Slashdot Mirror
Cable Co's Want More Control Over Your Network
Moonshine Coward writes: "'The CAT and the NAT' in latest issue of www.cedmagazine.com discusses Cable labs and their efforts to come up with a 'better' protocol than NAT that allows them more control over devices behind your cable modem. Their upside on this...$4.95 per IP per mth.
Their #1 concern...people putting in 802.11b hubs and sharing with their neighbors.
Fine in principle and if it gets them drooling enough to speed up the deployment of fiber to the home it might be a good thing. However I can see way too many downsides...not least of which is being nickled and dimed to death..my webcam, cable ready microwave, refrigerator, pictureframe that shows revolving jif's ... each costing me $4.95 p.m. -- all on top of regular $39.95 cost." Note: the article is written from an interesting point of view -- it's aimed at the people who want to collect the additional per-IP charges.
Why not set up a gateway/proxy that dolls out IPs internal to your network? I can't imagine them actually being able to talk their way past personally installed firewalls.
(Well, okay, the real argument is probably that the providers see a way to make more money but....)
I pay for a certain amount of bandwidth. Why do they care how it gets used? If I spend my 10 MB/s downloading porn or if I only use half of it and then let my neighbor use the other half...seems like the problem is not people "stealing" bandwidth but the providers not provisioning correctly.
This article is a misleading justification of price gouging. "The good news is, the dishonest people who know how to do it are already doing it..."; clearly anyone with two computers must be a dishonest thief.
They discuss sharing amongst neighbors, but what they are really upset about is not being able to charge for every device I own or sharing amongst roommates. Nowhere is the fact that even toasters are getting IP addresses mentioned, and none of the technology they are looking forward to will allow the provider to differentiate between my toaster and my neighbor's computer.
So the interesting question to me is, why does my service provider deserve more $$$s because I own three computers, a net-connected TiVo, and an internet enabled toaster or stoplight? Aren't they still just providing me a single connection and some bandwidth? What right do they have to charge for my toaster? Do they have a contract with *me*, or with *my device*? They seem to think they are providing my computer with a service; I happen to believe my computer can't sign a contract, so the service is provided to me, and this price gouging shouldn't be allowed.
is competition good, or is duplication of effort bad?
NAT is good for what it does. I don't recommend forcing another protocol - that will be circumvented anyway.
I would prefer a bandwith/$$ model if they are going to start nickel and diming us. Kinda like cell phones.
You get so many Megs or Gigs for $X. After that you get a message sent to either your phone or email saying that you have used up your data "minutes". You can then a)explicitly enable your connection again at $X/meg, or b) wait until next month.
Will it stop "unauthorized use" - no. Will it make it more expensive? yes. Which in turn means the cable company gets compensated and Ted has to charge his neighbors to make up the difference.
Best all around solution? No. But it works for cell phones, and would be reasonable compromise for most parties involved.
Often, the cable modem provider's objection is *not* to the bandwidth, but merely to running any kind of server.
10 GB/month of Napster/whatever: OK
1 MB/month of web server: not OK
even with NAT, the MAC address of the original computer is in the packet
Say what? Where is there room in an IP v4 packet for any MAC address, much less the MAC addresses of both the public interface of the NAT router (bridge) and the private interface of a host behind the NAT router? Please clarify.
In Chicago, we got so sick of sucky internet providers that we banded together and created a Coop, where you pay for only the pipe, and you get what you pay for.
www.ISPFH.org
The drawbacks?
It ain't cheap.
I do not deploy Linux. Ever.
Fact: those who are bootlegging will never be found, unless a physical inspection is made.
This CAT protocol sounds like it will involve some sort of authentication against a directory, such as Microsoft Active Directory [Passport], or Novell Directory Services. If they know what they're doing, then only authenticated packets will be allowed on the network. The cracker/hacker community will then have to figure out a way to break Microsoft [Kerberos] or Novell [RSA] authentication and write a CAT router [bridge] for Linux/*BSD with the broken authentication scheme. Presumably, legitimate CAT vendors, like Cisco/Nortel/Lucent/Linksys/Microsoft/Novell will release proprietary solutions that refuse to forward packets from a host behind the firewall if that host can't be authenticated to the directory.
The only hope is that packet-by-packet authentication will require so much in the way of hardware resources that the broadband ISPs won't want to take the plunge [i.e. VERY expensive authentication/encryption hardware modules on Cisco routers coupled with an upgrade of all the end user cable modems].
Except that their solution, like CSS or any other "anti-piracy" solution, is not going to punish merely the offenders. It is also quite likely to catch a lot of innocent people in its claws. The article itself seems to have a very negative view on NAT, which indicates to me that they think plain-old-honest-sensible address translation is a criminal behavior if it deprives them of revenue. Serious questions need to be asked and answered before we who are technologically savvy allow this sort of thing to become widespread (if we even have a say in the matter).
Most importantly, does this portend a future in which NAT or ip chains are deemed a violation of our user agreements? If so, I would have never signed up (well, maybe I would have, but given the criminal penalties provisioned in the DMCA and that NAT could be deemed a circumvention device if the cable company only approves this proposed CAT nonsense...). So the real question is, would you like to occupy the cell next to Dmitry simply for having a firewall and a class C network?
I do not have a signature
I know I've done my fair share of software pirating, but I am not one to steal cable, steal cable internet, or set up a 802.11 network in my apartment building. So I should have nothing to worry about, right? Wrong. What about people like me who have two computers and a roommate's laptop? I'm not going to pay $10 extra in addition to the $40 they already charge. My jobless self can only take so much "nickle and diming".
It would be awesome if they could just do what the cable TV companies (at least here in Seattle) has done forever. I'm allowed to have an unlimited number of TVs connected, so long as they are in the same household (and I have enough outlets, which I could install myself if I didn't live in an apartment). So it seems like the only reason this is a problem is because of the 802.11 situation -- why should I be punished? The poster raised another good point -- what happens when I get my internet-enabled toaster, refrigerator, answering machine, jukebox, etc... this would absolutely kill the "internet appliance" industry, because I sure as hell am not going to pay $5/mo for each device, and I'm sure as hell not going to run them all off of dialup -- I'd rather just not buy the device.
Another problem: my apartment is not wired for a home network, since it has no CAT/5 wiring and only one phone outlet. My roommate has a powerbook with an Airport card. What if I want to set up a little wireless network so that she can have access without dragging a CAT/5 cable across the floor? All of a sudden, even though my intentions are honest, I become part of the problem that this NAT -> CAT suggestion is designed to solve.
Bottom line is that there are too many situations where this hurts honest people. The cable internet industry is already in trouble -- if I were them, I'd be worried about profits lost from illegal sharing too. But I'd be more worried about pissing off the honest people on the network, which probably vastly outnumber the dishonest ones. I, for one, would be seriously pissed off if this transition from NAT to CAT were to be enforced.
1. 1 in 10 are using wireless to share with their neighbors? Get real. 1 in 1000 if you are lucky. But let's grant that it could be a problem.
2. NAT has other purposes than just sharing bandwidth. My cable company offers multiple IPs. I use NAT instead. Am I stealing bandwidth? No, there's only one of me on the net at a time. I don't *want* multiple IPs. I want a firewall, and NAT makes a very good firewall. The last thing I want is to have to make all of my machines internet-safe. Forcing customers to do so would create a huge security problem. Never mind your machines, what about your printer? You want that on the internet too?
3. Security. CAT will let your cable company peek behind your firewall--and who else?
One thing to be concerned about. Implementing CAT doesn't prevent people from using NAT. Therefore implementing CAT is not going to be sufficient, they'll have to force you to use CAT. And the only way they can do that is to put software on your machine (after all, you could always put NAT behind CAT). And we all know what platform that software will (and won't) run on.
Fortunately it's probably too late for this solution. They should just do bandwidth monitoring and leave it at that.
This also brings to mind another bit of history: in the mid-90's the telcos bitching about so many people using dial-up, and so they were lobbying to be able to charge per-minute on local calls. Despite the fact that they were probably getting more revenue anyway from people installing extra lines for faxes and computers at home (my uncle at one time had FOUR lines into his house, at one time I used to have two, and paid almost $60 for it). I fail to understand why a company can come up with a model that fails to take into account changes in the tide, and then make customers pay for their mistakes when things change...the telcos complained that they only have (or had) enough switches in some areas to accomodate only 40% of their customers to be on at any one time...how is that the CUSTOMERS burden if that is not enough when things change. It should, by law, IMHO, be 100% : I want the phone to work when I pick it up, regardless of whether there are people dialing up and staying online longer than normal phone conversations, or if there is an act of war like on 9-11...it should work, unless there is a physical failure somewhere. Same with cable companies: if they projected the average use of customers' use to be X, and it then moves up to Y, don't try to gouge people in stupid ways like this - figure out some kind of bar that if you go over, you get charged per GB. I *still* think that telcos were just out to royally screw everyone to be able to pay for their $#@$#% switches that they should have had in the first place.
If they are really so worried about profits, they shouldn't be giving executives big bonuses, and CEO's great big golden parachutes while laying off thousands of workers and screwing their customers. I'm really big on capitalism, but some CEO/executives make way more money than is justified, IMHO, for their ROI.
The idea of a cable modem and the pricing of the service, though, is not "you have 1.5Mbps and can use it at 100% 24/7", but rather "Here's 1.5Mbps to speed the times that you do use your PC"
Actually, it is whatever level of service is stated in the contract/service agreement with the customer. Regardless of the economic or technical realities the company faces, they are bound by the commitement that they make when they sell the service. If, as in their commercials, they sell 1.5Mbps and do not qualify that by explicitly outlining what duration to expect that level of service for, then the customer has every right to expect 1.5Mbps, 24/7. If the providers can't privide that level of service, they shouldn't sell it. If they can't sell a lesser level of service for what they want to charge, tough.
Takahashi Rumiko made beats! DON, taku, DON, taku. . .
But the cable co's will simply drop your packets unless you install their special software.
Pushin' 'n dealin', shovin' 'n stealin'
Yeah...I have a 512K cable modem, and I can usually get around that. About the only high bandwidth I use is pulling down files from work.
Personally I like the low latency.
But, the damn cable modem gets addicted to one machine's MAC. My house is wired and if I wanted to use my notebook in the living room, it is about a 45 minute process to get the cable modem to understand that the machine behind it changed.
So, by using NAT, it is always just one machine to the cable modem...and behind the router, it is usually just only one machine on at a time anyway. I guess that makes me a thief.
Oh yeah...there is the other reason that I use NAT. Half the time if I don't keep the connection constantly going, when I go to get on, the DHCP server doesn't have any IP addresses left - so this way I don't have to worry about that. And THEY want to provide me more IP's?
So what happens on my Linux box running NAT/firewall for my three VMWare sessions (Win98/NT/2000)? I'm still running one piece of hardware with four internal IPs on it, but only one realworld IP to the cable company. So now I'm supposed to pay for four devices?
Oh wait, if they set up a piece of physical hardware that prevents NAT, then that means I can no longer connect to the network via my VMWare sessions?
What the hell?!?
The model of bandwidth as commodity already exists: Power. You can put deals and caps on it, but its merely metered usage of bandwidth over time.
.NET sucking every Office function through the wire dynamically. Trust me, Bill's gonna come out with a "deal you can't refuse" that combines cheaper metered bandwidth with a catch.
You have a "max pipe size" you pay for. You also have a $/unit of measure charge. Flat, tiered or what-not you are going to be using metered bandwidth.
This is fine for device connectivity (believe it - they WANT you to use bandwidth), but here's the real knot in the panties for this model: On the web - you start paying for all the freakshow ads, intros, spam and other fluff spinning around there. Don't like it?
Start migrating towards smarter and more extensible programs to purge nonsense. And thus we have arrived at the mouse vs. trap circle we are in now, but YOU have a wallet that is concerned.
The sick part is that these providers WANT to shove fluff through the pipe to you in a metered bandwidth model. Hell, you're paying for it. It becomes just another level of service comparison. "How much shite will you email me...in MB?"
Think about this combined with the Gatesian World of
And WHAMMO we have arrived. Portal, bandwidth deal, and protocol support all bundled. Amazon, Yahoo, MSN, ATT, Dell, IBM, Your Mom's Poker Club all selling services. We have this today, but its not TIME that they rob from you ("hey 1/3 of my time is downloading NetZero ads") - its true $ ("hey 1/3 of my GB meter is crap Earthlink email").
mug
+/-
I've had just about enough from you, Mr Man.
It's called "statistical multiplexing" (statmuxing). It's the concept that not everyone will be simultaneously fully loading their pipe at 100% of available bandwidth. Depending on the user mix statmuxing ratios of 30:1 (30K subscribed bandwidth to 1K continuous stream averaged over a minute or two) to 150:1 can be acheived.
e t"
The broadband ISPs built their business models around the 30-50:1 statmuxing model. Unfortunately the ways they have often chosen to implement their networks just don't make that a reality. This flawed implementation rather than any nefarious doings by users is much more to blame for their bandwidth consumption.
A few examples:
1. DNS - Does you provider operate a sensible DNS structure? IE - seperate internal DNS servers (for customer resolvers) and external (for queries from outside the network) DNS servers? Are all the DNS servers for a city network pointed at 2-3 in-city "core" DNS servers to build up a large local cache? Are they using insanely long host names for each IP in their network?
"dslblah-blah-blah-blah.f01.blah.someprovider.n
2. Cache - Does your provider run some honking huge cache servers? Yes, they will require tuning to make sure they don't break some things. I recall running some numbers that showed (with all the specific variables plugged in) that a cache farm produced 100% ROI in 30 days of operation.
3. News Servers - yeah, here's a great idea! Let's have each of our 10K users read the same ~500 newsgroups and each one can pull them all down individually! Yeah, that's a great idea. Seriously, supernews/giganews/etc just doesn't make much sense for a citywide broadband network of any real size.
The general idea is to only take content across your external infrastructure bandwidth once. If you can keep it on the local links you save big bucks.
A city-wide cable modem network isn't governed by the same statistical metrics as a big modem pool. It's governed by the statistical metrics as large LANs.
How many of the broadband ISPs take a 24 hour sampling period each month and record SoureIP.Port/DestIP.Port on their external infrastructure bandwidth and do some data mining magic to see where it is being consumed?
I've worked the telco (CLEC and LD) side and the Internet side. We did traffic studies on the telco side at least once a month to see where calls were going. Based on that we knew where to augment trunk groups based on growth patterns, identified ILEC end-offices that needed dedicated trunk groups, and generally had a very good idea of how our calls were flowing. I just never saw it happen effectively on the ISP side. I did it a couple times, but it seems to fall on deaf ears at a corporate level.
It's time for broadband ISPs to wake up and realize that most all this math has been done already. Read up on telco traffic engineering, mix well with data from your network monitoring, and we might all just get a network that works well and can be profitable!!!!