NNSquad - Network Neutrality Squad
[ NNSquad ] Re: Blocking Comcast's Sandvine with simple firewall rules?
Nick, I understand that you are primarily interested in the technical side of these issues, and not their broader policy ramifications -- you've said as much explicitly. The controversial technical aspects of your discussion below regarding QoS, etc. will be refuted by myself and others in due course. One point I'll make right now -- you are inaccurately trivializing the issues associated with detecting and dealing with ISP intrusions into user data streams, and obviously such techniques are not applicable to the detection of ISP wiretapping of user keyword or other data in transit to other parties. Nor should it be the job of Google, et al. to play policeman against ISP intrusions. That's reversing where the responsibility should be -- ISPs shouldn't be screwing around with user data in such manners in the first place. Having said that, I've long urged (publicly and privately) a move to SSL/TLS everywhere possible, and while I've received generally positive feedback to this concept, there are indeed technical challenges in such a move for many environments due to limitations in the basic TLS structure. But even if for the sake of the argument we now assume that Comcast is working hard to become the consumer angel of the ISP industry, pure as the driven snow, we still have no valid way to predict what their future actions might be -- and of course not everyone is a Comcast customer. What of all the other ISPs that by your definitions are not as "enlightened" as Comcast? What about all those other customers? What are their options to be treated in the wonderful Comcastian manner that you postulate, absent some sort of regulatory framework to help force the issue -- or at least to provide subscribers with the real story about what's going on with their own ISP's operations? --Lauren-- NNSquad Moderator > On Wed, Jul 2, 2008 at 9:00 AM, Lauren Weinstein <lauren@vortex.com> wrote: > > > >> The ISP is not your enemy. It is not your friend, either, but this > >> assumption that just about any active traffic management is somehow > >> bad, and that application-aware traffic management is always bad, > >> seems a significant limitation. > > > > Nick, > > > > There is a fundamental, potentially very serious anti-competitive > > conflict between these large ISPs' roles as content providers, vs. > > their role as gateways to the external Internet (where services that > > directly compete with the ISPs' content provision aspects may be > > accessed). > > At the same time, I feel these statements unfairly malign some ISPs > plans, especially Comcast (which has become the most transparent > regarding future plans, even if their previous behavior was pretty > bad). > > If Comcast was truly interested in acting in the way you describe, > they wouldn't spend a huge amount of effort rolling out DOCSIS 3 > (which improves downstream bandwidth first, incidentally, so the > bandwidth which would be used by the competition, as DOCSIS 3 can > improve downstream bandwidth without replacing the end user's > cable-modems) and would not be investing in fairness. > > > There is an easy way for the ISP to do what you think they want to do: > low caps and usage based pricing. Politically easy, technically quick > or possibly annoying (depending on your DHCP server), and guarentees > that your video-on-demand service has a huge economic advantage over > your competitor's. > > While fairness is the exact opposite: it ensures that third party > services can use bandwidth up to the limits of the network and, when > at the limit, low bandwidth users are NOT aversely affected by their > high-bandwidth neighbors. > > As such, fairness should be embraced by the network-neutrality community. > > > And Comcast's fairness transition is actually very simple. There are > two Quality of Service levels: QoS high and QoS low. Initially, all > users are in QoS high and, if there is no congestion, there is no > problem. > > Under congestion or impending congestion, the heaviest users on a > shared channel [1], as measured over a long baseline period (minutes > to hours) are moved into the QoS low category. [2] > > This has several important properties that you must remember: > > 1) Users in QoS high don't experience congestion. It has been shown > in practice and in models that heavy users can disrupt light users. > This prevents heavy users from disrupting light users. > > 2) Users in QoS low STILL RECEIVE SERVICE EVEN UNDER PERIODS OF > CONGESTION, as the fraction of traffic in QoS high is never enough to > saturate the link. > > 3) Unless there is ACTUAL (not impending) congestion, even the > heaviest users experience no congestion and NO RATE LIMITING of their > traffic. > > This, plus the DOCSIS 3 rollout (I don't remember the exact figures, > but you can email the technical staff and ask for yourself on rollout > rates), and keeping any caps very high, is significant demonstration > that they aren't acting in the way you expect them to act. > > Rather, they are attempting to maintain a profitable business model > for NEUTRAL ISP traffic with flat rate billing, something I've heard > arguments that can't be done, because you can't provision enough to > satisfy the heaviest users, and unless you allocate somehow, the light > users will experience congestion as a result. > > > > Unless concerns over this conflict can somehow be resolved, it is > > completely understandable that many observers would view the > > bandwidth allocation, tiering, cap, and other related decisions being > > made by ISPs with a considerable amount of suspicion. > > The opposition by some in this group to network-imposed fairness among > users, however, shows that your paranoia is getting the better of you. > > Usage-based fairness is what people expect, but what the network does > not currently provide. Yet providing a fairly-allocated network is > the best hope we have for maintaining the current pricing model and > maintaining a truly neutral network. > > > > It doesn't help the situation that we've seen active lying by Comcast, > > intrusion by ISPs into customer data streams to manipulate and alter > > content, and experiments with wiretapping of actual user data without > > affirmative opt-in permission. > > And we have already created technical tools to detect and deter such > behavior. Phorm and NebuAd's wiretap tags are trivially detectable by > the content provider, through Tripwires (to detect page modifications > that NebuAd uses to set the cookie, since they are not an inline > device) and SSL redirects (to directly detect the injected cookies). > > If Google, Yahoo, Microsoft, Amazon, etc doesn't want to bother > telling you that you are being tracked by Phorm and NebuAd (because > they redirect to SSL on their login pages, which would spit out the > tracking cookies), its not for lack of having the technical means. > > The agregious behavior gets smacked down, and should be smacked down. > But in the process of attacking agregious behavior, it is important to > understand that not all traffic management is somehow evil, or > designed to further an ISP's video-on-demand service. > > Rather, traffic management can, and should, be used to provide a net > benefit to the majority or all users of the network, while maintaining > low prices and quality service. > > > Likewise, talk to the TECHNICAL staff, not the PR department. Half > the time the PR departments lie just because they are clueless, not > through malice. > > > There is every indication that many ISPs -- no longer willing to act > > "merely" as communication conduits -- are pushing the envelope as > > far as they can until suffering unacceptable amounts of blowback. > > At the same time, you MUST make sure that you don't force the ISPs > into a corner where caps/usage based pricing are the politically > acceptable option. > > Traffic management is essential under congestion, and congestion will > occur as there is no economically viable model for the bandwidth fairy > to exist: If you want guarenteed service, pay your $500/month for that > 1.5 Mbps T1 with a Service Level Agreement and be happy. Just don't > expect 10x that service for 1/10th that price. > > > Yet usage-based pricing is a very easy sell for the ISP: "You pay for > what you use". > > And if the net result of the Sandvine fiasco is that the ISPs switch > to usage based pricing, this will have done more harm to the network > than BitTorrent seed-killing ever did. > > And an equal opposition to fairness and caps is just ensuring that > caps become the most acceptable option for the ISP, as caps are easy > to sell to the public, AND accomplish the alternate agenda you > postulate ISPs have far more than fairness does. > > > The ISP industry is reaping the distrust that they themselves have > > been sowing. The ball is really in their court if they wish to > > achieve high levels of trust among their subscribers. In the > > meantime, our goal here is to help understand exactly what they are > > actually doing. > > Have you actually looked at Comcast's fairness proposal and its implications? > > Comcast is actually doing what you ask: > > 1) They are being very transparent about their fairness mechanism, > including presentations at the IETF P2PI meeting. > > 2) This fairness mechanism specifically avoids the need for low > caps/usage-based pricing, so it preserves the ability of third party > video-on-demand and other high-bandwidth services to operate up to the > physical capacity of the network, yet without having such uses > interfere with the low-bandwidth users of the network. > > 3) They are committed to significantly increasing the physical > capacity of the network (DOCSIS 3 is really amazing from an EE > standpoint). > > 4) you can ask technical questions of their technical group (they > have posted on this list) > > 5) When they don't disclose specific parameters (eg, where exactly > caps kick in, only that it is north of 250 GB/month), there are strong > reasons for it because otherwise such information tends to get gamed > or abused (you would get a lot of people trying to transfer 249 > GB/month just so they aren't "wasting money" on their service.) > > What more should an ISP do?!? > > > > > [1] "Port" in the Layer 2 DOCSIS parlance (used on Comcast's slides at > the IETF P2PI meeting), so there is some confusion: think of it as a > channel for us non-layer2 people. > > [2] Users which pay for more bandwidth, of course, are weighted in > this process: they are paying for better service.