panel on 29th
> > Februaryand the panelists may like to raise this?
> >
> >
> >
> > RFP is attached and here is the link:
> >
> >
> >
> > http://ictrdf.org.pk/RFP-%20URL%20Filtering%20&%20Blocking.pdf
> > <http://ictrdf.org.pk/RFP-%20URL%20Filtering%20&%20Blocking.pdf>
> >
> >
> >
> > *An excerpt from the RFP: *
> >
> > "/Each box should be able to handle a block list of up to *50 million
> > URLs* (concurrent unidirectional filtering capacity) with processing
> > delay of *not more than 1 milliseconds*."/
> >
> >
> >
> > Bytes for All, Pakistan have been expecting that there will be major
> > crackdown on the Internet towards elections. and this probably is the
> > start of things to come in the near future. We are going to issue a
> > public statement on this and will share the updates.
> >
> >
> >
> > Best wishes and regards
> >
> >
> >
> > Shahzad Ahmad
> >
> > www.bytesforall.pk <http://www.bytesforall.pk>
> >
> >
> >
>
> --
> ------------------------------------------------------
> anriette esterhuysen anriette at apc.org
> executive director, association for progressive communications www.apc.org
> po box 29755, melville 2109 south africa tel/fax +27 11 726 1692
>
>
>
>
> ____________________________________________________________
> You received this message as a subscriber on the list:
>     governance at lists.igcaucus.org
> To be removed from the list, visit:
>     http://www.igcaucus.org/unsubscribing
>
> For all other list information and functions, see:
>     http://lists.igcaucus.org/info/governance
> To edit your profile and to find the IGC's charter, see:
>     http://www.igcaucus.org/
>
> Translate this email: http://translate.google.com/translate_t
>
>


-- 
Brett Solomon
Executive Director | Access
accessnow.org | rightscon.org
+1 917 969 6077 | skype: brettsolomon | @accessnow

<http://www.europarl.europa.eu/parliament/public/staticDisplay.do?language=en&id=42>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.igcaucus.org/pipermail/governance/attachments/20120223/e9ae5f75/attachment.htm>
-------------- next part --------------
____________________________________________________________
You received this message as a subscriber on the list:
     governance at lists.igcaucus.org
To be removed from the list, visit:
     http://www.igcaucus.org/unsubscribing

For all other list information and functions, see:
     http://lists.igcaucus.org/info/governance
To edit your profile and to find the IGC's charter, see:
     http://www.igcaucus.org/

Translate this email: http://translate.google.com/translate_t

More information about the Governance mailing list