Slashdot Mirror
Cable Packet Shaping Causing Slowdowns
knorthern knight writes "To counter P2P programs that encrypt their traffic to evade detection, Rogers Cable in Canada has apparently started degrading all encrypted IP traffic, according to a post on Michael Geist's blog. How many of you log in to work over a VPN or ssh-tunnel? How many get usenet news or email over an encrypted connection? This could be a problem for Rogers Cable customers. Geist, who teaches at U of Ottawa, has 'been advised that the University computer help desk has received a steady stream of complaints from Rogers customers about off-campus email service.'"
Cable companies do NOT want you to actually use your Internet connection for anything more than connecting to their webmail, POP, or SMTP servers and surfing CNN, Google, and their billing site.
:(
We have known for years that they have been overselling bandwidth and then cutting you off when you use more than their "unlimited service" will permit without telling you any concrete numbers of what that is.
I would guess that very few people use SSH, VPNs, or other encrypted connections that require the speeds to which we have become accustomed. They don't want that 10% of users on their residential network anyway and they will be happy to have you move to their commercial service packages if you so desire.
I complain that I have to use DSL and pay for land line service that I rarely use but at least my ISP (visi.com) doesn't give a shit what I do (they allow you to run servers, use all your bandwidth, and offer static and reverse).
I feel sorry for those that don't have more of a choice
I often use ssh/x to connect to work with p2p downloading at the same time. The ssh/x response is horrible. I'd like to be able to shape the traffic so my ssh/x connection gets absolute priority with p2p using whatever is left. I wonder how other people are doing this.
These days, after all the time to perfect technology and awareness of identity theft and industrial espionage, non-encryped traffic should be banned from Internet at backbone routers. Every ISP can issue you an SSL certificate that indicates the level of verification (possibly none) they performed on your identity. Even with multicast, data can be encrypted with server's private key for which the public key is available to intended recipients, or public. The only exception would be very low powered dumb devices, but those shouldn't be connected to public Internet anyway.
Shaw cable on the western side of Canada also mangles packets. Check with Vonage to find out how Shaw is trying to cripple their business by dropping calls, packets, or just dropping the network connection for people using Vonage VoIP.
Support NYCountryLawyer RIAA vs People
This is somewhat "broken". If you can't use https or ssh with an internet connection, then that particular internet provider is little more than a glorified TV. If anything, ssh and https should be the highest priority.
There are reasons why p2p systems have started encrypting their traffic. Due to popular discontent with bandwidth throttling, they are trying to classify their traffic with a group of services that cannot be removed without breaking the functionality of the internet for that service provider. So their ideal solution to that is to break the functionality of their internet connection?
Okay, I can see (from their perspective) how you wouldn't want someone who is paying the same as your other customers using 500x the bandwidth that they use. After all, you're paying for the bandwidth.
So why not simply SEGMENT your network and put those heavy users on their own block? If you're that worried about P2P crap, they're probably sharing amongst themselves anyway. This would make it easier for you.
So why not offer GRADUATED pricing levels? 2 GB/month for $x. 5 GB/month for $2x. 10 GB/month for $10x. You could even break it down to traffic that stays on your own network and traffic that reaches the Internet.
The whole thing about the opposition to "Net Neutrality" is about extracting the MAXIMUM profit from the existing infrastructure with the minimum of technological advancement. Fuck that. We have the technology right now to make this a non-issue in almost every case. They just don't want to use it because there is a chance they can make more money by crippling the system.
I am a telecommuter and I have certainly noticed the bandwidth decrease for encrypted traffic; at any given time, for my job, I absolutely have to have roughly 15 citrix-application windows open at any given time, and the only way to access the metaframe server is via a VPN connection (as per corporate security policy). I have noticed major, major slowdowns; it's unfortunate that I cannot do my work properly as a telecommuter due to this new procedure of Rogers. Don't get me wrong, everything still works properly, the only thing is that with this slow down of my Citrix sessions (due to the traffic being encrypted), I have learned to live with a "Click now, work later" style application behaviour; it reminds me of using a 486 PC.
Rogers does not offer an "unlimited" plan (max 100gb upload/download transfer @ 5 megabit down) except for "buisness/enterprise" users.
As for all the other stuff, there are lots of smaller DSL ISPs here, just they don't have advertising budgets as Rogers is a mega corporation here. They own radio stations, cable tv networks, cable tv distribution, voip, internet and cell phones. They can get away with it.
Use "brownouts" to shape traffic for "fair load" during peak times.
During non-peak times, when you can carry every bit at maximum speed, do it.
During peak times when you can't, then, for the next few minutes or hours, cap everyone at X bits per second, Y bits per minute, Z bits per 5 minutes, and so on so the leeches-of-the-moment get throttled down and people putting less immediate demand on the system don't notice any change. X should be as close to the normal maximum as possible. Y should be less than 60X or Z should be less than 300X, or both. This way, people just doing normal web browsing won't be impacted but I'll be slowed down if I dare to download all of kernel.org during a busy period.
If you combine charging extra for minimum guaranteed per-second bandwidth and charging extra for high-volume-per-month users with peak-demand throttling, then you can raise revenue and/or discourage people from demanding all-you-can-eat lobster buffet service at cup-o-noodles price.
Do NOT discriminate based on the content of the traffic, especially if you do not know what kind of content that is, i.e. because it is encrypted. That encrypted connection is probably me working from home thank you very much.
Knowledge is how to play a game, intelligence is how to win, wisdom is knowing what game to play.
When people complain about anything related to ISP surveillance, I always wonder how bothered they really are about security. If you're truly interested, you'll use an encrypted network, preferably an onion routing network, because you never know who is watching. My branch of civil rights activism is highly controversial and generally misinterpreted, so I always make sure that I route my traffic in an encrypted form through my ISP's routers
Sadly, some people really don't understand that the internet is NOT anonymous and that you must use other measures to achieve a reasonable degree of security.
"To the future or to the past, to a time when thought is free" ~ Nineteen Eighty-Four
I'm no fan of cable companies, but someone has to speak up about the problems associated with P2P. I'm aware of some educational institutions that saw their newly upgraded networks come to a complete grinding halt - simply because of P2P sharing. They had no choice but to shape their traffic so that other business could get done. They didn't ban it or shut it off. They simply said X amount of our bandwidth can be used for it during business hours and Y amount at other times. And now look what's happened: P2P clients have deliberately foiled such attempts by encryption. Great. Now those institutions will be crippled once again by dorms full of students sharing their entire music collection to the world, many not even aware that they are doing it.
I don't want to kill P2P. I am no fan of cable companies or the RIAA or the MPAA. But don't blame network admins when they have to fight back on this stuff!
You like your Macintosh better than me, don't you Dave? Dave? Can you hear me Dave?
And the Blue Jays - the only product of theirs I like.
What was once true, is no longer so
And if they slow it all down, sue them for not providing the level of service they promised when you signed up. The whole unlimited, high-speed broadband thing is such a fraud anyway, it deserves to land in court -- preferably sooner, rather than later.
"It's the height of ridiculousness to say for those 9 lines you get hundreds of millions."
Michael Geist
This site is temporarily unavailable. Please notify the System Administrator
And just how are you supposed to to that?
"It's the height of ridiculousness to say for those 9 lines you get hundreds of millions."
If anything, ssh and https should be the highest priority.
No, streaming UDP based protocols have to be the highest priority, otherwise VoIP and similar applications won't work.
Ultimately the only logical way to handle this sort of thing is going to be through service tiers or other non-Net neutral mechanisms.
Easy. Setup a Linux-based router and use HTB/iptables to prioritize your upstream. Thats what I do and it works beautifully. I can saturate my upload w/non-interactive programs (P2P, FTP, etc), and my ssh connecitons work fine. http://www.faqs.org/docs/Linux-HOWTO/ADSL-Bandwidt h-Management-HOWTO.html has a really good howto on setting up an example QoS system. It can be easily modified to suit your needs.
Telecommuting is too popular for this tactic to work in the US. There are some very powerful companies that have a vested interest in VPNs being reliable and responsive. How many of you think Cisco would let ISPs get away with this? Sure, Cisco sells lots of expensive hardware to ISPs, but they also sell a lot of hardware and software to businesses and consumers so that VPNs can be established.
Also, I know that many employees of my local and state governments use VPNs daily. If their VPN connections get any slower, they will be well-nigh unusable. This is essentially a lower-stakes version of NTP wanting to cripple every congressman's BlackBerry. Our monopolies seem to be forgetting rule #1: don't piss off your regulators!
Various bittorrent clients implemented encryption because of ISPs trying to tell their customers what they could use the bandwidth they had purchased for.
If we had strong network neutrality legislation, it wouldn't have been necessary.
I would guess that very few people use SSH, VPNs, or other encrypted connections that require the speeds to which we have become accustomed.
Actually, some major companies out there have several thousand "work at home" employees that are required to use VPN. Most of these people are in sales type of jobs, but plenty others are required to use VPN to connect to Exchange servers to access email from home.
Considering MS Exchange and dialup don't really mix, these people often have to have broadband to do their jobs efficiently. Seeing how not having VPN with an exchange server is a security risk, I can't really see any alternatives for these work at home types other than to switch to the provider who downgrades them the least.
Keep in mind these people are often working on company laptops who are locked down completely and couldn't install P2P software even if they wanted to.
"I am the king of the Romans, and am superior to rules of grammar!"
-Sigismund, Holy Roman Emperor (1368-1437)
Three words.
Deep Packet Inspection.
May the Maths Be with you!
The whole attempt to slow encrypted traffic is useless, simply taking the encrypted packet and running it through say, http encapsulation, would make it impossible to degrade; that is only if they are not willing to shape http requests.
upgrade their shitty equipment?
Seems like I have read over and over about how North America is like pretty much at the bottom of the ladder of high speed Internet service compared to the rest of the world with the exception of places in Africa.
I think I read places like France and Korea have gigabit service pretty much nation wide.
WHY is the (used to be) world leader of technology and one of the richest nations on Earth (USA) still dragging it's feet and living in the past? I know so many people that are STILL running 54k dialup modems at home but their actual throughput averages around 48k. And they are paying an average of $30 a month for such sorry service! Not to mention, frequent disconnects, busy trunks in the evenings, etc..
How pathetic.
These companies have no interest in providing a quality service, their only interest is milking their customers for as much as possible as long as they can. They'll continue to use antiquated and archaic equipment to provide substandard service until they are FORCED to by either massive equipment failures or court order.
The deceitful cable advertising needs to stop.
These guys need to be sued.
DSL companies should use it in their ads.
Perhaps one could slap HTTP headers on all traffic, call everything either a GET or a PUT request, and tunnel out with only a modest overhead?
No, not at all. The net neutrality debate is about whether ISPs can throttle content based on the content's particular source, not on the content type.
Throttling based on content type is called packet shaping, and it's been done in the US and elsewhere for many years. Nothing about the net neutrality legislation would affect that, and anyone who says otherwise is confused or trying to deliberately mislead.
Throttling based on source, where content of the same type from different sources receives different priorities, is what the net neutrality legislation is about. In other words, any ISP can choose to tone down streaming video traffic so that all their customers can use basic web and email services. No ISP should be able to block video streaming from Google but allow video to stream from Microsoft, just because Microsoft paid them money. (Unless that was clearly advertised to the ISP's customers before they signed up, that is.)
In this case, it sounds like the ISP is throttling all encrypted content, regardless of its source or destination, so the net neutrality concept doesn't apply at all.
It doesn't hurt to be nice.
Telcos have ALWAYS oversold their capacity. So do most other businesses.
If EVERYONE tries to use their phone at the same time, there are problems. Remember trying to make a cell call anywhere in greater New York City on 9/11? Nevermind the destroyed equipment, the demand on each cell tower was just too much.
Even today, on busy days like Mother's Day, it's hard to get a long-distance call between certain cities on certain carriers. It's not as bad as it used to be thankfully.
Other businesses do the same thing. Ever tried to get into a computer store at 5AM the day after Thanksgiving? Some stores have fire-wardens at the door and when the store reaches fire-code capacity they won't let anyone else in until someone leaves. There's a popular restaurant I used to go to that took a different approach: They kicked you out after a certain period of time during peak hours. Think of it as "traffic-shaping" your restaurant experience.
Knowledge is how to play a game, intelligence is how to win, wisdom is knowing what game to play.
No. They want to ADVERTISE an "unlimited" package so that people will leave their graduated plans and come over to the "unlimited" provider.
Whereupon the "unlimited" provider throttles encrypted communications. And whatever else for someone going over the maximum of the "unlimited" plan.
[i]Most people want to have unlimited traffic even if they have no concept of the amount of traffic they need.[/i]
Not really. Most people would rather save a bit of money. So the companies use deceptive advertising.
I'm saying that we need to force them to get rid of the deceptive advertising. There's no TECHNOLOGICAL reason for it.
They can sell "unlimited standard usage" packages that throttle connections after 2GB/month.
They can sell "unlimited gamer" packages that throttle connections after 5GB/month.
They can sell "unlimited pro" packages that throttle connections after 10GB/month.
The reason that they don't is that they can save MONEY by being STUPID and selling a single "unlimited" package and fucking with the connections so that things such as encrypted sessions are dead slow. It's about them being lazy. That is it.
So why not offer GRADUATED pricing levels? 2 GB/month for $x. 5 GB/month for $2x. 10 GB/month for $10x.
Why not just pay directly for the bits themselves?
$1 per GB per month [say].
So that if you used 17.79 GB for that month, then your bill would be precisely $17.79.
It's pretty much the way the long distance companies have being doing it since time immemorial.
And if upstream bits are more precious than downstream bits, then bill accordingly: Say, $2 per upstream GB per month, and $0.50 per downstream GB per month [or whatever].
It's not at all clear to me why the free market [in the form of PRICING] can't take care of this stuff naturally.
How does what you describe not fit under the umbrella of "very few people"?
Perhaps if I meant "very few people with influence" it would have made more sense. If a company (who chances are you buy a daily product of every day) notices that its employees can't do its job because of another company... Well they might say something either to the other company or to another press related group.
Of course I think I forgot to mention the company I'm referring (vaguely) to is in the States and their sales reps are regional so they would all have different ISPs.
"I am the king of the Romans, and am superior to rules of grammar!"
-Sigismund, Holy Roman Emperor (1368-1437)
What's weird is I predicted this EXACT thing about 6 months ago, here on Slashdot:
5 02121
http://slashdot.org/comments.pl?sid=187990&cid=15
Guess I was right this time. What will be neat a couple of years down the road now is the slow conversion of all traffic to encrypted streams, and I guess we'll see how the ISPs react to this. Maybe *gasp* actually not lie and sell guaranteed bandwidth?
Obviously we can not charge people 10x southern rates for our service, so we have to manage our capacity very carefully, and that includes traffic shaping that deprioritises traffic that can not be identified as a common protocol.
I am able to confirm that their traffic is mistakenly being considered rogue
OK, it's your network and if you have no competition, I guess you can do whatever the heck you want. However a few questions spring to mind:
1) Why can't you charge more? I would assume that everyone up north is in the same boat as you. It would be silly to assume that the same rates apply in the bush or in downtown Toronto.
2) Are you advertising a bandwidth you are not able to provide? See when I plug something into the power socket, I expect more or less 110 volts and 60 Hz in North America. If I plug in and get 50V at 50Hz and my electronics get fried, the power company is going to have to replace my stuff. Sure, you don't have to provide 3Mb/s to everyone if you're not set up to do it, but you shouldn't really advertise what you can't provide. What people DO with their connection is NONE of your business. Or do you want to be responsible for everything transmitted on your net? You're either a common carrier, or you're not. By the way, do you CLEARLY advertise (just as clearly as your offers of bandwidth) that you throttle or "shape" traffic, or is that buried somewhere on page 4 of the Terms Of Service?
3) Like I just mentioned: who gets to determine what "rogue traffic" is? You? Sure, you own the network - so you've appointed yourself as censor. Is a list of your likes and dislikes clearly provided to your subscribers? Which games are allowed more bandwidth? What if there's a game you don't like at all, because it makes fun of people in northern Canada? Is this game also qualified for more bandwidth?
4) Have you actually tried offering higher throughput for more money to the people who actually use the bandwidth you claim to provide them with? Who knows, maybe they'd be willing to pay.
I think I would certainly prefer taking a 2000msec delay on a satellite hookup than subscribe to an arbitrarily censored and regulated network.
Seven puppies were harmed during the making of this post.
This is neutral: All encrypted traffic gets clobbered.
Great. According to HIPAA, all patient related medical information must be encrypted. I like the fact that my ISP is "neutral" and "clobbering" important medical information. Not quite OMGTHINKOFTHECHILDREN, but close. Why should grandma's refresh on the "crosswords galore" website have priority over, say, an encrypted conference between 2 hospitals?
Seven puppies were harmed during the making of this post.
Here is our new pricing plan for home and small-business customers, effective May 1, 2007:
Additional usage is available for $3 per 50GB. Additional blocks must be pre-paid or can be paid for as needed from our customer service web site.
All packages include all the same services you are used to plus free "action alerts" when your prepaid usage is almost up.
When the built-in usage and any additional usage is used up, your connection will be limited to Economy speeds.
We are pleased to announce that as of May 1, 2007, we are eliminating the restrictions on servers. You may now run servers on your systems provided they do not violate any other terms of service, such as hosting illegal content.
We are also changing the way we deal with very high volume users. In the past, we have warned high-volume users to limit their usage and terminate service to those who do not. Now, where possible, we will allow unlimited usage. In neighborhoods where this is not possible, we will impose lower-than-normal speed limit on high-volume customers during peak usage hours.
Sincerely,
Your Cable Internet Provider The numbers I don't care about as long as they are reasonable and continue to drop as technology improves. It's the principle of "pay for what you use" that I like.
Note:
A 30-month has 2592000 seconds in it.
That's 48.6GB maximum at 128Mb/sec,
486GB maximum at 1.5Mb/sec,
1944GB maximum at 6.0Mb/sec, and
7776GB maximum at 24.0Mb/sec.
A maxed-out connection at 24.0Mb/sec will be $466.56, or $468 in $3 increments.
1 hour at 24.0Mb/sec is 10.8GB, or $0.648.
Knowledge is how to play a game, intelligence is how to win, wisdom is knowing what game to play.
wget http://autocast.ca/test.dat
Length: 10,485,760 (10M) [text/plain]
18:52:39 (539.62 KB/s) - `test.dat' saved [10485760/10485760]
wget https://autocast.ca/test.dat
Length: 10,485,760 (10M) [text/plain]
18:53:03 (560.59 KB/s) - `test.dat.1' saved [10485760/10485760]
No slowdown on https downloads at this moment from this location.
scp test.dat odin.canadacast.ca:/root/
test.dat 100% 10MB 97.5KB/s 01:45
scp odin.canadacast.ca:/root/test.dat .
test.dat 100% 10MB 602.4KB/s 00:17
No slowdown on that either.
Upstream rate is 97.5% of this cable modem's capability (800kbps)
This is on a saturday, at 7:10pm local time.
Not quite peak usage time of day but not 3am either.
This does not prove anything of course.
I've only failed to prove that there is traffic shaping, I have not proven that there is no traffic shaping.
Maybe I'll try again at a known peak traffic time.
It does everything my old dedicated router did with less power usage, much smaller form factor, no fan noise and it has a decent web admin interface out of the box. Essentially it's like buying a tiny dedicated Linux router box that actually designed to be a wired/wireless router.
I stayed at a Marriott hotel last week in Long Beach that used stayonline.net as there ISP, and the network was horrid. My colleague figured out after two days that the reason he was banned from the network was for using a non-US encryption standard for his SSH. Total bull. Also, file transers over a few meg seemed to be throttled like mad, making it almost impossible to upload pictures until after I got back home.
bash-2.04$
bash-2.04$yes "Don't you hate dialup connections?"| write USERNAME