Comcast blocking p2p uploads
http://www.nytimes.com/aponline/technology/AP-Comcast-Data-Discrimination.ht... http://www.nytimes.com/aponline/technology/AP-Comcast-Data-Discrimination-Te... Not a lot more I can say, other than argghhh! --Steve Bellovin, http://www.cs.columbia.edu/~smb
This is old news man, that's been happening for at least 3 months now. Clinton Popovich Systems Administrator Nauticom Internet Services - An NPSI Company 2591 Wexford-Bayne Road, Suite 400 Sewickley, PA 15143 Tel: 724-933-9540 Fax: 724-933-9888 Email: crpopovi@nauticom.net Web: http://www.nauticom.net -----Original Message----- From: owner-nanog@merit.edu [mailto:owner-nanog@merit.edu] On Behalf Of Steven M. Bellovin Sent: Friday, October 19, 2007 2:51 PM To: nanog@nanog.org Subject: Comcast blocking p2p uploads http://www.nytimes.com/aponline/technology/AP-Comcast-Data-Discrimination.ht ml http://www.nytimes.com/aponline/technology/AP-Comcast-Data-Discrimination-Te sts.html Not a lot more I can say, other than argghhh! --Steve Bellovin, http://www.cs.columbia.edu/~smb
I agree, they have been doing this in select locations for some time. I live in Atlanta and have seen this happening for about the 3 months, but I have friends in the suburbs that have (or had) no issues. I imagine they have been deploying their traffic shaping in more and more headends. Here is some actual operational details: It is reported that Comcast is using an application from Sandvine to throttle BitTorrent traffic. Sandvine breaks every (seed) connection with new peers after a few seconds if it's not a Comcast user. This makes it virtually impossible to seed a file, especially in small swarms without any Comcast users. Some users report that they can still connect to a few peers, but most of the Comcast customers see a significant drop in their upload speed. The throttling works like this: A few seconds after you connect to someone in the swarm the Sandvine application sends a peer reset message (RST flag) and the upload immediately stops. Most vulnerable are users in a relatively small swarm where you only have a couple of peers you can upload the file to. Only seeding seems to be prevented, most users are able to upload to others while the download is still going, but once the download is finished, the upload speed drops to 0. Some users also report a significant drop in their download speeds, but this seems to be less widespread. Worse on private trackers, likely that this is because of the smaller swarm size Although BitTorrent protocol encryption seems to work against most forms of traffic shaping, it doesn't help in this specific case. Comcast is making no effort to determine if the traffic they are blocking is legal or not. No one blocks all web traffic because some sites have illegal content or questionable/undesired material. Personally I think this is inappropriate behavior for an ISP and I hope it causes a mass exodus of Comcast customers. -Scott -----Original Message----- From: owner-nanog@merit.edu [mailto:owner-nanog@merit.edu] On Behalf Of Clinton Popovich Sent: Friday, October 19, 2007 3:02 PM To: 'Steven M. Bellovin'; nanog@nanog.org Subject: RE: Comcast blocking p2p uploads This is old news man, that's been happening for at least 3 months now. Clinton Popovich Systems Administrator Nauticom Internet Services - An NPSI Company 2591 Wexford-Bayne Road, Suite 400 Sewickley, PA 15143 Tel: 724-933-9540 Fax: 724-933-9888 Email: crpopovi@nauticom.net Web: http://www.nauticom.net -----Original Message----- From: owner-nanog@merit.edu [mailto:owner-nanog@merit.edu] On Behalf Of Steven M. Bellovin Sent: Friday, October 19, 2007 2:51 PM To: nanog@nanog.org Subject: Comcast blocking p2p uploads http://www.nytimes.com/aponline/technology/AP-Comcast-Data-Discrimination. ht ml http://www.nytimes.com/aponline/technology/AP-Comcast-Data-Discrimination- Te sts.html Not a lot more I can say, other than argghhh! --Steve Bellovin, http://www.cs.columbia.edu/~smb
I love how the framed it as "data discrimination". Let's just be honest... 99% of it was illegal traffic taking up far more than their fair share of bandwidth. On 10/19/07, Steven M. Bellovin <smb@cs.columbia.edu> wrote:
http://www.nytimes.com/aponline/technology/AP-Comcast-Data-Discrimination.ht... http://www.nytimes.com/aponline/technology/AP-Comcast-Data-Discrimination-Te...
Not a lot more I can say, other than argghhh!
--Steve Bellovin, http://www.cs.columbia.edu/~smb
On Fri, Oct 19, 2007 at 02:10:45PM -0500, John C. A. Bambenek wrote:
I love how the framed it as "data discrimination". Let's just be honest... 99% of it was illegal traffic taking up far more than their fair share of bandwidth.
Content is irrelevent. BT is a protocol-person's dream and an ISP nightmare. The bulk of the slim profit margin exists in taking advantage of stat-mux oversubscription. BT blows that out of the water. Cheers, Joe -- RSUC / GweepNet / Spunk / FnB / Usenix / SAGE
In a message written on Fri, Oct 19, 2007 at 03:21:09PM -0400, Joe Provo wrote:
Content is irrelevent. BT is a protocol-person's dream and an ISP nightmare. The bulk of the slim profit margin exists in taking advantage of stat-mux oversubscription. BT blows that out of the water.
I'm a bit confused by your statement. Are you saying it's more cost effective for ISP's to carry downloads thousands of miles across the US before giving them to the end user than it is to allow a local end user to "upload" them to other local end users? Is this only a biproduct of the centralized downloads being throttled by thousands of miles of network, and/or a single centralized server? -- Leo Bicknell - bicknell@ufp.org - CCIE 3440 PGP keys at http://www.ufp.org/~bicknell/ Read TMBG List - tmbg-list-request@tmbg.org, www.tmbg.org
In a message written on Fri, Oct 19, 2007 at 03:21:09PM -0400, Joe Provo wr= ote:
Content is irrelevent. BT is a protocol-person's dream and an ISP nightmare. The bulk of the slim profit margin exists in taking=20 advantage of stat-mux oversubscription. BT blows that out of the=20 water.
I'm a bit confused by your statement. Are you saying it's more cost effective for ISP's to carry downloads thousands of miles across the US before giving them to the end user than it is to allow a local end user to "upload" them to other local end users?
It's quite possible that I've completely missed it, but I hadn't seen many examples of P2P protocols where any effort was made to locate "local" users and prefer them. In some cases, this may happen due to the type of content, but I'd guess it to be rare. Am I missing some new development? If it isn't being transferred locally, then the ISP is being stuck with the pain of carrying a download thousands of miles, probably from a peering (or worse, transit) with another ISP that has also had to carry it some distance. ... JG -- Joe Greco - sol.net Network Services - Milwaukee, WI - http://www.sol.net "We call it the 'one bite at the apple' rule. Give me one chance [and] then I won't contact you again." - Direct Marketing Ass'n position on e-mail spam(CNN) With 24 million small businesses in the US alone, that's way too many apples.
In a message written on Sat, Oct 20, 2007 at 07:12:35PM -0500, Joe Greco wrote:
In a message written on Fri, Oct 19, 2007 at 03:21:09PM -0400, Joe Provo wr= ote:
Content is irrelevent. BT is a protocol-person's dream and an ISP nightmare. The bulk of the slim profit margin exists in taking=20 advantage of stat-mux oversubscription. BT blows that out of the=20 water.
I'm a bit confused by your statement. Are you saying it's more cost effective for ISP's to carry downloads thousands of miles across the US before giving them to the end user than it is to allow a local end user to "upload" them to other local end users?
It's quite possible that I've completely missed it, but I hadn't seen many examples of P2P protocols where any effort was made to locate "local" users and prefer them. In some cases, this may happen due to the type of content, but I'd guess it to be rare. Am I missing some new development?
Most P2P clients favor the "faster" sources. Faster is some sort of combination of lower latency and/or higher bandwidth. This tends to favor local clients, however can be quickly skewed by other factors.
If it isn't being transferred locally, then the ISP is being stuck with the pain of carrying a download thousands of miles, probably from a peering (or worse, transit) with another ISP that has also had to carry it some distance.
But back the the original premise. If say, Linux is being distributed both from a central web site, and via P2P: 1) Central web site. All but the one ISP with the web site will have the traffic going over peering or worse transit, and will often be carrying them thousands of miles from the central point. 2) P2P. Has a good chance at least some seeders will be on the same network, avoiding peering and transits for some fraction of the traffic. Has a good chance the seeders are closer to the user than the web site, perhaps even on the same cable segment. I think the more interesting thing here is overall rate limit. Let's compare a central web site with a 1Gbps connection for 10,000 downloaders, or a P2P model where there are 10,000 downloaders, 5,000 of which are willing to serve content (obviously starting with 1-5 seeders, and slowly growing as people download it. Even if provers only offer 1Mbp/sec of upload, those 5,000 content providers can put an aggregate 5Gbps into the network, where as the central server can only put a aggregate 1Gbps into the network. So, while the bit*mile cost may be lower in the P2P case, the peek bit rate is higher (which users like, faster downloads); and since ISP's are forced to size their network for peak rate to insure user satisfaction the "cost" of P2P is higher, even though the bit mile cost is lower. I think. At least, that's my guess from Joe's statement, I'd like him to elaborate. -- Leo Bicknell - bicknell@ufp.org - CCIE 3440 PGP keys at http://www.ufp.org/~bicknell/ Read TMBG List - tmbg-list-request@tmbg.org, www.tmbg.org
On 21 Oct 2007, at 01:27, Leo Bicknell wrote:
But back the the original premise. If say, Linux is being distributed both from a central web site, and via P2P: 1) Central web site. All but the one ISP with the web site will have the traffic going over peering or worse transit, and will often be carrying them thousands of miles from the central point. 2) P2P. Has a good chance at least some seeders will be on the same network, avoiding peering and transits for some fraction of the traffic. Has a good chance the seeders are closer to the user than the web site, perhaps even on the same cable segment.
In the UK at least, option 1) is financially more favourable for ISPs, since the data flow is vendor -> transit -> last mile -> end user, rather than end user -> last mile -> last mile -> end user. The last mile is where all the costs are. Andy
On 10/22/07, Andy Davidson <andy@nosignal.org> wrote:
In the UK at least, option 1) is financially more favourable for ISPs, since the data flow is vendor -> transit -> last mile -> end user, rather than end user -> last mile -> last mile -> end user.
The last mile is where all the costs are.
Andy
Of course, bitstream and l2tp backhaul lend more complexity to the whole thing; the efficiency maximising behaviour for clients is exactly the opposite, as p2p traffic between local peers gets both a) tromboned up to the ISP's pop and back down again, and b) charged for per bit by BT/whoever. In fact, you want p2p content to come in from the 'net because it only transits BT's wires once... I can't think of an obvious way for a p2p client to detect this.
In fact, you want p2p content to come in from the 'net because it only transits BT's wires once...
I can't think of an obvious way for a p2p client to detect this.
What, you want to guarantee it's not coming from the local net? Easy, prefer IP addresses that aren't allocated to the same RIR that your own IP is. Network engineers at global carriers can now go ripping their hair out in frustration at the idea of all P2P traffic moving to a non-localized model ;-) ... JG -- Joe Greco - sol.net Network Services - Milwaukee, WI - http://www.sol.net "We call it the 'one bite at the apple' rule. Give me one chance [and] then I won't contact you again." - Direct Marketing Ass'n position on e-mail spam(CNN) With 24 million small businesses in the US alone, that's way too many apples.
Good idea, but there's a trust issue. If I were Comcast I might configure the box to lie about our backhaul network in order to spork the p2pers. On 10/22/07, michael.dillon@bt.com <michael.dillon@bt.com> wrote:
I can't think of an obvious way for a p2p client to detect this.
Work through middleboxes installed in the ISP's network and configured by the ISP.
--Michael Dillon
On Tue, Oct 23, 2007, Alexander Harrowell wrote:
Good idea, but there's a trust issue. If I were Comcast I might configure the box to lie about our backhaul network in order to spork the p2pers.
.. as compared to whats going on now? Hm, Azureus seems to have deprecated their JPC support due to "lack of ISP support." Did anyone try the commercial JPC stuff out? What did you think? Does anyone still have a copy lying about? Adrian
On Oct 22, 2007, at 4:09 PM, <michael.dillon@bt.com> <michael.dillon@bt.com> wrote:
I can't think of an obvious way for a p2p client to detect this.
Work through middleboxes installed in the ISP's network and configured by the ISP.
More comcast blocking http://kkanarski.blogspot.com/2007/09/comcast- filtering-lotus-notes-update.html
I remember from the early days that ISPs meant the web to be just another kind of tv with you as a consumer and them as the provider. They were happy to NAT and to change your IPv4 address so you could not run servers for ftp or http. Some of them even hand out rfc 1918 addresses ... They were worried about VoIP and tried to stop it. They are worried about everything new. They think all users are children and try to block everything that is not meant for the kindergarden. UUCP is still there. With telefone flatrates I guess some people have already built there own little internets. A 14.4 modem can be as fast as 57.2 with big brother listening at both ends. You need only half the hardware because you never heard of CALEA and it is a problem of the phone company in the first place. I remember companies I worked for, who first moved from netware to tcp/ip and then even started interconnecting. Only when universities started connecting to us did we see the internet and had to renumber of course. I remember how our /etc/hosts was suddenly growing - no, we did not know DNS but some of us used IEN116 clients and servers. Ok - not all of them - only those who see all the money and dont know how to provide. The other side of the coin - a lot of people connected to us. We never asked their names. They connected on weekends or late at night. They rarely did big downloads, mostly uucp emails. And software was free. Enough ranting. Cheers Peter and Karin -- Peter and Karin Dambier Cesidian Root - Radice Cesidiana Rimbacher Strasse 16 D-69509 Moerlenbach-Bonsweiher +49(6209)795-816 (Telekom) +49(6252)750-308 (VoIP: sipgate.de) mail: peter@peter-dambier.de mail: peter@echnaton.arl.pirates http://iason.site.voila.fr/ https://sourceforge.net/projects/iason/ http://www.cesidianroot.com/
Actually Pando does try to localize traffic as much as possible. Not only that we have started the P4P Working Group. Keith Pando Networks See link below Joe Greco wrote:
In a message written on Fri, Oct 19, 2007 at 03:21:09PM -0400, Joe Provo wr= ote:
Content is irrelevent. BT is a protocol-person's dream and an ISP nightmare. The bulk of the slim profit margin exists in taking=20 advantage of stat-mux oversubscription. BT blows that out of the=20 water.
I'm a bit confused by your statement. Are you saying it's more cost effective for ISP's to carry downloads thousands of miles across the US before giving them to the end user than it is to allow a local end user to "upload" them to other local end users?
It's quite possible that I've completely missed it, but I hadn't seen many examples of P2P protocols where any effort was made to locate "local" users and prefer them. In some cases, this may happen due to the type of content, but I'd guess it to be rare. Am I missing some new development?
If it isn't being transferred locally, then the ISP is being stuck with the pain of carrying a download thousands of miles, probably from a peering (or worse, transit) with another ISP that has also had to carry it some distance.
... JG
Forgot the links =P http://www.wired.com/software/webservices/news/2007/08/p2p http://www.dcia.info/documents/P4P_Overview.pdf Keith O'Neill wrote:
Actually Pando does try to localize traffic as much as possible. Not only that we have started the P4P Working Group.
Keith
Pando Networks
See link below
Joe Greco wrote:
In a message written on Fri, Oct 19, 2007 at 03:21:09PM -0400, Joe Provo wr= ote:
Content is irrelevent. BT is a protocol-person's dream and an ISP nightmare. The bulk of the slim profit margin exists in taking=20 advantage of stat-mux oversubscription. BT blows that out of the=20 water.
I'm a bit confused by your statement. Are you saying it's more cost effective for ISP's to carry downloads thousands of miles across the US before giving them to the end user than it is to allow a local end user to "upload" them to other local end users?
It's quite possible that I've completely missed it, but I hadn't seen many examples of P2P protocols where any effort was made to locate "local" users and prefer them. In some cases, this may happen due to the type of content, but I'd guess it to be rare. Am I missing some new development?
If it isn't being transferred locally, then the ISP is being stuck with the pain of carrying a download thousands of miles, probably from a peering (or worse, transit) with another ISP that has also had to carry it some distance.
... JG
Leo Bicknell wrote:
I'm a bit confused by your statement. Are you saying it's more cost effective for ISP's to carry downloads thousands of miles across the US before giving them to the end user than it is to allow a local end user to "upload" them to other local end users?
Not to speak on Joe's behalf, but whether the content comes from elsewhere on the Internet or within the ISP's own network the issue is the same: limitations on the transmission medium between the cable modem and the CMTS/head-end. The issue that cable companies are having with P2P is that compared to doing a HTTP or FTP fetch of the same content you will use more network resources, particularly in the upstream direction where contention is a much bigger issue. On DOCSIS 1.x systems like Comcast's plant, there's a limitation of ~10mbps of capacity per upstream channel. You get enough 384 - 768k connected users all running P2P apps and you're going to start having problems in a big hurry. It's to remove some of the strain on the upstream channels that Comcast has started to deploy Sandvine to start closing *outbound* connections from P2P apps. -Eric
Leo Bicknell wrote:
I'm a bit confused by your statement. Are you saying it's more cost effective for ISP's to carry downloads thousands of miles across the US before giving them to the end user than it is to allow a local end user to "upload" them to other local end users?
Not to speak on Joe's behalf, but whether the content comes from elsewhere on the Internet or within the ISP's own network the issue is the same: limitations on the transmission medium between the cable modem and the CMTS/head-end. The issue that cable companies are having with P2P is that compared to doing a HTTP or FTP fetch of the same content you will use more network resources, particularly in the upstream direction where contention is a much bigger issue. On DOCSIS 1.x systems like Comcast's plant, there's a limitation of ~10mbps of capacity per upstream channel. You get enough 384 - 768k connected users all running P2P apps and you're going to start having problems in a big hurry. It's to remove some of the strain on the upstream channels that Comcast has started to deploy Sandvine to start closing *outbound* connections from P2P apps.
That's part of it, certainly. The other problem is that I really doubt that there's as much favoritism towards "local" clients as Leo seems to believe. Without that, you're also looking at a transport issue as you shove packets around. Probably in ways that the network designers did not anticipate. Years ago, dealing with web caching services, there was found to be a benefit, a limited benefit, to setting up caching proxies within a major regional ISP's network. The theoretical benefit was to reduce the need for internal backbone and external transit connectivity, while improving user experience. The interesting thing is that it wasn't really practical to cache on a per-POP basis, so it was necessary to pick cache locations at strategic locations within the network. This meant you wouldn't expect to see a bandwidth savings on the internal backbone from the POP to the aggregation point. The next interesting point is that you could actually improve the cache hit rate by combining the caches at each aggregation point; the larger userbase meant that any given bit of content out on the Internet was more likely to be in cache. However, this had the ability to stress the network in unexpected ways, as significant cache-site to cache-site data flows were happening in ways that network engineering hadn't always anticipated. A third interesting thing was noted. The Internet grows very fast. While there's always someone visiting www.cnn.com, as the number of other sites grew, there was a slow reduction in the overall cache hit rate over the years as users tended towards more diverse web sites. This is the result of the ever-growing quantity of information out there on the Internet. This doesn't map exactly to the current model with P2P, yet I suspect it has a number of loose parallels. Now, I have to believe that it's possible that a few BitTorrent users in the same city will download the same Linux ISO. For that ISO, and for any other spectacularly popular download, yes, I would imagine that there is some minor savings in bandwidth. However, with 10M down and 384K up, even if you have 10 other users in the city who are all sending at full 384K to someone new, that's not full line speed, so the client will still try to pull additional capacity from elsewhere to get that full 10M speed. I've always seen P2P protocols as behaving in an opportunistic manner. They're looking for who has some free upload capacity and the desired object. I'm positive that a P2P application can tell that a user in New York is closer to me (in Milwaukee) than a user in China, but I'd quite frankly be shocked if it could do a reasonable job of differentiating between a user in Chicago, Waukesha (few miles away), or Milwaukee. In the end, it may actually be easier for an ISP to deal with the deterministic behaviour of having data from "me" go to the local upstream transit pipe than it is for my data to be sourced from a bunch of other random "nearby" on-net sources. I certainly think that P2P could be a PITA for network engineering. I simultaneously think that P2P is a fantastic technology from a showing- off-the-idea-behind-the-Internet viewpoint, and that in the end, the Internet will need to be able to handle more applications like this, as we see things like videophones etc. pop up. ... JG -- Joe Greco - sol.net Network Services - Milwaukee, WI - http://www.sol.net "We call it the 'one bite at the apple' rule. Give me one chance [and] then I won't contact you again." - Direct Marketing Ass'n position on e-mail spam(CNN) With 24 million small businesses in the US alone, that's way too many apples.
On Sun, Oct 21, 2007, Joe Greco wrote:
A third interesting thing was noted. The Internet grows very fast. While there's always someone visiting www.cnn.com, as the number of other sites grew, there was a slow reduction in the overall cache hit rate over the years as users tended towards more diverse web sites. This is the result of the ever-growing quantity of information out there on the Internet.
Then the content became very large and very static; and site owners try very hard to maximise their data flows rather than making it easier for people to cache it locally. Might work in America and Europe. Developing nations hate it.
I certainly think that P2P could be a PITA for network engineering. I simultaneously think that P2P is a fantastic technology from a showing- off-the-idea-behind-the-Internet viewpoint, and that in the end, the Internet will need to be able to handle more applications like this, as we see things like videophones etc. pop up.
P2P doesn't have to be a pain in the ass for network engineers. It just means you have to re-think how you deliver data to your customers. QoS was a similar headache and people adapted.. (QoS on cable networks? Not possible! anyone remember that?) Adrian
Who are we to say what is illegal traffic... I mean they could be downloading anything from p2p not just mp3's.. don't get me wrong I HATE WoW but it uses bittorrent to decentralize its updates. Clinton Popovich Systems Administrator Nauticom Internet Services - An NPSI Company 2591 Wexford-Bayne Road, Suite 400 Sewickley, PA 15143 Tel: 724-933-9540 Fax: 724-933-9888 Email: crpopovi@nauticom.net Web: http://www.nauticom.net -----Original Message----- From: owner-nanog@merit.edu [mailto:owner-nanog@merit.edu] On Behalf Of John C. A. Bambenek Sent: Friday, October 19, 2007 3:11 PM To: Steven M. Bellovin Cc: nanog@nanog.org Subject: Re: Comcast blocking p2p uploads I love how the framed it as "data discrimination". Let's just be honest... 99% of it was illegal traffic taking up far more than their fair share of bandwidth. On 10/19/07, Steven M. Bellovin <smb@cs.columbia.edu> wrote:
http://www.nytimes.com/aponline/technology/AP-Comcast-Data-Discrimination.ht ml
http://www.nytimes.com/aponline/technology/AP-Comcast-Data-Discrimination-Te sts.html
Not a lot more I can say, other than argghhh!
--Steve Bellovin, http://www.cs.columbia.edu/~smb
Well, as far as I'm concerned WoW can burn and get blocked with the rest of the bad traffic because they are externalizing their maintenance costs on others. They should pay for the bandwidth to update their own software. On 10/19/07, Clinton Popovich <crpopovi@nauticom.net> wrote:
Who are we to say what is illegal traffic... I mean they could be downloading anything from p2p not just mp3's.. don't get me wrong I HATE WoW but it uses bittorrent to decentralize its updates.
Clinton Popovich Systems Administrator Nauticom Internet Services - An NPSI Company 2591 Wexford-Bayne Road, Suite 400 Sewickley, PA 15143 Tel: 724-933-9540 Fax: 724-933-9888 Email: crpopovi@nauticom.net Web: http://www.nauticom.net
-----Original Message----- From: owner-nanog@merit.edu [mailto:owner-nanog@merit.edu] On Behalf Of John C. A. Bambenek Sent: Friday, October 19, 2007 3:11 PM To: Steven M. Bellovin Cc: nanog@nanog.org Subject: Re: Comcast blocking p2p uploads
I love how the framed it as "data discrimination". Let's just be honest... 99% of it was illegal traffic taking up far more than their fair share of bandwidth.
On 10/19/07, Steven M. Bellovin <smb@cs.columbia.edu> wrote:
http://www.nytimes.com/aponline/technology/AP-Comcast-Data-Discrimination.ht ml
http://www.nytimes.com/aponline/technology/AP-Comcast-Data-Discrimination-Te sts.html
Not a lot more I can say, other than argghhh!
--Steve Bellovin, http://www.cs.columbia.edu/~smb
John C. A. Bambenek wrote:
Well, as far as I'm concerned WoW can burn and get blocked with the rest of the bad traffic because they are externalizing their maintenance costs on others. They should pay for the bandwidth to update their own software.
Actually, one could say they offload some of the maintenance cost to their subscribers in order to keep subscription prices down. Many subscribers to WoW don't seem to mind this at all and find updates much easier to handle than other MMOs. If the ISP is losing money for selling bandwidth they don't have or below the cost they pay, is it really the fault of the gaming company or the customer? The real issue always seems to end up with the ISP wanting to say they give X bandwidth, yet they really don't. Should all the high band video sites also be shut down? There really is no problem in filtering traffic or shaping it to manageable volumes. Just make sure the customer is aware of it. If the service doesn't meet their needs, they can go elsewhere. Jack Bates
On 10/19/07, Clinton Popovich <crpopovi@nauticom.net> wrote:
Who are we to say what is illegal traffic... I mean they could be downloading anything from p2p not just mp3's.. don't get me wrong I HATE WoW but it uses bittorrent to decentralize its updates.
At this point in Internet evolution, if you're squeezing out the pennies on bandwidth by filtering the user experience without the applicable knobs to choose, you are wasting all of our time. IIRC, TOR helps get around such "tools" as Sandvine, etc; http://tor.eff.org/overview.html.en Best, Marty
John C. A. Bambenek wrote:
I love how the framed it as "data discrimination". Let's just be honest... 99% of it was illegal traffic taking up far more than their fair share of bandwidth.
With the remaining 1% being Linux ISOs. I wonder what happens to these network police appliances (Sandvine, Packeteer etc) when the P2Ps implement encryption and tunnel it all over 443/tcp?
On 10/19/07, Mike Lewinski <mike@rockynet.com> wrote:
With the remaining 1% being Linux ISOs.
I wonder what happens to these network police appliances (Sandvine, Packeteer etc) when the P2Ps implement encryption and tunnel it all over 443/tcp?
They'll just monitor for streams that utilize large portions of bandwidth for extended amounts of time and throttle all. -- Mark Owen
For anyone who is not aware this Comcast issue does have a solutions and its called iptables. works great for those behind either the great firewall of china or the great firewall of Comcast. http://redhatcat.blogspot.com/2007/09/beating-sandvine-with-linux-iptables.h tml Clinton Popovich Systems Administrator Nauticom Internet Services - An NPSI Company 2591 Wexford-Bayne Road, Suite 400 Sewickley, PA 15143 Tel: 724-933-9540 Fax: 724-933-9888 Email: crpopovi@nauticom.net Web: <http://www.nauticom.net/> http://www.nauticom.net From: owner-nanog@merit.edu [mailto:owner-nanog@merit.edu] On Behalf Of Mark Owen Sent: Friday, October 19, 2007 4:01 PM To: Mike Lewinski Cc: nanog@nanog.org Subject: Re: Comcast blocking p2p uploads On 10/19/07, Mike Lewinski <mike@rockynet.com> wrote: With the remaining 1% being Linux ISOs. I wonder what happens to these network police appliances (Sandvine, Packeteer etc) when the P2Ps implement encryption and tunnel it all over 443/tcp? They'll just monitor for streams that utilize large portions of bandwidth for extended amounts of time and throttle all. -- Mark Owen
Clinton Popovich wrote:
For anyone who is not aware this Comcast issue does have a solutions and its called iptables… works great for those behind either the great firewall of china or the great firewall of Comcast…
http://redhatcat.blogspot.com/2007/09/beating-sandvine-with-linux-iptables.h...
The resets are sent in both directions, so that would only work if everybody who uses BT filters reset packets (not likely). That solution does have the added benefit that it will likely break other applications though. -Eric
This solution is only partially effective because Comcast's Sandvine deployment sends a farced RST packet to both sides of the connection. The solution linked below drops the RST packet on your firewall keeping the connection from being torn down as far as your client is concerned, but it is not very likely that the other end will have this as well. This is not to say it can't help. Using HTTPS on the tracker and data encryption also help. So does any kind of tunneling including tor or DNS/icmp tunneling, but these have some level of performance impact that may be undesirable. -Scott _____ From: owner-nanog@merit.edu [mailto:owner-nanog@merit.edu] On Behalf Of Clinton Popovich Sent: Friday, October 19, 2007 4:49 PM To: 'Mark Owen'; 'Mike Lewinski' Cc: nanog@nanog.org Subject: RE: Comcast blocking p2p uploads For anyone who is not aware this Comcast issue does have a solutions and its called iptables. works great for those behind either the great firewall of china or the great firewall of Comcast. http://redhatcat.blogspot.com/2007/09/beating-sandvine-with-linux-iptables .html Clinton Popovich Systems Administrator Nauticom Internet Services - An NPSI Company 2591 Wexford-Bayne Road, Suite 400 Sewickley, PA 15143 Tel: 724-933-9540 Fax: 724-933-9888 Email: crpopovi@nauticom.net Web: <http://www.nauticom.net/> http://www.nauticom.net
Mark Owen wrote:
On 10/19/07, *Mike Lewinski* <mike@rockynet.com <mailto:mike@rockynet.com>> wrote:
With the remaining 1% being Linux ISOs.
I wonder what happens to these network police appliances (Sandvine, Packeteer etc) when the P2Ps implement encryption and tunnel it all over 443/tcp?
They'll just monitor for streams that utilize large portions of bandwidth for extended amounts of time and throttle all.
Which seems completely fair and reasonable to me, and likely won't require very expensive layer 4-7 packet shapers either. Plus they can just state that flat limit in their contract and NANOG will issue a collective yawn. It just seems to me that the more Sandvine type applications are deployed, the sooner we will burn that bridge out from under us. Then again, I saw the first Packeteer in action nearly 3 years ago and predicted it would only take 6-9 months before encryption became widespread.
I recommend using ip-over-dns http://dnstunnel.de/ If they are really that smart I'd laugh at them killing DNS Cheers Peter and Karin Mark Owen wrote:
On 10/19/07, *Mike Lewinski* <mike@rockynet.com <mailto:mike@rockynet.com>> wrote:
With the remaining 1% being Linux ISOs.
I wonder what happens to these network police appliances (Sandvine, Packeteer etc) when the P2Ps implement encryption and tunnel it all over 443/tcp?
They'll just monitor for streams that utilize large portions of bandwidth for extended amounts of time and throttle all.
-- Mark Owen
-- Peter and Karin Dambier Cesidian Root - Radice Cesidiana Rimbacher Strasse 16 D-69509 Moerlenbach-Bonsweiher +49(6209)795-816 (Telekom) +49(6252)750-308 (VoIP: sipgate.de) mail: peter@peter-dambier.de mail: peter@echnaton.arl.pirates http://iason.site.voila.fr/ https://sourceforge.net/projects/iason/ http://www.cesidianroot.com/
Mike Lewinski wrote:
I wonder what happens to these network police appliances (Sandvine, Packeteer etc) when the P2Ps implement encryption and tunnel it all over 443/tcp?
Most vendors claim to be able to look into the payload and determine that it is p2p traffic instead of http/https traffic. I know I have looked at several of these vendors myself, and most of them did not have hardware that was even safe or reasonable to deploy, as certain traffic would send the unit's CPU towards 100% with only a measly 1 megabit of traffic. I personally eliminated on of these vendors from consideration this way. Sandvine seemed to have a pretty decent hardware solution when I was still in that space 2 years ago, with only a few concerns. I'm sure that they have vastly improved. They were also less "religious" about 99% of the internet traffic being p2p, like some vendors were. Still, while I support the ISP's right to manage and shapre traffic, I still think this is a poor tactic. This is like your telephone company hanging up your call, regardles if the content of the call was a drug deal, a call to grandma, or a call to e911. It's just not morally right. -Sean Sorry about the double post. (Please respond only through the list)
On Oct 19, 2007, at 3:10 PM, John C. A. Bambenek wrote:
I love how the framed it as "data discrimination". Let's just be honest... 99% of it was illegal traffic taking up far more than their fair share of bandwidth.
I didn't know that you doing something illegal with your application made it OK to block my use of it. Also, what _is_ my "fair share of bandwidth"? -- TTFN, patrick P.S. I am making absolutely no judgement on whether block is good or bad. Just wondering how other people rationalize doing, or not doing, these types of things.
On 10/19/07, Steven M. Bellovin <smb@cs.columbia.edu> wrote:
http://www.nytimes.com/aponline/technology/AP-Comcast-Data- Discrimination.html http://www.nytimes.com/aponline/technology/AP-Comcast-Data- Discrimination-Tests.html
Not a lot more I can say, other than argghhh!
--Steve Bellovin, http://www.cs.columbia.edu/~smb
This is a good point too. Comcast has refused to define what exactly their limits are so assuming all the content is legal, how does a law abiding citizen know when he is over his limits? -Scott -----Original Message----- From: owner-nanog@merit.edu [mailto:owner-nanog@merit.edu] On Behalf Of Patrick W. Gilmore Sent: Friday, October 19, 2007 3:35 PM To: Nanog Cc: Patrick W. Gilmore Subject: Re: Comcast blocking p2p uploads On Oct 19, 2007, at 3:10 PM, John C. A. Bambenek wrote:
I love how the framed it as "data discrimination". Let's just be honest... 99% of it was illegal traffic taking up far more than their fair share of bandwidth.
I didn't know that you doing something illegal with your application made it OK to block my use of it. Also, what _is_ my "fair share of bandwidth"? -- TTFN, patrick P.S. I am making absolutely no judgement on whether block is good or bad. Just wondering how other people rationalize doing, or not doing, these types of things.
On 10/19/07, Steven M. Bellovin <smb@cs.columbia.edu> wrote:
http://www.nytimes.com/aponline/technology/AP-Comcast-Data- Discrimination.html http://www.nytimes.com/aponline/technology/AP-Comcast-Data- Discrimination-Tests.html
Not a lot more I can say, other than argghhh!
--Steve Bellovin, http://www.cs.columbia.edu/~smb
On Fri, 19 Oct 2007, Patrick W. Gilmore wrote:
Also, what _is_ my "fair share of bandwidth"?
And therein lies the rub of statistical multiplexing. It's possible to come up with some ballpark fair-use numbers, but those numbers could be twisted into just about anything, depending on who is doing the twisting :) jms
On Fri, Oct 19, 2007, Randy Bush wrote:
I didn't know that you doing something illegal with your application made it OK to block my use of it.
p2p protocols are illegal? since when?
p2p protocols are tools. like most tools, they can be used for good and for bad.
Where good and bad suddenly aren't moral/ethical questions, but financial questions.. (Hi from "Clients are used to traffic shaping!" land.) Adrian
On Oct 19, 2007, at 7:40 PM, Randy Bush wrote:
I didn't know that you doing something illegal with your application made it OK to block my use of it.
p2p protocols are illegal? since when?
I specifically said "you _doing_ something illegal _with_ your application", not that the application (or protocol if you prefer) was illegal. IOW: We are in agreement. -- TTFN, patrick
p2p protocols are tools. like most tools, they can be used for good and for bad.
randy
On 10/19/07, John C. A. Bambenek <bambenek@gmail.com> wrote:
I love how the framed it as "data discrimination". Let's just be honest... 99% of it was illegal traffic taking up far more than their fair share of bandwidth.
And 84% of statistics are made up on site. If it is illegal it is not your right to judge and punish. We have courts for that. As for limiting my bandwidth, if you have a problem with my usage you should state it in a policy and not discreetly forge RST packets. -- Mark Owen
Since when did private companies no longer have the right to regulate their own property? I must have missed the Amendment... (Yeah, ok, I exaggerated the 99%) On 10/19/07, Mark Owen <mr.markowen@gmail.com> wrote:
On 10/19/07, John C. A. Bambenek <bambenek@gmail.com> wrote:
I love how the framed it as "data discrimination". Let's just be honest... 99% of it was illegal traffic taking up far more than their fair share of bandwidth.
And 84% of statistics are made up on site. If it is illegal it is not your right to judge and punish. We have courts for that. As for limiting my bandwidth, if you have a problem with my usage you should state it in a policy and not discreetly forge RST packets.
-- Mark Owen
On 10/19/07, John C. A. Bambenek <bambenek@gmail.com> wrote:
Since when did private companies no longer have the right to regulate their own property?
I must have missed the Amendment...
(Yeah, ok, I exaggerated the 99%)
It's not a matter of them not being able to do what they want, it is their lines after all, as it is more along doing it in a manner that is a little more civil. Sending RST packets in ongoing streams is just down right rude and I dare say a form of forgery. -- Mark Owen
Its not that they are not permitted to control network traffic, but they are impersonating the other server and I have a feeling there are a few laws that could fall under. Like fraud for one. Clinton Popovich Systems Administrator Nauticom Internet Services - An NPSI Company 2591 Wexford-Bayne Road, Suite 400 Sewickley, PA 15143 Tel: 724-933-9540 Fax: 724-933-9888 Email: crpopovi@nauticom.net Web: http://www.nauticom.net -----Original Message----- From: owner-nanog@merit.edu [mailto:owner-nanog@merit.edu] On Behalf Of John C. A. Bambenek Sent: Friday, October 19, 2007 3:42 PM To: Mark Owen Cc: Steven M. Bellovin; nanog@nanog.org Subject: Re: Comcast blocking p2p uploads Since when did private companies no longer have the right to regulate their own property? I must have missed the Amendment... (Yeah, ok, I exaggerated the 99%) On 10/19/07, Mark Owen <mr.markowen@gmail.com> wrote:
On 10/19/07, John C. A. Bambenek <bambenek@gmail.com> wrote:
I love how the framed it as "data discrimination". Let's just be honest... 99% of it was illegal traffic taking up far more than their fair share of bandwidth.
And 84% of statistics are made up on site. If it is illegal it is not your right to judge and punish. We have courts for that. As for limiting my bandwidth, if you have a problem with my usage you should state it in a policy and not discreetly forge RST packets.
-- Mark Owen
On Fri, Oct 19, 2007 at 04:38:11PM -0400, Clinton Popovich wrote:
Its not that they are not permitted to control network traffic, but they are impersonating the other server and I have a feeling there are a few laws that could fall under. Like fraud for one.
Not to defend Comcast, but I think that this is a pretty far-fetched idea. Firewalls that send RSTs, nearly every IDP device, SYN-proxy DDoS mitigation are just a few of the widely deployed technologies that depend on the exact same forgeries. It's all more-or-less the same principle of doing just enough forgery to be able to interrupt a flow. If you really want around that, IPSec is always there for ya. -- Ross Vandegrift ross@kallisti.us "The good Christian should beware of mathematicians, and all those who make empty prophecies. The danger already exists that the mathematicians have made a covenant with the devil to darken the spirit and to confine man in the bonds of Hell." --St. Augustine, De Genesi ad Litteram, Book II, xviii, 37
On Oct 19, 2007, at 3:42 PM, John C. A. Bambenek wrote:
Since when did private companies no longer have the right to regulate their own property?
I must have missed the Amendment...
If you want to make a property argument, how do you explain them denying me my right to enjoy my rental of their property? If Comcast were a landlord, they would be interfering with my quiet enjoyment and my rights in possession. Interfering with my traffic rather than blocking it, could lose them common carrier protection. They are exerting editorial control, in a fashion, over what I transmit and receive. --Patrick
On 10/19/07, Patrick Giagnocavo <patrick@zill.net> wrote:
On Oct 19, 2007, at 3:42 PM, John C. A. Bambenek wrote:
Since when did private companies no longer have the right to regulate their own property?
I must have missed the Amendment...
If you want to make a property argument, how do you explain them denying me my right to enjoy my rental of their property?
If Comcast were a landlord, they would be interfering with my quiet enjoyment and my rights in possession.
I'm finding the thread interesting with respect to the devices, how they work, how we might be able to identify them, and why this is a bad idea as related to the engineering and/or operation; capex, opex, O&M, etc. We already know that the givens are that it's generally socially unacceptable to filter, but without Comcast's motivation being know, it's hard to speculate as to the "why" they did it. Let's not. If we can drop the politics and legalities, I think we have a winner. Best Regards, Martin Hannigan NANOG MLC Member
Martin Hannigan wrote:
O&M, etc. We already know that the givens are that it's generally socially unacceptable to filter, but without Comcast's motivation being know, it's hard to speculate as to the "why" they did it. Let's not.
It's not at all hard to imagine WHY. In fact, it's almost a given. 1) Comcast is an MSO. As such, their access (last mile) is over a coax or a HFC plant. 2) HFC has limitations on bandwidth. The frequencies that most MSOs use for data give it somewhere around a DS3's worth of return traffic. The forward traffic (to the customer) is greater. 3) The HFC plant almost always includes at least a few thousand customers per leg. These customers have to share the same return bandwidth. 4) With only 45 meg of return traffic, and a few thousand customers, it is pretty easy to see how a few high capacity customers could have a negative impact on the rest of the customers. In addition to this, you have other applications, such as voip, that rides this same infrastructure. In many places there is no real ability to tag the voice traffic with a higher class service, so it has to contend just like everyone else. You can add to this that in some markets, the only real bandwidth is via multiple T1 or DS3 due to it being more remote. You ever wonder why some places have cable modem but not DSL? That's usually because the telcos can't get the bandwidth there. Right or not, many MSOs will turn up markets on a handful of T1 circuits until they can get a DS3 or greater installed. As to the SPECIFIC reason why Comcast is deploying the Sandvine instead of another architecture, or using another method of rate limiting... Well, I could probably comment on that as well, but I'm uncertain that my friends and associates at the MSOs and hardware vendors would look kindly on that. Since I no longer work for a MSO, I really no longer have any insight. It's just a way that an MSO might manage their network in order to make 90% or more of their customers happy while reducing the need to deploy more hardware to split the plants. -Sean
On Oct 19, 2007, at 7:16 PM, Sean Figgins wrote:
You ever wonder why some places have cable modem but not DSL? That's usually because the telcos can't get the bandwidth there.
That is a laughable statement.
In many places there is no real ability to tag the voice traffic with a higher class service, so it has to contend just like everyone else.
This is also a laughable statement as Comcast (the provider in question) has at least, DOCSIS 1.1 on all parts of their network, if not newer than that. The DOCSIS 1.1 specification has this capability (multiple service flows). DOCSIS 1.1 is of April 1999 vintage. rest of your post also questionable. --Patrick
Sean: 1) Correct/ 2) DSL and fiber have limitations, too. The modulation and spectrum width can vary, but most MSOs have their forward configured with a maximum of around 38 Mbps (256-QAM, 6 MHz wide) and the return in the 9 Mbps range (64-QAM, 3.2 MHz wide). Charts here: Forward: http://www.cable360.net/images/articles/15131_1168455349.gif Return: http://www.cable360.net/images/articles/15131_1168455396.gif With DOCSIS 2.0 there is the capability of using a wide band for return and increasing the modulation, and with DOCSIS 3.0, through channel bonding, higher downstream rates. 3) It's recommended that there are no more than 250 cable modem users per upstream; with a 1:4 DS:US configuration, that would be 1000 per downstream. Of course, MSOs can mix things up a bit by allocating more than one DS and/or US channel on the same plant, and therefore support many more/different users. 4) Not sure where you got 45 Mbps for return traffic. But yes, a few Slingboxes can fill the upstream. PacketCable 1.1, a widely deployed standard, allows MSOs to assign their voice higher priority over regular data traffic. There are over 2M customers of "digital telephony" today. Frank -----Original Message----- From: owner-nanog@merit.edu [mailto:owner-nanog@merit.edu] On Behalf Of Sean Figgins Sent: Friday, October 19, 2007 6:17 PM To: Nanog Subject: Re: Comcast blocking p2p uploads Martin Hannigan wrote:
O&M, etc. We already know that the givens are that it's generally socially unacceptable to filter, but without Comcast's motivation being know, it's hard to speculate as to the "why" they did it. Let's not.
It's not at all hard to imagine WHY. In fact, it's almost a given. 1) Comcast is an MSO. As such, their access (last mile) is over a coax or a HFC plant. 2) HFC has limitations on bandwidth. The frequencies that most MSOs use for data give it somewhere around a DS3's worth of return traffic. The forward traffic (to the customer) is greater. 3) The HFC plant almost always includes at least a few thousand customers per leg. These customers have to share the same return bandwidth. 4) With only 45 meg of return traffic, and a few thousand customers, it is pretty easy to see how a few high capacity customers could have a negative impact on the rest of the customers. In addition to this, you have other applications, such as voip, that rides this same infrastructure. In many places there is no real ability to tag the voice traffic with a higher class service, so it has to contend just like everyone else. You can add to this that in some markets, the only real bandwidth is via multiple T1 or DS3 due to it being more remote. You ever wonder why some places have cable modem but not DSL? That's usually because the telcos can't get the bandwidth there. Right or not, many MSOs will turn up markets on a handful of T1 circuits until they can get a DS3 or greater installed. As to the SPECIFIC reason why Comcast is deploying the Sandvine instead of another architecture, or using another method of rate limiting... Well, I could probably comment on that as well, but I'm uncertain that my friends and associates at the MSOs and hardware vendors would look kindly on that. Since I no longer work for a MSO, I really no longer have any insight. It's just a way that an MSO might manage their network in order to make 90% or more of their customers happy while reducing the need to deploy more hardware to split the plants. -Sean
Frank Bulk wrote:
2) DSL and fiber have limitations, too. The modulation and spectrum width can vary, but most MSOs have their forward configured with a maximum of around 38 Mbps (256-QAM, 6 MHz wide) and the return in the 9 Mbps range (64-QAM, 3.2 MHz wide). Charts here: Forward: http://www.cable360.net/images/articles/15131_1168455349.gif Return: http://www.cable360.net/images/articles/15131_1168455396.gif
Thank you, Frank. I'm not a HFC engineer, but rather an IP/Network/Server/Security guy, that worked on the backbone and lab side of a large MSO. My HFC experience is exclusive of what is between the CMTS and the cable modem. I know just enough to be able to live there. I got my figures reversed. For some reason I was thinking that it was about 100 meg on the upstream and 45 meg on the downstream, but looks like I remembered it wrong. Anyways, regardless of that, you pretty much validated what I was saying as to the reason why a MSO would deploy such a device. It's possibly cheaper to do so than to deploy the hardware to split the HFC pland and increase available bandwidth to subscriber ratio. Not that I agree with such a practice. -Sean
Because you signed up to an AUP that allows what they are doing. That, and in most states, if you rent my house, I can throw you out for no reason given that I give you proper notice and enough time. In this case, if you want to use rental analogies, that's like saying a landlord can't evict you or otherwise take action because you're having loud parties and throwing appliances out windows. P2P is about the exact opposite of "quiet enjoyment". j On 10/19/07, Patrick Giagnocavo <patrick@zill.net> wrote:
On Oct 19, 2007, at 3:42 PM, John C. A. Bambenek wrote:
Since when did private companies no longer have the right to regulate their own property?
I must have missed the Amendment...
If you want to make a property argument, how do you explain them denying me my right to enjoy my rental of their property?
If Comcast were a landlord, they would be interfering with my quiet enjoyment and my rights in possession.
Interfering with my traffic rather than blocking it, could lose them common carrier protection. They are exerting editorial control, in a fashion, over what I transmit and receive.
--Patrick
On Oct 19, 2007, at 10:53 PM, John C. A. Bambenek wrote:
Because you signed up to an AUP that allows what they are doing.
That, and in most states, if you rent my house, I can throw you out for no reason given that I give you proper notice and enough time.
In this case, if you want to use rental analogies, that's like saying a landlord can't evict you or otherwise take action because you're having loud parties and throwing appliances out windows. P2P is about the exact opposite of "quiet enjoyment".
I am afraid your skill at analogies is lacking. First, in most states, you may NOT "throw [me] out for no reason". Well, unless you consider "proper notice and enough time" equivalent to "wait until the end of the lease". Second, eviction is totally different than the discussion here. Comcast is still taking these people's "rent", an evicted tenant does not pay. Third, the _police_ handle loud parties and vandalism, not the landlord. Etc., etc. But the analogy is flawed anyway. A cable modem is not an apartment, and the Internet does not fit well into "normal" modes of operation. If the AUP does not allow this activity, then Comcast has remedies detailed in their AUP. I have not read the AUP, and it is late, so I will not do so now. However, would you care to take a bet about the remedies listed? I would guess it gives Comcast the right to shut down the service. I seriously doubt it gives Comcast the right to randomly kill sessions while still billing the full month's rent. -- TTFN, patrick P.S. Careful how far you defend this action lest your own words be turned against you.
On 10/19/07, Patrick Giagnocavo <patrick@zill.net> wrote:
On Oct 19, 2007, at 3:42 PM, John C. A. Bambenek wrote:
Since when did private companies no longer have the right to regulate their own property?
I must have missed the Amendment...
If you want to make a property argument, how do you explain them denying me my right to enjoy my rental of their property?
If Comcast were a landlord, they would be interfering with my quiet enjoyment and my rights in possession.
Interfering with my traffic rather than blocking it, could lose them common carrier protection. They are exerting editorial control, in a fashion, over what I transmit and receive.
--Patrick
First, that's not what I learned in my law classes. Second, the "rent" has conditions (they may not publish them, but that is entirely different matter which I likely agree with you on). Comcast is under no obligation to let you misuse their service... morally, ethically, or philosophically. Third, the police handle criminal matters, not contract disputes. It wasn't my analogy to begin with. I would imagine their AUP is written to allow them to take "any reasonable measure" to ensure the integrity of their service. P.S. I don't misuse my service so the debate doesn't effect me. PPS I think it was requested multiple times to take this debate off list, let's let it die. On 10/20/07, Patrick W. Gilmore <patrick@ianai.net> wrote:
On Oct 19, 2007, at 10:53 PM, John C. A. Bambenek wrote:
Because you signed up to an AUP that allows what they are doing.
That, and in most states, if you rent my house, I can throw you out for no reason given that I give you proper notice and enough time.
In this case, if you want to use rental analogies, that's like saying a landlord can't evict you or otherwise take action because you're having loud parties and throwing appliances out windows. P2P is about the exact opposite of "quiet enjoyment".
I am afraid your skill at analogies is lacking.
First, in most states, you may NOT "throw [me] out for no reason". Well, unless you consider "proper notice and enough time" equivalent to "wait until the end of the lease".
Second, eviction is totally different than the discussion here. Comcast is still taking these people's "rent", an evicted tenant does not pay.
Third, the _police_ handle loud parties and vandalism, not the landlord.
Etc., etc. But the analogy is flawed anyway. A cable modem is not an apartment, and the Internet does not fit well into "normal" modes of operation.
If the AUP does not allow this activity, then Comcast has remedies detailed in their AUP. I have not read the AUP, and it is late, so I will not do so now. However, would you care to take a bet about the remedies listed? I would guess it gives Comcast the right to shut down the service. I seriously doubt it gives Comcast the right to randomly kill sessions while still billing the full month's rent.
-- TTFN, patrick
P.S. Careful how far you defend this action lest your own words be turned against you.
On 10/19/07, Patrick Giagnocavo <patrick@zill.net> wrote:
On Oct 19, 2007, at 3:42 PM, John C. A. Bambenek wrote:
Since when did private companies no longer have the right to regulate their own property?
I must have missed the Amendment...
If you want to make a property argument, how do you explain them denying me my right to enjoy my rental of their property?
If Comcast were a landlord, they would be interfering with my quiet enjoyment and my rights in possession.
Interfering with my traffic rather than blocking it, could lose them common carrier protection. They are exerting editorial control, in a fashion, over what I transmit and receive.
--Patrick
On Fri, 19 Oct 2007, John C. A. Bambenek wrote:
Since when did private companies no longer have the right to regulate their own property?
I don't know that anyone would disagree with their right to do so, but if there are usage limits, those limits should be made known to the user community. I'm sure Comcast has ways to communicate TOS updates to their user base - mass email, stuff a letter in peoples' cable bills, etc... How would you react if you were pulled over for speeding on a road that had no posted speed limit? jms
On October 19, 2007 at 16:39 streiner@cluebyfour.org (Justin M. Streiner) wrote:
How would you react if you were pulled over for speeding on a road that had no posted speed limit?
It's happened to me! Every state has a speed limit which applies wherever no speed limit is posted and drivers are expected to know it. Usually 35MPH at least here in the northeast. The magistrate showed no sympathy whatsoever and obviously had heard it 1,000 times before. THAT SAID... Comcast has a lot of monopoly deals for cable installation with towns etc. Once one accepts monopoly positions the notion of their being unregulated, or unregulateable, or "their ball, their rules", becomes much murkier because the consumers' choices have been forfeited for, well, it really depends on the specific agreements in each case, tho it's not quite as simple as contract law either since in a monopoly situation some assumptions are reasonable. But the agreement is the place to start. I'm sure for example most of these monopoly sweetheart agreements forbid price increases without some form of vetting by those who approved the monopoly (town board of supervisors or whomever), or else they're pretty dumb. If it really were "my ball, my rules" they could charge whatever they like take it or leave it, and not bother with gimmees like community access channels. The monopoly per se is not on TV itself (I can already hear keyboards clacking with words like broadcast and satellite) per se, it's on the right to run the cable plant to homes. Similar to the telco's wire plant monopolies in many areas; those agreements come at some cost to the company, even if you could in theory drop your landline and go get a cell phone. That's not really an answer, but I'm just saying it's not quite as simple as "my ball, my rules". -- -Barry Shein The World | bzs@TheWorld.com | http://www.TheWorld.com Purveyors to the Trade | Voice: 800-THE-WRLD | Login: Nationwide Software Tool & Die | Public Access Internet | SINCE 1989 *oo*
Communication of rules is fair... I was criticizing the "net neutrality" argument. They should communicate the rules, I agree. On 10/19/07, Justin M. Streiner <streiner@cluebyfour.org> wrote:
On Fri, 19 Oct 2007, John C. A. Bambenek wrote:
Since when did private companies no longer have the right to regulate their own property?
I don't know that anyone would disagree with their right to do so, but if there are usage limits, those limits should be made known to the user community. I'm sure Comcast has ways to communicate TOS updates to their user base - mass email, stuff a letter in peoples' cable bills, etc...
How would you react if you were pulled over for speeding on a road that had no posted speed limit?
jms
On Oct 19, 2007, at 2:50 PM, Steven M. Bellovin wrote:
http://www.nytimes.com/aponline/technology/AP-Comcast-Data- Discrimination.html http://www.nytimes.com/aponline/technology/AP-Comcast-Data- Discrimination-Tests.html
Not a lot more I can say, other than argghhh!
"Argghhh" that they are doing it? Or "argghhh" that people are just now figuring it out? And did you "arrgghhh" when rate limiting became commonplace about, oh, 1865? :) -- TTFN, patrick
I was hearing complaints about this months ago... Regards Marshall On Oct 19, 2007, at 3:20 PM, Patrick W. Gilmore wrote:
On Oct 19, 2007, at 2:50 PM, Steven M. Bellovin wrote:
http://www.nytimes.com/aponline/technology/AP-Comcast-Data- Discrimination.html http://www.nytimes.com/aponline/technology/AP-Comcast-Data- Discrimination-Tests.html
Not a lot more I can say, other than argghhh!
"Argghhh" that they are doing it?
Or "argghhh" that people are just now figuring it out?
And did you "arrgghhh" when rate limiting became commonplace about, oh, 1865? :)
-- TTFN, patrick
3:20pm Patrick W. Gilmore said:
On Oct 19, 2007, at 2:50 PM, Steven M. Bellovin wrote:
http: //www.nytimes.com/aponline/technology/AP-Comcast-Data-Discrimination.html http: //www.nytimes.com/aponline/technology/AP-Comcast-Data-Discrimination-Tests.html
Not a lot more I can say, other than argghhh!
"Argghhh" that they are doing it?
Or "argghhh" that people are just now figuring it out?
And did you "arrgghhh" when rate limiting became commonplace about, oh, 1865? :)
It would be sad if one of the leaders in deploying IPv6 was now motivated to maintain the status-quo; with its IPv4 RST meddling "feature". :-( ../C
Curtis Doty wrote: [..]
It would be sad if one of the leaders in deploying IPv6 was now motivated to maintain the status-quo; with its IPv4 RST meddling "feature". :-(
Which "Leaders in deploying IPv6"? They are only deploying IPv6 for their management infrastructure, thus internally and not for their customers. Just to show how 'deployed' it is: http://www.sixxs.net/tools/grh/dfp/arin/ Prefix: 2001:558::/32 Name: COMCAST6NET Allocated: 2003-01-06 Seen: *NEVER* That stuff is the same PR crap as Verizon with: http://money.cnn.com/news/newsfeeds/articles/prnewswire/NYTU05725092007-1.ht... Note the: "The deployment, expected to be completed during the next 18 months, will permit companies to fully integrate to IPv6,..." Nice PR, but no cheese yet, but at least now they are pretty much committed to actually do it ;) Really, don't claim that something is deploying IPv6 until you see "IPv6" as a feature on the product pages and you can actually really get it and traceroute it globally... As for the RST's, this just shows again that things like IPSEC or otherwise protected packet sending are the way to go and ISP's show not be stating that you have "unlimited traffic" but simply provide the user with a real limit. Then it is clear what you are buying and when you go over that limit THEN limit the endpoint to 5kbit/s so that they at least can go to the "you reached your limit, do your leeching next month". And I am pretty sure that technically simply ratelimitting (or simply shutting them down completely or sending them to a sandbox) after they hit the traffic limit is much more efficient than trying to figure out what is and what is not "illegal" or "bulky" traffic. It is only complicating the wee job that an ISP really have to do: gain nothing. Greets, Jeroen
Patrick W. Gilmore wrote:
On Oct 19, 2007, at 2:50 PM, Steven M. Bellovin wrote:
http://www.nytimes.com/aponline/technology/AP-Comcast-Data-Discrimination.ht...
http://www.nytimes.com/aponline/technology/AP-Comcast-Data-Discrimination-Te...
Not a lot more I can say, other than argghhh!
"Argghhh" that they are doing it?
Or "argghhh" that people are just now figuring it out?
And did you "arrgghhh" when rate limiting became commonplace about, oh, 1865? :)
It's one thing to traffic shape someone... It's quite another to meddle in the packets that they send. people are willing to tolerate transparent http proxies because they got good enough that their use was non-invasive. As a comcast customer I am aware that I am purchasing an asymetric service, there are is however a reason I got 8/768 and not 6/384. What happens when they decide my non-comcast voice or video conferencing service needs to be asymmetric instead of symmetric as well?
--TTFN, patrick
Not a lot more I can say, other than argghhh! You have a residential bandwidth offering with a price point that is
Steven M. Bellovin wrote: possible because of massive oversubscription that is in violent competition with a technology that aims to make use of all that "idle" network capacity at each subscriber end-point. This is one of those issues where people like to play both sides; you have massive outbursts of moral outage that an ISP would engage in throttling activities, and an equal outburst when things like usage-based billing get discussed. No matter how you slice it, there are costs involved in moving bits and as a provider you either need to level the playing field by throttling people to reasonable consumption or be able to differentially bill those who insist on generating massive traffic loads. Of course, the challenge is that due to current limitations in access technologies (both cable and DSL) many broadband ISPs couldn't accommodate some of these traffic loads even if people are willing to pay. It's worth noting that the traffic Comcast is filtering is called out in their Terms of Use in the "PROHIBITED USES AND ACTIVITIES" section, paragraph xiv. http://www.comcast.net/terms/use.jsp -Eric
Eric Spaeth wrote:
It's worth noting that the traffic Comcast is filtering is called out in their Terms of Use in the "PROHIBITED USES AND ACTIVITIES" section, paragraph xiv. http://www.comcast.net/terms/use.jsp
That section could be applied to every application that you would run on your computer that access the Internet. The "program, equipment or servers... that provide network content or any other services" clause is really quite laughable. Clearly, this would apply to every p2p application out there, but it would also apply to many other, such as video conference, net meeting, online games, remote access to your PC (VNC/RDP/goto-my-pc), AIM, IRC, etc. I'm sure it probably could be applied to every possible IP aware application. Eric Spaeth wrote:
With rate-shaping they would need to have the P2P identification widget in-line with the data path to be able to classify and mark traffic so that it can be queued/throttled appropriately.
The Sandvine, in particular, is designed to be placed in-line like this. It does, however, deploy a technology to shunt the traffic through the device in the event that the server craters. Many network devices do this now. -Sean (Please respond only to the list)
Sean Figgins wrote:
Eric Spaeth wrote:
With rate-shaping they would need to have the P2P identification widget in-line with the data path to be able to classify and mark traffic so that it can be queued/throttled appropriately.
The Sandvine, in particular, is designed to be placed in-line like this. It does, however, deploy a technology to shunt the traffic through the device in the event that the server craters. Many network devices do this now. I have previous experience with Sitara QoS devices that sported that same feature. The problem was that the relay would only shut if the box lost power or if it received a software command to disengage. We had numerous problems where the packet processing engine would become overwhelmed and lock up; the relay stayed engaged because the box retained power and the software driver was rendered useless once the whole OS locked up.
Maybe it's just me, but when a vendor is concerned enough about their box failing that they work out these elaborate bypass options it doesn't inspire a lot of confidence in the stability of the product. IMHO, wedging a 99.5% available piece of hardware between your 99.99+% available network hardware is just bad karma. -Eric
On Fri, 19 Oct 2007, Steven M. Bellovin wrote:
http://www.nytimes.com/aponline/technology/AP-Comcast-Data-Discrimination.ht... http://www.nytimes.com/aponline/technology/AP-Comcast-Data-Discrimination-Te...
Not a lot more I can say, other than argghhh!
Why is this news, though?
--Steve Bellovin, http://www.cs.columbia.edu/~smb
On Fri, 19 Oct 2007, Steven M. Bellovin wrote:
http://www.nytimes.com/aponline/technology/AP-Comcast-Data-Discrimination.ht...
I cannot access relevant pages on www.comcast.com due to me not being in the US (or rather, they require an address first), could anyone please paste or other way supply the wording/text they use in their fineprint, to allow them contractually to disrupt customer TCP session in other way than delaying or dropping the packets (which I guess is accepted industry standard). Sending/spoofing RST on certain customer TCP sessions doesn't qualify as normal network behaviour in my mind, so would be interesting to hear how they word it legally. -- Mikael Abrahamsson email: swmike@swm.pp.se
Mikael Abrahamsson wrote:
I cannot access relevant pages on www.comcast.com due to me not being in the US (or rather, they require an address first), could anyone please paste or other way supply the wording/text they use in their fineprint, to allow them contractually to disrupt customer TCP session in other way than delaying or dropping the packets (which I guess is accepted industry standard).
Sending/spoofing RST on certain customer TCP sessions doesn't qualify as normal network behaviour in my mind, so would be interesting to hear how they word it legally.
They don't, Comcast is egregiously in violation of their own AUP! http://www.comcast.net/terms/use.jsp vii. restrict, inhibit, or otherwise interfere with the ability of any other person, regardless of intent, purpose or knowledge, to use or enjoy the Service, including, without limitation, posting or transmitting any information or software which contains a worm, virus, or other harmful feature, or generating levels of traffic sufficient to impede others' ability to send or retrieve information; vii. restrict, inhibit, interfere with, or otherwise disrupt or cause a performance degradation, regardless of intent, purpose or knowledge, to the Service or any Comcast (or Comcast supplier) host, server, backbone network, node or service, or otherwise cause a performance degradation to any Comcast (or Comcast supplier) facilities used to deliver the Service; ... xxii. interfere with computer networking or telecommunications service to any user, host or network, .... ---- I'm on the horn to my legislators.... As a Comcast customer at home, I'll be looking into my legal position regarding "tortuous interference". As an ISP owner, I'm not as sure about my standing, but also seems that they are interfering with "service to any user, host or network".
At 07:36 AM 10/20/2007, William Allen Simpson wrote:
Mikael Abrahamsson wrote:
I cannot access relevant pages on www.comcast.com due to me not being in the US (or rather, they require an address first), could anyone please paste or other way supply the wording/text they use in their fineprint, to allow them contractually to disrupt customer TCP session in other way than delaying or dropping the packets (which I guess is accepted industry standard). Sending/spoofing RST on certain customer TCP sessions doesn't qualify as normal network behaviour in my mind, so would be interesting to hear how they word it legally. They don't, Comcast is egregiously in violation of their own AUP!
It is interesting to note that the terms of service given on comcast.com say nothing about restrictions on use. I make the distinction between comcast.net and comcast.com for an important reason: comcast.com is where folks go to sign up. Comcast.net is a portal for existing users. In other words, it appears this AUP is not posted (at least not that I could find) on the sales-oriented page. Does the user actually agree to this AUP prior to signing a commitment with Comcast? Of course the AUP starts with the usual big-business text (popular with credit card companies too) that says the company is free to make any adjustments to the AUP at any time. In all the years I've been a Comcast customer at home, I don't recall any notices about changes to the terms of service. The credit card companies at least tell you, and advise if you don't agree you can cancel your account.
On Sat, 20 Oct 2007 10:08:50 +0200 (CEST) Mikael Abrahamsson <swmike@swm.pp.se> wrote:
On Fri, 19 Oct 2007, Steven M. Bellovin wrote:
http://www.nytimes.com/aponline/technology/AP-Comcast-Data-Discrimination.ht...
I cannot access relevant pages on www.comcast.com due to me not being in the US (or rather, they require an address first), could anyone please paste or other way supply the wording/text they use in their fineprint, to allow them contractually to disrupt customer TCP session in other way than delaying or dropping the packets (which I guess is accepted industry standard).
Sending/spoofing RST on certain customer TCP sessions doesn't qualify as normal network behaviour in my mind, so would be interesting to hear how they word it legally.
See http://www.news.com/8301-13578_3-9800629-38.html for some relevant excerpts. --Steve Bellovin, http://www.cs.columbia.edu/~smb
On Oct 20, 2007, at 4:08 AM, Mikael Abrahamsson wrote:
On Fri, 19 Oct 2007, Steven M. Bellovin wrote:
http://www.nytimes.com/aponline/technology/AP-Comcast-Data- Discrimination.html
I cannot access relevant pages on www.comcast.com due to me not being in the US (or rather, they require an address first), could anyone please paste or other way supply the wording/text they use in their fineprint, to allow them contractually to disrupt customer TCP session in other way than delaying or dropping the packets (which I guess is accepted industry standard).
Sending/spoofing RST on certain customer TCP sessions doesn't qualify as normal network behaviour in my mind, so would be interesting to hear how they word it legally.
It is interesting that this has come up before in a somewhat related context http://www.schneier.com/blog/archives/2006/06/ignoring_the_gr.html Regards Marshall
-- Mikael Abrahamsson email: swmike@swm.pp.se
participants (36)
-
Adrian Chadd
-
Alexander Harrowell
-
Andy Davidson
-
Barry Shein
-
Clinton Popovich
-
Curtis Doty
-
Daniel Senie
-
Eric Spaeth
-
Frank Bulk
-
Gadi Evron
-
Jack Bates
-
Jeroen Massar
-
Joe Greco
-
Joe Provo
-
Joel Jaeggli
-
John C. A. Bambenek
-
Justin M. Streiner
-
Keith O'Neill
-
Leo Bicknell
-
Mark Owen
-
Marshall Eubanks
-
Martin Hannigan
-
michael.dillon@bt.com
-
Mikael Abrahamsson
-
Mike Lewinski
-
Myke Lyons
-
Patrick Giagnocavo
-
Patrick W. Gilmore
-
Peter Dambier
-
Randy Bush
-
Ross Vandegrift
-
Scott Berkman
-
Sean Figgins
-
Steven M. Bellovin
-
Valdis.Kletnieks@vt.edu
-
William Allen Simpson