-
Website
http://techliberation.com/ -
Original page
http://techliberation.com/2008/05/22/tunneling-your-way-around-isp-traffic-manipulation/ -
Subscribe
All Comments -
Community
-
-
Top Commenters
-
Popular Threads
It also strikes me that it's trivial for an ISP to detect VPN tunneling in progress and de-prioritize it.
And also, your statement about "resetting Bittorrent sessions" is a bit misleading. The BitTorrent session consists of dozens of TCP streams. Some of the streams were reset, but the BitTorrent session itself was not reset. There's no way for an ISP to actually reset a BitTorrent session, since it constantly spawns new TCP streams and keeps running like the Energizer bunny.
I wish people would get this little distinction right.
Finally, the major problem with VPNs is that they prevent the ISP from using DPI in beneficial ways, especially for caching. When the whole world gets HDTV from the Internet, it's going to be necessary to employ caches inside the ISP networks to prevent choking the whole system. VPNs defeat caching, and that is a very, very bad thing for The People.
It is trivial to detect and throttle VPN traffic, but doing so would irritate lots of profitable customers. As I mentioned, corporate users and university students increasingly connect to VPNs from home and are not likely to put up with degraded traffic. I suppose ISPs could impose a surcharge for unthrottled VPN use, but even that would likely be a tough sell.
My terminology on Bittorrent was imprecise and for that I apologise, although I think it is fairly clear that Comcast is resetting any TCP sessions that appear to be seeding Bittorrent, rather than completely blocking or preventing Bittorrent itself. How would you describe what Comcast is doing with Bittorrent in a concise, brief, simple way?
And I agree with you that VPNs are the enemy of ISP-level caching. But what ISPs are caching at the present? Caching has often been discussed as a possible solution to the “exaflood” but it has yet to take off as far as I know. If ISPs want to cache data then they should encourage customers to not use VPNs—inspecting customer web browsing for keywords for use in advertising, however innocent and harmless, is not a good way to convince customers to communicate information out in the open.
Even the harshest critics have only claimed to have seen Comcast resetting *some* of the TCP streams associated with a BitTorrent seeding session, not *any*. In this analysis, *some* has a value of around 50%. I describe this process as as "pruning;" it doesn't kill the bush, but it does stop it from spreading like a weed.
The argument against VPNs comes down to degraded performance. DPI is your friend, embrace it and be happy.
Many ISPs have caching gear in use already, especially the smaller ones like LARIAT. It greatly reduces their bandwidth gear and provides a more satisfactory experience for the customers, most of whom can't be bothered with hiding their identities. The ISP knows who they are anyway.
I checked out Lariat's website and it looks like a pretty neat ISP. I couldn't find any details about caching, though, either on their website or by doing a Google search. Exploring the benefits of ISP caching is of interest to me, so if you know of any sources that discuss actual implementations of caching, I'm all ears.
DPI is often a good thing, but it isn't always used in consumer-friendly ways. I do not think everybody needs to use VPN tunnels. The mission of my post was to give the run down on how to keep your online activities private and circumvent discriminatory traffic interference. It’s hard to see anything more than a small minority of users who happen to be the most paranoid and tech-savvy choosing to use VPN services, so I don't think caching is at risk as long as VPN usage remains fairly low.
Thank you very much for the links, it's good to see that.
Regarding the caching, if it becomes useful, won't the VPN servers themselves begin caching? It seems they would, if it was intelligently done, save them money in the long run?
The cable companies now block encrypted connections by whitelisting, the telco (also an internet company) throttles in the local loop (so 3rd-party DSL ISPs get throttled) based on a whitelist that excludes anything encrypted, and both have implemented a 60GB monthly limit.
For Rogers Cable, you get disconnected when your bandwidth runs out after having warnings injected into your HTTP sessions. For Bell Sympatico, you get charged $1.50/GB. (With the $30 cap on overage charges coming off at the end of either June or July... I forget which.)
Thank goodness I could at least dodge the 60GB limit (and avoid being forced to rent a DSL modem) by switching to a 3rd-party ISP.
My personal experience with Comcast is that dedicated seeding was difficult a few months ago, but not today. But that's just on my one connection. At no time have large numbers of Comcast customers been complaining, however; this is largely a cooked-up issue on the part of the Google sock-puppets.
Brett Glass runs LARIAT, and he'll be glad to talk to you about caching. If you don't have his e-mail, I can get it for you, just drop me a note at richard at bennett dot com.
Jerry Brito is deleting my comments to his posts. I suppose when he can’t respond, he just deletes!
E_F
what a surprise!
Additional testing reveals that the Glasnost test results are inaccurate.
My rudimentary understanding of ISP caching is that it is primarily intended to cut costs on bulk commercial bandwidth from backbone carriers. But it seems the most severe bandwidth crunch is between end users and their local node/DSLAM. How does caching alleviate last-mile congestion?
Stephan, the ISP marketplace in Canada makes US ISPs look competitive by comparison. I’m amazed at what Rogers, Shaw, and Bell have been able to get away with. Throttling all encrypted traffic is an extreme measure and I would be surprised to see the practice adopted by any major U.S. ISP, but anything is possible. Wonder how corporate and educational VPN users feel about their encrypted traffic being degraded.
Richard, of all the ISPs known to interfere with Bittorrent traffic in some way, Comcast’s method seems quite reasonable. I would agree that only a small minority of users actually suffer from slow seeding during peak hours. Compared to how some Canadian ISPs curb peer to peer applications, Comcast’s implementation of Sandvine seems downright docile.
Enigma, if Jerry is deleting your comments, I am sure he has a very good reason. We certainly don’t censor discussions at TLF, barring inflammatory, obscene, or entirely irrelevant remarks. It’s possible our spam filter accidentally removed your comment, or the moderation system never posted your comment for some reason. I will look in to this. Right now, there’s a lengthy comment of yours on the ConnectKentucky post from 5/24 at 12:52am awaiting approval. I think the only person who can approve it is the original author of the post, which in this case is Jerry, so maybe he hasn’t had a chance yet to hit the approve button.
Comcast hasn’t really been very forthcoming on the issue of Bittorrent and Sandvine, especially back when the matter surfaced, and I think perhaps that has been their greatest mistake in this whole episode. Of course, Comcast is not obligated to disclose details of its network management, but when you’re selling a service I think it reasonable for consumers to know what to expect. Since Comcast hasn’t simply said “here’s what we are doing from a technical standpoint” we are instead left with a bunch of third-party reports that offer conflicting information.
Enigma, VPN servers may well employ caching to reduce their bandwidth costs, but that does not address ISP bandwidth issues. Encryption prevents the ISP from knowing when, for example, ten users behind VPNs have requested the same file, so the ISP cannot cache that file and instead must transmit the same actual file ten times.
I understand that much about the implications of encryption; when I said save "them money" I meant the VPN service, not the ISP, I should have been more clear. Where I was going with that: the VPN saves, but not the ISP. Incentive for VPN provider to cache is there, but not for ISP.
Re: my disappearing comments on Jerry Brito's posts: This is the second time any comments at all that I make to one of Jerry Brito's posts get deleted. I am having a hard time thinking that these deletions are accidental. Why would it only happen on Jerry Brito's posts, and not others?
Re: the current incident, I also had a post on 5/23 which showed up, for about half and hour, but then got deleted. I would prefer that the one from 5/23 just get restored.
The earlier incident was the same: posts would appear, (even on other computers) but then disappear.
Here's screenshots, etc. showing my comments appearring, then disappearing from Jerry Brito's April 11, 2008 post:
http://enigmafoundry.wordpress.com/2008/04/12/j...
I have also sent email to Jerry, but have not yet recvd a response.
Help out maybe?