TPW 35: Network Management Redux

by on February 7, 2008 · 38 comments


After a long hiatus, we’re back with our first show of the year, but this latest episode touches on issues we have debated on previous shows. Namely, does America need a national broadband policy, and should so-called net neutrality principles be part of such a plan? Related to that, we once again discuss what sort of business models broadband providers should be able to use when trying to balance consumer demands and efficient network management policies, since that issue has been at the heart of ongoing debates about Net neutrality policy. This is currently the subject of great debate at the Federal Communications Commission, where comments are due next week on the issue.

Two networking / IT experts join us for the podcast this week to discuss the ramifications of potential government regulation of broadband network engineering issues. The experts are Matt Sherman, a San Francisco Bay Area web developer and a technology policy blogger who blogs at RichVsReach.com, and George Ou who is the Technical Director of ZDNet, and is a former IT consultant specializing in Internet engineering and IT infrastructure and architecture issues. Also on the show are Adam Thierer of the Progress and Freedom Foundation, Jerry Brito of the Mercatus Center at George Mason University, and Tim Lee of the Cato Institute.

There are several ways to listen to the TLF Podcast. You can press play on the player below to listen right now, or download the MP3 file. You can also subscribe to the podcast by clicking on the button for your preferred service. And do us a favor, Digg this podcast!

Get the Flash Player to see this player.

Subscribe to Tech Policy Weekly from TLF on Odeo.com Subscribe to Tech Policy Weekly from TLF in iTunes Subscribe in Bloglines

  • Jake

    One of the commentators claims that Comcast is only sending packet resets to ‘pure’ seeds (peers that are not downloading the file, only uploading). I find that hard to believe: for one, it would seem to be burdensome to detect, incongruous with the claimed ‘simple’ network management techniques. Is there any evidence that this is true as opposed to reset for uploading peers whether they be ‘pure’ seeds or not?

  • Jake

    One of the commentators claims that Comcast is only sending packet resets to ‘pure’ seeds (peers that are not downloading the file, only uploading). I find that hard to believe: for one, it would seem to be burdensome to detect, incongruous with the claimed ‘simple’ network management techniques. Is there any evidence that this is true as opposed to reset for uploading peers whether they be ‘pure’ seeds or not?

  • http://bennett.com/blog Richard Bennett

    It’s true, Comcast only resets pure seeds.

  • http://bennett.com/blog Richard Bennett

    It’s true, Comcast only resets pure seeds.

  • Jake

    So a seeder could always bypass the throttling by downloading another file at the same time? Something doesn’t fit…

  • Jake

    So a seeder could always bypass the throttling by downloading another file at the same time? Something doesn’t fit…

  • Jake

    Or is Comcast really going to the level of sophistication of inspecting the info_hash of the Bittorrent handshakes (in which case header encryption would be effective in bypassing the throttling).

  • Jake

    Or is Comcast really going to the level of sophistication of inspecting the info_hash of the Bittorrent handshakes (in which case header encryption would be effective in bypassing the throttling).

  • Jake

    On further reflection I suppose it is possible to look for the ‘completed’ message sent to the tracker but this would be ineffective against trackerless torrents and in any case would seem to require maintaining a lot of state.

  • Jake

    On further reflection I suppose it is possible to look for the ‘completed’ message sent to the tracker but this would be ineffective against trackerless torrents and in any case would seem to require maintaining a lot of state.

  • http://bennett.com/blog Richard Bennett

    Seeders can be discovered in a couple of simple ways:

    1) By looking at the number of TCP SYN* packets coming into the network for a given IP address relative to the number of SYN packets going out. A file server/seeder’s traffic mix will have SYNs coming in but not going out.

    2) By simply measuring the amount of outbound data from an IP address relative to the amount of inbound data. Seeders/servers will send a lot of data out, and only receive ACK packets coming back.

    (In TCP lingo, SYNs are connection requests. They flow from the connection requestor to the connection supplier.)

  • http://bennett.com/blog Richard Bennett

    Seeders can be discovered in a couple of simple ways:

    1) By looking at the number of TCP SYN* packets coming into the network for a given IP address relative to the number of SYN packets going out. A file server/seeder’s traffic mix will have SYNs coming in but not going out.

    2) By simply measuring the amount of outbound data from an IP address relative to the amount of inbound data. Seeders/servers will send a lot of data out, and only receive ACK packets coming back.

    (In TCP lingo, SYNs are connection requests. They flow from the connection requestor to the connection supplier.)

  • Jake

    If what you suggest is indeed what Comcast is doing my point remains: To bypass throttling just download other files at the same time as seeding whatever you want to seed. I would imagine that most people would be peers on some files and seeds on other files making this entirely ineffective. I’m a little skeptical that this is what is being done.

  • Jake

    If what you suggest is indeed what Comcast is doing my point remains: To bypass throttling just download other files at the same time as seeding whatever you want to seed. I would imagine that most people would be peers on some files and seeds on other files making this entirely ineffective. I’m a little skeptical that this is what is being done.

  • http://bennett.com/blog Richard Bennett

    In my experience, Comcast doesn’t apply any throttling to BitTorrent in peering mode, and that’s echoed by all the various critics (EFF, AP, NN Squad) who’ve collected data on the situation.

  • http://bennett.com/blog Richard Bennett

    In my experience, Comcast doesn’t apply any throttling to BitTorrent in peering mode, and that’s echoed by all the various critics (EFF, AP, NN Squad) who’ve collected data on the situation.

  • KC

    I think it’s great that you’re podcasting. I hope these constructive criticisms are taken as just that. Overall the podcast left me with more questions than I had going in. I guess that’s not all bad.

    But some of it is bad, like fairness.

    Where were the net neutrality advocates? All I heard was net neutrality opponents telling me what the advocates are saying. Seems like basic fairness is being violated. Did the advocates refuse to participate or were none invited? No one mentioned it.

    Also, no one used the F word in reference to the RST packests Comcast is sending out to shut down certain BT connections. No, not _that_ word. I mean “forged.” I would like to know what the rationale behind Comcast’s approach is and particularly if IP address forging is in a relevant RFC.

    In my opinion, government “intrusion” isn’t necessarily a bad thing. The problem is when government picks a winner who is not the public. I admit that happens a lot.

    Take the DMCA negotiations, for example. You had Hollywood, the tech companies, manufacturers, ISPs, around the table negotiating things like safe harbor and etc. I feel the pubic is left out of these discussions that greatly affect the public. The government should be the public’s proxy, and when it succeeds at that I’m all for government intrusion.

    Considering that the government has the power to take my personal liberty and even my life, the things that it has the power to do to a corporation kinda pale in comparison. So I tend to not shed any tears for the unliving legal entities. But this is kind of OT.

    George Oh came out and said Comcast’s network sucks. Someone else (or maybe George) sobbed that poor Comcast might have to spend money upgrading its network unless it could forge RST packets. I think that Comcast owes (in a legal sense) it to its customers to provide a network that delivers what the company promises. I would like to know what Comcast’s obligations are. Listening to the guests I got the impression Comcast has no obligations.

  • KC

    I think it’s great that you’re podcasting. I hope these constructive criticisms are taken as just that. Overall the podcast left me with more questions than I had going in. I guess that’s not all bad.

    But some of it is bad, like fairness.

    Where were the net neutrality advocates? All I heard was net neutrality opponents telling me what the advocates are saying. Seems like basic fairness is being violated. Did the advocates refuse to participate or were none invited? No one mentioned it.

    Also, no one used the F word in reference to the RST packests Comcast is sending out to shut down certain BT connections. No, not _that_ word. I mean “forged.” I would like to know what the rationale behind Comcast’s approach is and particularly if IP address forging is in a relevant RFC.

    In my opinion, government “intrusion” isn’t necessarily a bad thing. The problem is when government picks a winner who is not the public. I admit that happens a lot.

    Take the DMCA negotiations, for example. You had Hollywood, the tech companies, manufacturers, ISPs, around the table negotiating things like safe harbor and etc. I feel the pubic is left out of these discussions that greatly affect the public. The government should be the public’s proxy, and when it succeeds at that I’m all for government intrusion.

    Considering that the government has the power to take my personal liberty and even my life, the things that it has the power to do to a corporation kinda pale in comparison. So I tend to not shed any tears for the unliving legal entities. But this is kind of OT.

    George Oh came out and said Comcast’s network sucks. Someone else (or maybe George) sobbed that poor Comcast might have to spend money upgrading its network unless it could forge RST packets. I think that Comcast owes (in a legal sense) it to its customers to provide a network that delivers what the company promises. I would like to know what Comcast’s obligations are. Listening to the guests I got the impression Comcast has no obligations.

  • KC

    To Richard Bennett:

    You said: “It’s true, Comcast only resets pure seeds.”

    How do you know, with certainty, what Comcast does? I believe when this whole thing started it denied doing anything at all. Does that not counsel against taking the company at its word now?

  • KC

    To Richard Bennett:

    You said: “It’s true, Comcast only resets pure seeds.”

    How do you know, with certainty, what Comcast does? I believe when this whole thing started it denied doing anything at all. Does that not counsel against taking the company at its word now?

  • http://bennett.com/blog Richard Bennett

    KC, I’m not taking the company at its word, I’ve done my own experiments on the Comcast network and have actually, you know, read what the critics have said. The EFF agrees with me that Comcast doesn’t reset peering sessions, what more do you want?

    Regarding George’s comment on the costs of Comcast’s upgrades, you apparently didn’t follow the entire sentence. Comcast is spending money to upgrade its entire network to DOCSIS 3.0 at four times the present speed for downloads and ten times the present speed for uploads. Until that upgrade is rolled out, they need to patch up the existing network with bubble gum and baling wire.

    So the point is this: would you rather they spend lots of money patching up the DOCSIS 1.0 network or go straight to DOCSIS 3.0 as quickly as possible?

    And BTW, that “forgery” talk is foolishness.

  • http://bennett.com/blog Richard Bennett

    KC, I’m not taking the company at its word, I’ve done my own experiments on the Comcast network and have actually, you know, read what the critics have said. The EFF agrees with me that Comcast doesn’t reset peering sessions, what more do you want?

    Regarding George’s comment on the costs of Comcast’s upgrades, you apparently didn’t follow the entire sentence. Comcast is spending money to upgrade its entire network to DOCSIS 3.0 at four times the present speed for downloads and ten times the present speed for uploads. Until that upgrade is rolled out, they need to patch up the existing network with bubble gum and baling wire.

    So the point is this: would you rather they spend lots of money patching up the DOCSIS 1.0 network or go straight to DOCSIS 3.0 as quickly as possible?

    And BTW, that “forgery” talk is foolishness.

  • KC

    One of the commenters said he is not opposed to net neutrality as an outcome of market decisions but is opposed to it being imposed by the government.

    Where I live the cable company is the only broadband provider. I’m kind of out in the sticks so there’s no telephone CO nearby.

    What if this ISP does some network management I disagree with on privacy grounds or whatever. I would like to know from that commentator how I am supposed to express my dissatisfaction with this ISP through a market decision. To do without??

    No. You cannot with a straight face say let the broadband market choose the outcomes. I have more choices among desktop operating systems, and one of those vendors is adjudicated a monopolist. In fact, my broadband provider is in a class with my electric and water providers when it comes to choice in their respective “markets.”

  • KC

    One of the commenters said he is not opposed to net neutrality as an outcome of market decisions but is opposed to it being imposed by the government.

    Where I live the cable company is the only broadband provider. I’m kind of out in the sticks so there’s no telephone CO nearby.

    What if this ISP does some network management I disagree with on privacy grounds or whatever. I would like to know from that commentator how I am supposed to express my dissatisfaction with this ISP through a market decision. To do without??

    No. You cannot with a straight face say let the broadband market choose the outcomes. I have more choices among desktop operating systems, and one of those vendors is adjudicated a monopolist. In fact, my broadband provider is in a class with my electric and water providers when it comes to choice in their respective “markets.”

  • KC

    Richard Bennet, you said:
    “So the point is this: would you rather they spend lots of money patching up the DOCSIS 1.0 network or go straight to DOCSIS 3.0 as quickly as possible?”

    I actually would prefer it not have oversubscribed to begin with. But under the circumstances I suppose moving quickly to DOCSIS 3.0 quickly is the better move. Point taken, but with reservations.

    You also said:
    “And BTW, that ‘forgery’ talk is foolishness.”

    The EFF claims forgery. So if the EFF speaks foolishness then why are you using what the EFF says to support your claim that Comcast only resets pure seeds? There is a disconnect here.

    But irregardless, one thing I would like to know is how does Comcast accomplish the RST thing without assuming the identity of one of the hosts? Perhaps your point is Comcast does exactly that but it’s foolish to describe it as forgery?

    Please advise.

  • KC

    Richard Bennet, you said:

    “So the point is this: would you rather they spend lots of money patching up the DOCSIS 1.0 network or go straight to DOCSIS 3.0 as quickly as possible?”

    I actually would prefer it not have oversubscribed to begin with. But under the circumstances I suppose moving quickly to DOCSIS 3.0 quickly is the better move. Point taken, but with reservations.

    You also said:

    “And BTW, that ‘forgery’ talk is foolishness.”

    The EFF claims forgery. So if the EFF speaks foolishness then why are you using what the EFF says to support your claim that Comcast only resets pure seeds? There is a disconnect here.

    But irregardless, one thing I would like to know is how does Comcast accomplish the RST thing without assuming the identity of one of the hosts? Perhaps your point is Comcast does exactly that but it’s foolish to describe it as forgery?

    Please advise.

  • http://www.techliberation.com/ Tim Lee

    KC, we would have loved to have a NN advocate on, but the one we asked this week was unable to make it due to a scheduling conflict. By the time we heard back from him, there wasn’t enough time to recruit someone else.

    I certainly agree with you that it’s boring to have only one side of the debate represented. We’ve had Tim Wu on in the past, and I imagine we’ll have other NN advocates on in the future. Thanks for listening!

  • http://www.techliberation.com/ Tim Lee

    KC, we would have loved to have a NN advocate on, but the one we asked this week was unable to make it due to a scheduling conflict. By the time we heard back from him, there wasn’t enough time to recruit someone else.

    I certainly agree with you that it’s boring to have only one side of the debate represented. We’ve had Tim Wu on in the past, and I imagine we’ll have other NN advocates on in the future. Thanks for listening!

  • http://bennett.com/blog Richard Bennett

    The Reset packet contains only the information needed to stop the flow of data, KC, nothing more and nothing less. It’s not an attempt to charge a trip to Maui on my American Express card.

  • http://bennett.com/blog Richard Bennett

    The Reset packet contains only the information needed to stop the flow of data, KC, nothing more and nothing less. It’s not an attempt to charge a trip to Maui on my American Express card.

  • KC

    So far as I know the IP addresses of the Comcast customer’s host and the host he’s communicating with would be needed in the RST packet to stop the flow. Of course you can correct me if that’s not the case.

    I can see Comcast’s point and I don’t want to give the impression that it would be equivalent if *I* did the same thing on comcast’s network, but if I did inject reset packets into someone’s communication, I believe “forging packet headers” would be the phrase Comcast would utter as it yanked my service.

  • KC

    So far as I know the IP addresses of the Comcast customer’s host and the host he’s communicating with would be needed in the RST packet to stop the flow. Of course you can correct me if that’s not the case.

    I can see Comcast’s point and I don’t want to give the impression that it would be equivalent if *I* did the same thing on comcast’s network, but if I did inject reset packets into someone’s communication, I believe “forging packet headers” would be the phrase Comcast would utter as it yanked my service.

  • http://felter.org/wesley/ Wes Felter

    I think the term “spoofing” is more commonly used in the network engineering community, possibly because it is not as charged as “forgery”. So the people complaining about forgery either aren’t very familiar with IP networking or are trying to use terminology to sway the argument in their favor.

  • http://felter.org/wesley/ Wes Felter

    I think the term “spoofing” is more commonly used in the network engineering community, possibly because it is not as charged as “forgery”. So the people complaining about forgery either aren’t very familiar with IP networking or are trying to use terminology to sway the argument in their favor.

  • KC

    Thank you, Wes Felter, for the information.

    I see that my own ISP (Time Warner) prefers the charged term in its AUP:

    • In using the ISP Service, you may not use an IP address or client ID not assigned to you, forge any TCP/IP packet header or any part of the header information in an e-mail or newsgroup posting or probe, scan or test the vulnerability of any system or network by the use of sniffers, SNMP tools or any other method.

    So we non-engineers should be given the benefit of the doubt.

    While I believe you about what the engineers would prefer to call it (I seem to remember some then-contemporary articles describing Kevin Mitnick’s tricks as “spoofing”) you must agree that NN is a political issue. The engineers will just have to learn to live with it.

  • KC

    Thank you, Wes Felter, for the information.

    I see that my own ISP (Time Warner) prefers the charged term in its AUP:
    <ul>
    <li>In using the ISP Service, you may not use an IP address or client ID not assigned to you, forge any TCP/IP packet header or any part of the header information in an e-mail or newsgroup posting or probe, scan or test the vulnerability of any system or network by the use of sniffers, SNMP tools or any other method.</li></ul>
    So we non-engineers should be given the benefit of the doubt.

    While I believe you about what the engineers would prefer to call it (I seem to remember some then-contemporary articles describing Kevin Mitnick’s tricks as “spoofing”) you must agree that NN is a political issue. The engineers will just have to learn to live with it.

  • http://www.ipdistance.com IP

    Some ISPs have strict policy on this spoofing or altering any TCP/IP packet header.

  • http://www.ipdistance.com IP

    Some ISPs have strict policy on this spoofing or altering any TCP/IP packet header.

Previous post:

Next post: