Effects
of ISP Business Practices
on
the
Versatile
Home Network
Tom Schmidt
Schmidt Consulting
tom@tschmidt.com
2 July 2002
Abstract:
VHN was
designed as an autonomous local area network. It did not require an ISP
connection to operate. While VHN is capable of operating independently its main
value derives from integrating it with Internet connectivity. ISP business
practices have a profound impact on how VHN operates and what services it is
capable of delivering.
Table
of Contents
2.10 Customer Friendly Acceptable Use
Policy
15.3 Prohibition of "Business
Class" Services (VPN)
15.4 Prohibition of Home Network
15.6 T&C Change Without Notice
15.7 Geographical Restrictions
15.8 DMCA Safe Harbor Provision
The main
value of the VHN is its connection to the Internet. Even thought the VHN is
able to function as an autonomous isolated network the main reason users will
deploy a VHN is to access the Internet. The ISP is the link between VHN and the
Internet; as such ISP policies have a profound effect on which services can be
implemented on the VHN.
The
Internet has experienced explosive growth because it is a general-purpose bit
delivery mechanism that allows end-to-end communication. The Internet makes few
assumptions about the data it carries. New features can be deployed at the edge
of the network, without requiring coordination or permission of the network
owner. Unfortunately ISPs are trending in the opposite direction, especially
the Cablecos. Service offerings are tailored to current usage patterns and
restrictions put in place making it hard for new service to be developed. It
this situation existed in the early ’90s ISPs would have optimized their
network for Gopher and discouraged used of HTML.
This paper
discusses business and technical attributes of an ideal ISP and enumerates
numerous areas where ISP practices diminish the value of the VHN and are at
odds with Internet openness.
The High
Tech Broadband Coalition, of which CEA is a member, identified some if
these problems. The coalition is lobbying the FCC and Congress to encourage
customer friendly regulation.
Before
discussing restrictive business practice lets examine the ideal ISP service
offering from the perspective of the VHN.
A typical
VHN will consist of a large number of devices, potentially hundreds of IP
nodes. While this may seem ludicrous today one only has to look at the history
of electric light and electric motors so see similar adoption pattern. What was
once an expensive novelty became ubiquitous.
The ISP
reserves a large contiguous address block for each customer. The block needs to
be contiguous so each VHN acts as a single subnet. This allows local traffic to
remain local. If the address range is not contiguous traffic has to flow across
the first-mile connection to the ISP.
Servers
require a stable means of access either by address or name. TCP/IP tends to
blur the notion of server. Many IP devices will implement server functions.
Most users are familiar with Uniform Resource Locators. DNS translates URLs to
IP address. It assumes a persistent IP address that changes infrequently. DNS
changes take time to propagate so if the IP address changes the resource is
temporally unavailable until DNS is updated.
Persistent
addresses are also useful in analyzing traffic and creating access policy
rules. Event logs are reported by IP addresses. If the address is not constant
interpreting the logs becomes difficult.
One of the
benefits of broadband is it is “always-on.” This is critical to maximize VHN
benefit. It is not sufficient to merely reduce the connect time so it is
invisible when an in-home device accesses the Internet. If the connection is
not on 24/7 the VHN is not accessible remotely preventing the use of
application such as Voice over IP telephony, instant messaging and personal web
servers.
Home user
technical expertise varies from technically savvy to novice. Configuring arcane
IP address settings is a daunting task for many customers.
Low-level
settings such as IP address, subnet mask, gateway address and DNS server
address should be performed automatically. Besides easing the end user task
automatic assignment allows the ISP to modify these settings automatically as
the need arises without having the customer manually effect the change.
The ISP is
a transparent bit delivery mechanism. All IETF complaint traffic presented to
the ISP is accepted. Unless specifically requested by the customer traffic is
delivered on a best effort basis with equal preference for all.
First mile
speed constraints will be around for the foreseeable future. A reasonable
pricing model is to vary price based on offered speed. This allows the customer
to make a price performance tradeoff decision. Once this decision is made
service cost is unaffected by usage.
Most
residential Internet access is asymmetric, download speed exceeds upload. This
imbalance is the result of both technical and business considerations. While
there is nothing inherently wrong with asymmetry the difference in download vs
upload speed should not be extremely wide or used to effect defacto usage
restrictions. Customers should be
encouraged to use bandwidth, driving demand, similar to what has be done in the
PC industry with CPU speed.
Almost all
residential broadband suppliers deliver best effort service. This causes
problems with data that requires bounded latency, such as Voice over IP.
Internal to the VHN various mechanisms can but used with either Firewire or
Ethernet to guarantee maximum latency requirement are meet. For the foreseeable
future the first mile connection will continue to be the bottleneck between VHN
and the Internet backbone. Therefore some form of preferential treatment of
latency sensitive data, such as Multi Protocol Labeled Service (MPLS) is needed
as long as the first mile connection is unable to delivery adequate bandwidth.
Some ISP
services require authentication, such as mail and news. These services should
require explicit authentication. This allows the user to authenticate to the
service regardless of how they connect. If the ISP authenticates based on IP
address if the customer uses a different ISP these services are inaccessible.
One of the
benefits of always on broadband is remote access to the VHN. This may include
public resources like FTP or Voice over IP telephony or restricted to
authorized users. Access to the home requires a user friendly URL so users do
not have to enter the IP addresses directly. While many residential owners will
likely register a personal domain name to decouple naming from that of the ISP
the ISP should provide DNS mapping of customer name to IP address. Similar to
how ISP based e-mail is handled today. This allows remote access into the VHN
by URL rather then IP address. Since the ISP is responsible for changing
customer IP addresses they can update DNS with the minimal amount of delay
after a change.
The ISP
should not be in a position to determine how and what type of data will be
carried over its network. The ISP agrees not to prohibit particular services by
blocking TCP/UDP ports or imposing other restrictive policies. This prevents
the ISP from over optimizing the network for today’s traffic usage and erecting
barriers to new applications.
The ISP is
neutral as far as VHN is concerned. Their responsibility ends at the customer
premise equipment needed to interconnect to their network.
The scope
of the customer’s domain may become a controversial issue, especially with the
popularity of wireless networks. Consumer ISP pricing assume typical usage
patterns and high neighborhood take rate. Wireless networks threaten to upset
that assumption by creating neighborhood ad hoc networks shared over wide area
potentially reducing the take rate and increasing traffic.
Most ISPs
allocate customer addresses from a pool of publicly routable addresses. This
means the customer is able to both communicate with remote Internet host and
act as a server if they chouse to do so.
Unfortunately
some service providers use techniques that limit customers to outbound
connections by issuing private IP address or the use of a proxy server.
The IPv4
address shortage encourages ISPs to minimize the use of public IP addresses.
One solution is to issue customers IP addresses from RFC 1918 private address pool
and use Network Address Translation to convert the address where the ISP
connects to the interexchange carrier.
NAT is
transparent to most outbound connections but effectively prevent remote access
to the customer. The issue is no different then when NAT is implemented at edge
of the VHN except the customer does not have to option of specifying mapping
rules for inbound traffic, effectively precluding the use of servers.
Instead of
placing customers on private addresses the ISP can force customers to connect
through a proxy server, as in the case of AOL. The proxy is able to precisely
control how the connection is used preventing use of unauthorized services.
Due to the
address shortage caused by the 32-bit limit of IPv4 addresses, address
management has been raised to a fine art.
What should have been a simple network identifier has become a valuable
and scarce commodity – to be husbanded with great care. The ISP views this
scarcity as an additional revenue source.
This is
the most common situation for residential customers both dialup and broadband.
Each account is issued a single address. Various means have been developed to
allow a single addressed to be shared with multiple devices on a LAN.
A common
way to share a single address is to allocate private address from RFC 1918 and
use Network Address and Port Translation (NAPT) commonly called NAT to
translate between private and public address space. Proxy servers are another way to share a single connection and
are often used with software implementations. The down side of using a proxy is
each application must be aware of the proxy. This limits its usefulness and
causes configuration headaches for the user.
Being
limited to a single address does not preclude use of “server” functions. Most
broadband routers and proxies have the ability to map private services to
public addresses.
For
example if one wanted to run a web server, the gateway device is programmed to
forward all incoming TCP packets for port 80 to the web server. To the remote
user the server appears to be at the public address. A limitation of this
technique is only a single instance of each device can be used. There is no way
to run a second web server since TCP port 80 is already being forwarded to the
first server. It is possible to use a different port to establish the
connection, but this causes problems unless the remote user knows of the
nonstandard port assignment.
As
powerful and widespread as NAT is it is not without drawbacks. Protocols like
FTP require special processing within NAT at the application level due to the
way session ports are allocated. It also breaks some features of IPsec by
changing address and port numbers. For more information on NAT refer to RFC 2993 Architectural
Implication of NAT
If one
desires to operate multiple public servers most ISP charge for additional IP
addresses so they are use sparingly. Having multiple public addresses allows
multiple servers to be assigned unique IP addresses facilitating access from
the outside world.
This is
not without side effects. If the addresses are not in the same subnet inter
device communication, which would normally be local, is transported over the ISP
connection causing congestion and impacting speed. In this scenario NAT is
still used for client services to minimize the cost of public IP addresses.
This has the same ramifications as a single address, with the added
complication of connecting to “public” devices locally.
This is
the optimum situation but will require deployment of IPv6. Each customer is
given a large contiguous address block. This allows each device to have a
public address. As long as they are contiguous and part of the same subnet
local communication stays local eliminating the degradation caused by forcing
the WAN connection to carry traffic that should be local.
In this
situation access policy is implemented by a firewall at the edge of the VHN
rather then as a byproduct of NAT. This allows the user to control both inbound
and outbound access for each device. NAT is often touted as a firewall because
without forwarding rules remote access to the LAN is impossible. However NAT
has no effect on outbound traffic, so a firewall is still desirable even in a
NAT based network.
The most
common method used to allocate a “few” addresses to a customer is with a
bridged connection. In effect the connection between the user and ISP looks
like a LAN. VHN devices are connected to a hub or switch and the broadband
modem connected directly to the hub or switch.
Bridged
connections operate at ISO layer 2. Devices may be assigned addresses either
statically or dynamically. If assigned dynamically the ISP operates the DHCP
server. Because bridging works at layer 2 the ISP is privy to the MAC address
of each bridged device raising potential privacy concerns. Another downside of
bridged networks is access to the DHCP server is lost if the external network
fails preventing local use in the event of an outage.
A better
solution is to use a routed network. This is the norm for commercial customers
but rare for home or small businesses. With a routed network the ISP allocates
a block of IP addresses to the customer. The customer manages them as needed.
The ISP forwards all incoming traffic bearing the customer’s network prefix to
the customer’s router. The router in turn is responsible for deliver within the
VHN. This minimizes the effect of remote network failures; the local network
still works correctly of the ISP fails and it hides VHN specific information
from the ISP.
IP
addresses may be assigned statically or dynamically. Static allocation is
communicated between the ISP and customer though an out of band channel. The
customer is responsible for configuring VHN devices. If the ISP needs to change
this information the customer has to be notified and the changes updated
manually. Dynamic assignment is much easier for the ISP to manage. Automatic
mechanisms are used to issue addresses on an as needed basis, and if necessary
the ISP is able to rebalance address utilization without involving the
customer.
From the
customer perspective a static address is more convenient for running servers. A
static address provides a persistent address facilitating access by remote
hosts.
For most
home user the best of both worlds is a pseudo-static address as implemented by
many Cable ISPs. The allocation mechanism is dynamic but bound to the MAC address
of the user’s device. This means the customers address stays fixed for long
periods of time, while still giving the ISP the ability to change them
automatically on an as needed basis.
The
Point-to-Point-Protocol is used to facilitate sharing the first-mile network by
multiple ISPs. In effect the network is transformed into a virtual
point-to-point connection between the customer and ISP. The ISP authenticates
the customer, using the same RADIUS mechanism used for dialup. While purists
cringe at the use of PPPoE Point-to-Point-over-Ethernet and PPPoA
Point-to-Point-over-Asynchronous Transfer Mode (ATM) it is an effective tool to
share a common physical network.
The down
side of PPP is that it is an encapsulation protocol, each packet requires
8-bytes of overhead. This in and of itself is not a significant performance
issue because maximum Ethernet packet size is 1500 bytes. What does cause
problem, beside poor software implementation, is the reduction in maximum
packet size. Applications are supposed
to verify end-to-end limits on packet size. If this is not performed correctly
and a 1500 byte packet is created when it is passed to the PPP layer the
addition of 8 bytes will either cause the packet to be fragmented, impacting speed
or be rejected preventing communication.
PPP is
commonly used in conjunction with dynamic IP assignment, but it can also be
used with static addresses.
A little
known feature of PPP is that it allows the negotiation of multiple PPP
sessions. Some carriers see this as a way to sell value add services bypassing
the ISP. Separate PPP connections are set up for say video streaming or digital
telephony creating a virtual PPP connection between the customer and service
provider. This has profound effects on VHN because it creates additional access
methods that may or may not be IP based. It is also very much at odds with the
notion of Internet end-to-end connectivity with services implemented at the
network edge.
First mile
access speed will likely be a precious commodity for the foreseeable future.
One of the ways providers address customer preferences is tiered service.
Faster speed costs more Carriers have limited ability for downward price
flexibility since must of the cost of broadband access is independent of speed.
The motivation of tiered price is crude control of bandwidth consumption. This
is especially important for Cable networks since each user shares a fixed
medium with neighbors. The only was to provide acceptable service is to reduce
the number of subscribers on a segment or reduce modem speed.
This is a
reasonable mechanism for providers to segregate customers by willingness to
pay.
Providers
are using asymmetric speed to control how customers use the network. Due to technical
and business consideration both Cable and DSL speed is asymmetric, download is
considerably faster then upload. This is not unreasonable given the bulk of
most residential traffic is weighted toward downloading. However an unfortunate
side effect of this optimization is the growing emphasis on the residential
market as a data sink rather then a network peer both “sourcing” and
“consuming” information. This
optimization bodes poorly for the emergence of cooperative distributed networks
where data is distributed rather then located in centralized servers.
Asymmetric
connection speed should not be used to thwart innovative use of the Internet
and relegate the VHN as an information sink.
The notion
of latency and bandwidth are often confused. High-speed connections can also
experience high latency. A truck full of CD-ROMS is a good example. It takes a
long time for the truck to arrive – high latency - but once it does it delivers
tremendous bandwidth. More realistic is latency introduced by satellites in
geosynchronous orbit. Another problem area is data interleaving error
correction used by DSL this minimizes errors but ads substantial latency.
The most
critical service from a latency standpoint is real time voice telephony. Round
trip latency over 200 ms degrades quality and latency above 500 ms makes
conversation virtually impossible.