Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Cable Packet Shaping Causing Slowdowns

kdawson posted more than 7 years ago | from the not-exactly-neutral dept.

Encryption 356

knorthern knight writes "To counter P2P programs that encrypt their traffic to evade detection, Rogers Cable in Canada has apparently started degrading all encrypted IP traffic, according to a post on Michael Geist's blog. How many of you log in to work over a VPN or ssh-tunnel? How many get usenet news or email over an encrypted connection? This could be a problem for Rogers Cable customers. Geist, who teaches at U of Ottawa, has 'been advised that the University computer help desk has received a steady stream of complaints from Rogers customers about off-campus email service.'"

cancel ×

356 comments

Sorry! There are no comments related to the filter you selected.

Oh no, slahdotters use encription (0, Offtopic)

plankrwf (929870) | more than 7 years ago | (#18649043)

How else would this be (near) first post ;-0

Re:Oh no, slahdotters use encription (0)

Anonymous Coward | more than 7 years ago | (#18649301)

Might be that the (other) slashdotters actually RTFA? Oh no, that couldn't be ;-0

Re:Oh no, slahdotters use encription (0)

Anonymous Coward | more than 7 years ago | (#18649359)

Well, evidently modding first-posts down isn't via encrypted channels; parent is already "score 0, off-topic"

(Perhaps only the humor-part of slashdot is encrypted, so that it isn't understood by moderators with too many modpoints?)

Attn. Linux Users (-1, Flamebait)

s16le (963839) | more than 7 years ago | (#18649045)

Q: Why does 'Open Source' software suck so bad?
A: Because the programmers can't see the screen [ukdirtypanties.com]



lol


Typical Linux User. [ukdirtypanties.com]

FUCK OFF (-1, Troll)

Anonymous Coward | more than 7 years ago | (#18649375)

This is the worst troll I have ever seen. It's not even remotely funny. Come on, post crap about something dying or whatever. Or a GNAA post. Or frosty piss. Or a bad pr0n scene involving slashdot editors. Or ascii goatse.

niggers and jews (-1, Offtopic)

Anonymous Coward | more than 7 years ago | (#18649051)

put them in a cattle car to auschwitz

Re:niggers and jews (-1, Offtopic)

Anonymous Coward | more than 7 years ago | (#18649259)

I am interested in your views and would like to subscribe to your newsletter.

Re:niggers and jews (-1, Offtopic)

Anonymous Coward | more than 7 years ago | (#18649505)

Couldn't spell intriguing?

Maybe the post meant "intrigger" (-1, Troll)

Anonymous Coward | more than 7 years ago | (#18649819)

An "intrigger" is when you hook a nigger or jew onto a large hook on a stiffy tuna rod with 80-pound-test line, and deep-troll that trash by attaching it to 5-poundd cannon-ball connected to a "down rigger" of a fishing boat; tha's to catch the nigger-lovin' sharks down below. A buddy of mine brought a Canon personal file-shredder and 1,000 pages of Civil Rights Act and 10,000 wallet-sized pictures of that Egyptcy jew child-molester Henry Kissenger to use as chum. Only thing is, the chum brings not only the lawyers to the surfact but also the bad smell of nigger oil with them. Hide your wallets and your daughters.

Re:niggers and jews (-1, Offtopic)

Anonymous Coward | more than 7 years ago | (#18649747)

ANSWP Magazine [answp.org]

Who said you were supposed to use your connection? (5, Insightful)

garcia (6573) | more than 7 years ago | (#18649079)

Cable companies do NOT want you to actually use your Internet connection for anything more than connecting to their webmail, POP, or SMTP servers and surfing CNN, Google, and their billing site.

We have known for years that they have been overselling bandwidth and then cutting you off when you use more than their "unlimited service" will permit without telling you any concrete numbers of what that is.

I would guess that very few people use SSH, VPNs, or other encrypted connections that require the speeds to which we have become accustomed. They don't want that 10% of users on their residential network anyway and they will be happy to have you move to their commercial service packages if you so desire.

I complain that I have to use DSL and pay for land line service that I rarely use but at least my ISP (visi.com) doesn't give a shit what I do (they allow you to run servers, use all your bandwidth, and offer static and reverse).

I feel sorry for those that don't have more of a choice :(

Why aren't the companies smarter? (5, Informative)

khasim (1285) | more than 7 years ago | (#18649187)

Okay, I can see (from their perspective) how you wouldn't want someone who is paying the same as your other customers using 500x the bandwidth that they use. After all, you're paying for the bandwidth.

So why not simply SEGMENT your network and put those heavy users on their own block? If you're that worried about P2P crap, they're probably sharing amongst themselves anyway. This would make it easier for you.

So why not offer GRADUATED pricing levels? 2 GB/month for $x. 5 GB/month for $2x. 10 GB/month for $10x. You could even break it down to traffic that stays on your own network and traffic that reaches the Internet.

The whole thing about the opposition to "Net Neutrality" is about extracting the MAXIMUM profit from the existing infrastructure with the minimum of technological advancement. Fuck that. We have the technology right now to make this a non-issue in almost every case. They just don't want to use it because there is a chance they can make more money by crippling the system.

Re:Why aren't the companies smarter? (5, Insightful)

Anonymous Coward | more than 7 years ago | (#18649297)

So why not offer GRADUATED pricing levels? 2 GB/month for $x. 5 GB/month for $2x. 10 GB/month for $10x. You could even break it down to traffic that stays on your own network and traffic that reaches the Internet.

The reason for this is because they want to sell an "unlimited" package to people who will only use 2GB/month. Most people want to have unlimited traffic even if they have no concept of the amount of traffic they need.

Ummm, it is not "unlimited". (5, Informative)

khasim (1285) | more than 7 years ago | (#18649895)

The reason for this is because they want to sell an "unlimited" package to people who will only use 2GB/month.


No. They want to ADVERTISE an "unlimited" package so that people will leave their graduated plans and come over to the "unlimited" provider.

Whereupon the "unlimited" provider throttles encrypted communications. And whatever else for someone going over the maximum of the "unlimited" plan.

[i]Most people want to have unlimited traffic even if they have no concept of the amount of traffic they need.[/i]

Not really. Most people would rather save a bit of money. So the companies use deceptive advertising.

I'm saying that we need to force them to get rid of the deceptive advertising. There's no TECHNOLOGICAL reason for it.

They can sell "unlimited standard usage" packages that throttle connections after 2GB/month.

They can sell "unlimited gamer" packages that throttle connections after 5GB/month.

They can sell "unlimited pro" packages that throttle connections after 10GB/month.

The reason that they don't is that they can save MONEY by being STUPID and selling a single "unlimited" package and fucking with the connections so that things such as encrypted sessions are dead slow. It's about them being lazy. That is it.

Re:Who said you were supposed to use your connecti (2, Informative)

OAB_X (818333) | more than 7 years ago | (#18649219)

Rogers does not offer an "unlimited" plan (max 100gb upload/download transfer @ 5 megabit down) except for "buisness/enterprise" users.

As for all the other stuff, there are lots of smaller DSL ISPs here, just they don't have advertising budgets as Rogers is a mega corporation here. They own radio stations, cable tv networks, cable tv distribution, voip, internet and cell phones. They can get away with it.

Don't forget the ball team! (2, Funny)

Brickwall (985910) | more than 7 years ago | (#18649387)

Rogers is a mega corporation here. They own radio stations, cable tv networks, cable tv distribution, voip, internet and cell phones.

And the Blue Jays - the only product of theirs I like.

Re:Don't forget the ball team! (1)

OAB_X (818333) | more than 7 years ago | (#18649563)

How could I forget!

They also offer pagers as well.

(offtopic: the Jays actually look like that no matter how well they do this year, they will still finish 3rd in their division, whats up with that?)

Re:Who said you were supposed to use your connecti (4, Insightful)

vertinox (846076) | more than 7 years ago | (#18649533)

I would guess that very few people use SSH, VPNs, or other encrypted connections that require the speeds to which we have become accustomed.

Actually, some major companies out there have several thousand "work at home" employees that are required to use VPN. Most of these people are in sales type of jobs, but plenty others are required to use VPN to connect to Exchange servers to access email from home.

Considering MS Exchange and dialup don't really mix, these people often have to have broadband to do their jobs efficiently. Seeing how not having VPN with an exchange server is a security risk, I can't really see any alternatives for these work at home types other than to switch to the provider who downgrades them the least.

Keep in mind these people are often working on company laptops who are locked down completely and couldn't install P2P software even if they wanted to.

Re:Who said you were supposed to use your connecti (0)

Anonymous Coward | more than 7 years ago | (#18649661)

Seeing how not having VPN with an exchange server is a security risk, I can't really see any alternatives for these work at home types other than to switch to the provider who downgrades them the least.

Well, there is Outlook Web Access (Exchange webmail) which easily runs over SSL.

And if you're using outlook 2003 or later with exchange 2003 or later, you can use RPC-over-HTTPS to connect using SSL to connect with strong encryption without a VPN.

Re:Who said you were supposed to use your connecti (1)

ppc_digger (961188) | more than 7 years ago | (#18649877)

And if you're using outlook 2003 or later with exchange 2003 or later, you can use RPC-over-HTTPS to connect using SSL to connect with strong encryption without a VPN.

But you'd be still using SSL, so it's not much of a solution.

Re:Who said you were supposed to use your connecti (1)

maxume (22995) | more than 7 years ago | (#18649807)

How does what you describe not fit under the umbrella of "very few people"?

Not to mention that the people you describe are the ones that are going to say "oh, uh, okay" when they get told that they need to move up to a business plan, because they are in fact using the connection for business.

Throwing the baby out with the bath water (0)

Anonymous Coward | more than 7 years ago | (#18649541)

Seriously, WTF are they thinking?!

Re:Who said you were supposed to use your connecti (2, Interesting)

zymano (581466) | more than 7 years ago | (#18649749)

The deceitful cable advertising needs to stop.

These guys need to be sued.

DSL companies should use it in their ads.

On the other hand, I want shaping that I control (2, Interesting)

microbee (682094) | more than 7 years ago | (#18649083)

I often use ssh/x to connect to work with p2p downloading at the same time. The ssh/x response is horrible. I'd like to be able to shape the traffic so my ssh/x connection gets absolute priority with p2p using whatever is left. I wonder how other people are doing this.

Re:On the other hand, I want shaping that I contro (1)

garcia (6573) | more than 7 years ago | (#18649107)

If you're running Linux, you can try out WonderShaper [lartc.org] . I have been using it since 2003 and it works great on keeping the SSH connection running 100% while other traffic is chugging along.

That's not as efficient as my method, here. (2, Funny)

SlashdotTroll (581611) | more than 7 years ago | (#18649663)

hat method is too steep(knowledge) and expensive(bandwidth-loss) to be a viable solution.

An inexpensive method that everyone can use is the one that I implemented... Use an old 10BaseT Network Adapter, preferably USB 1.0, and at Half Duplex, for those certain bandwidth-hogging programs to discretely direct their packets through and use. The separate 10BaseT adapter needs nothing special and is to co-exist as plugged-in to the same hub that the primary Network Adapter is using. Then with their routes decided other than the same used by Telnet and SSH, attach about 100 feet of CAT3 cable rolled in a giant loop just to make the data slow down for having to travel through all that extra wire with all the "loop" inductance. We're not done yet, make sure you use the opposite of ferrite cores, somthing effective as "Twisty Ties" or better is a common 150-watt Heat Lamp that would cause enough radiation onto the cable to slow down the data; this is so we can make the CAT3 very noisy to cause the Network Adapter to detect the errors at the Physical Layer (not the Link Layer) where it automatically re-sends packets without disturbing the Application with faulty data. The Application will only see a slow connection, and no bad data will return.

On-topic to the actual Article, I encrypt all my data in binary-text. I use this method all the time when surfing slashdot. I have a computer running a daemon at another side of the country that receives the text binary and then converts it to text text; all this looks like is an application sending text'coded binary, kind of like hiding messages in Spam eMail.

Enjoy.

Re:On the other hand, I want shaping that I contro (0)

Anonymous Coward | more than 7 years ago | (#18649367)

Run a transparent bridge or a router using linux. You can easily do what you want using a correctly configured kernel, IPTABLES, and the tc package. (and perhaps bridge-tools if you are doing bridging rather than routing)

I personally run a debian transparent bridge on my DSL line and it works very well. Plus I can be a BOFH and give my own systems prioritized bandwidth over the rest of the family's. :-)

Re:On the other hand, I want shaping that I contro (0)

Anonymous Coward | more than 7 years ago | (#18649379)

Three words:
OpenBsd with PF

I've been using an openbsd box as my router/firewall for the last 4 years since discovering that some cable routers apparently have issues when you're using P2P constantly. I picked up a cheap dell server (one of those dell server deals you see a couple times a year) installed openbsd via the online faq, set up PF, and after a few trials and errors have even successfully set up bandwidth prioritization. Start with openbsd and go from there. Though I'm sure there are comercial routers that do this too, most of them are advertise VOIP optimization, it's the same thing, just add the ssh port you're using upstream (22 most of the time)to the list of VOIP clients. Note if you do use PF to queue up bandwidth, make sure to only divide up your upstream pipe, NOT the downstream.

Have a ball and learn something :)

Re:On the other hand, I want shaping that I contro (0)

Anonymous Coward | more than 7 years ago | (#18649413)

Linux has very powerful traffic shaping capabilities.

Check it out: http://lartc.org/ [lartc.org]

Re:On the other hand, I want shaping that I contro (2, Informative)

pak9rabid (1011935) | more than 7 years ago | (#18649453)

Easy. Setup a Linux-based router and use HTB/iptables to prioritize your upstream. Thats what I do and it works beautifully. I can saturate my upload w/non-interactive programs (P2P, FTP, etc), and my ssh connecitons work fine. http://www.faqs.org/docs/Linux-HOWTO/ADSL-Bandwidt h-Management-HOWTO.html [faqs.org] has a really good howto on setting up an example QoS system. It can be easily modified to suit your needs.

Are you trying to send us to a virus or a XXX? (-1)

Anonymous Coward | more than 7 years ago | (#18649725)

Our interweb browser says the file doesn't exist:

http://www.faqs.org/docs/Linux-HOWTO/ADSL-Bandwidt [faqs.org] h-Management-HOWTO.html

Someone should mod you down. I bet you were hiding a virus with that filename. Good that IE kept us from seeing it.

Re:On the other hand, I want shaping that I contro (1)

Nom du Keyboard (633989) | more than 7 years ago | (#18649479)

I'd like to be able to shape the traffic so my ssh/x connection gets absolute priority with p2p using whatever is left.

If you have a modern, and very cheap, Linksys router there is some very good (free, as in beer) 3rd party software you can use to reflash your router to be far more capable than the standard software it comes with. I think those are some of the abilities it includes.

Re:On the other hand, I want shaping that I contro (1)

Laebshade (643478) | more than 7 years ago | (#18649759)

I'm using Gentoo Linux with iptables and ip route/tc/sfq. Unfortunately, Comcast seems to be doing something with my SSH traffic, or encrypted traffic in general, like the article says Rogers is doing. I know the QoS on my server is working correctly because web traffic goes through fine. I've also noticed periods where my upload (and sometimes download) traffic for bittorrent will drop to near 0. This happens at least a few times a day. Yet, when I go to websites while this is happening, it's blazing fast. I am supposed to have 768kbps up, but I usually keep it at 650kbps because speeds are averaging that on speed tests (speedtest.net, speakeasy.net, etc). The only downside to the QoS is that whenever I call Comcast, I have to turn off the QoS. Fortunately I just run two commands to turn it off (my basic firewall script which has commands to clear all mangle commands, and tc qdisc del dev eth1 root).

Damn am I getting offtopic. I used this tutorial [gentoo-wiki.com] for Gentoo to setup packet shaping, and modified it suit my needs. I also used ipp2p [ipp2p.org] like the guide uses, rather than i7-filter.

Illegal? (1)

geek (5680) | more than 7 years ago | (#18649093)

I know in the US there are laws prohibiting companies from gimping their products like this. The specific laws escape me at the moment. Does Canada have anything similar?

Purposely sabotaging your product against a segment of people is deplorable.

Re:Illegal? (1)

quanticle (843097) | more than 7 years ago | (#18649141)

>>I know in the US there are laws prohibiting companies from gimping their products like this.<<

No, there really aren't. The entire net neutrality debate is over whether there should be prohibiting these practices here.

Re:Illegal? (5, Informative)

SydShamino (547793) | more than 7 years ago | (#18649839)

No, not at all. The net neutrality debate is about whether ISPs can throttle content based on the content's particular source, not on the content type.

Throttling based on content type is called packet shaping, and it's been done in the US and elsewhere for many years. Nothing about the net neutrality legislation would affect that, and anyone who says otherwise is confused or trying to deliberately mislead.

Throttling based on source, where content of the same type from different sources receives different priorities, is what the net neutrality legislation is about. In other words, any ISP can choose to tone down streaming video traffic so that all their customers can use basic web and email services. No ISP should be able to block video streaming from Google but allow video to stream from Microsoft, just because Microsoft paid them money. (Unless that was clearly advertised to the ISP's customers before they signed up, that is.)

In this case, it sounds like the ISP is throttling all encrypted content, regardless of its source or destination, so the net neutrality concept doesn't apply at all.

Re:Illegal? (0)

Anonymous Coward | more than 7 years ago | (#18649183)

What laws?

Misnomer (1)

El Cubano (631386) | more than 7 years ago | (#18649105)

I would think that "packet shaping" is not the right term. "Traffic shaping", "bandwidth throttling" or simply "throttling" are more appropriate.

Re:Misnomer (1)

Wildclaw (15718) | more than 7 years ago | (#18649305)

No, packet shaping is exactly the correct term. It refers to determining priority by looking at the content of packets. The other terms you mentioned are more overreaching and includes all kinds of throttling.

I am very much an opponent of any kind of packet shaping and a strong supporter of stronger net neutrality. If ISPs feel that they need to throttle customers, they should do so based on bandwidth used (and possible which time of the day the bandwidth is used), and not on the type of information transmitted.

Also, while I am a supporter of net neutrality, I see the possibility of allowing some kind of mechanism to allow for low latency communication. That mechanism should however not be allowed to be more than an on/off flag and at the full control of the customer and not the ISP.

Re:Misnomer (1)

the eric conspiracy (20178) | more than 7 years ago | (#18649595)


Pff. The first thing that everyone will do is turn on their 'interactive' flag for all traffic and we will be back where we are today.

Traffic shaping makes sense. VOIP traffic and other interactive applications SHOULD have priority over background-type operations. This is the way all well designed systems should work - your OS should give priority to screen redraws over virus scans.

As far as P2P traffic, there are ways to suss that out even if you are running it over encrypted sessions by using a variety of heuristic approaches. Rogers is just being lazy or stupid or both and deserves to be excoriated for this one size fits all approach.

Re:Misnomer (1)

loraksus (171574) | more than 7 years ago | (#18649363)

Of course, there becomes a point where throttling and shaping just isn't an appropriate description of what is happening.

Take the case of Portland State University - all bitorrent traffic to the dorm subnet is "throttled" to 20k. Not each connection, the whole subnet. Although it isn't blocked in the strictest sense, it might as well be because a 20 meg file takes a week to download.
That, of course, in addition to the occasional bouts of 800+ms ping times to their gateway.

Morons (2, Interesting)

iamacat (583406) | more than 7 years ago | (#18649157)

These days, after all the time to perfect technology and awareness of identity theft and industrial espionage, non-encryped traffic should be banned from Internet at backbone routers. Every ISP can issue you an SSL certificate that indicates the level of verification (possibly none) they performed on your identity. Even with multicast, data can be encrypted with server's private key for which the public key is available to intended recipients, or public. The only exception would be very low powered dumb devices, but those shouldn't be connected to public Internet anyway.

Re:Morons (1, Interesting)

Anonymous Coward | more than 7 years ago | (#18649487)

"The only exception would be very low powered dumb devices, but those shouldn't be connected to public Internet anyway."

Oh... you mean like windows machines?

maybe it is??? (1)

davidwr (791652) | more than 7 years ago | (#18649645)

Who is to say that BigBackbone1 doesn't encrypt traffic going over its wires and BigBackbone1 and BigBackbone2 don't encrypt traffic flowing between them? The only reason not to is cost.

Remember, encryption may take place at a level below the IP layer and as such will not be clearly visible in traceroutes.

Imagine this traceroute:

9 ms 11 ms 7 ms 1.2.3.4
500 ms 510ms 503 ms 5.6.7.8

That hop between 1.2.3.4 and 5.6.7.8 may include a bunch of sub-IP-level bit-moving over many devices and many wires. Encryption may or may not happen between these devices, even if 1.2.3.4 and 5.6.7.8 only see bits in the clear.

Canada has problems in this area... (5, Informative)

zappepcs (820751) | more than 7 years ago | (#18649161)

Shaw cable on the western side of Canada also mangles packets. Check with Vonage to find out how Shaw is trying to cripple their business by dropping calls, packets, or just dropping the network connection for people using Vonage VoIP.

Re:Canada has problems in this area... (0)

Anonymous Coward | more than 7 years ago | (#18649189)

Dont you mean Verizon trying to kill Vonage?

Re:Canada has problems in this area... (0)

Anonymous Coward | more than 7 years ago | (#18649229)

Cable companies have monopolies on regions for service. Shaw also offer VoIP service. If they are dropping Vonage traffic, then it would be an abuse of their monopoly position to prevent competition in a non-monopoly-granted market segment. If this were the case, there would be a court case and an injunction.

If Telus decided to get into the pizza business, they wouldn't be allowed to drop all calls made to competing pizza parlours.

Re:Canada has problems in this area... (2, Informative)

loraksus (171574) | more than 7 years ago | (#18649383)

Fortunatley, if you call and complain about the voip issues, they have a $10 a month package that "prioritizes" your traffic.
Thanks Shaw!

Re:Canada has problems in this area... (1)

gaderael (1081429) | more than 7 years ago | (#18649407)

That might have somethin to do with the fact that Shaw is owned by Ted Rogers and his band of cronies.

... But these are essential (5, Informative)

zCyl (14362) | more than 7 years ago | (#18649179)

This is somewhat "broken". If you can't use https or ssh with an internet connection, then that particular internet provider is little more than a glorified TV. If anything, ssh and https should be the highest priority.

There are reasons why p2p systems have started encrypting their traffic. Due to popular discontent with bandwidth throttling, they are trying to classify their traffic with a group of services that cannot be removed without breaking the functionality of the internet for that service provider. So their ideal solution to that is to break the functionality of their internet connection?

Re:... But these are essential (1)

Jeff DeMaagd (2015) | more than 7 years ago | (#18649325)

I wonder if maybe the throttling could be progressive. As in, if the encrypted traffic is a few tens of kbps, then let it go, but if the subscriber is just trying to pull down megabits that is encrypted, then scale back that traffic.

Re:... But these are essential (1)

dpilot (134227) | more than 7 years ago | (#18649427)

What about X Windows over my company's VPN? I know it's sub-optimal, but every now and then I just need to bring up my CAD application, do a tweak or two, or maybe just export data so I can do some real "telecommute". But every now and then, I need X. For that matter, once I've exported the data, it maybe a few 10s of MB.

Throttling is not acceptable for telecommuting.

Re:... But these are essential (1)

Peter La Casse (3992) | more than 7 years ago | (#18649731)

Throttling is not acceptable for telecommuting.

Agreed. I regularly use scp to transfer files with nontrivial size between my home office and my employer's network; if my ISP throttled this traffic, then I wouldn't have any reason to pay for their highest upload speed. Fortunately I live in an area with multiple high speed internet providers.

Re:... But these are essential (2, Interesting)

the eric conspiracy (20178) | more than 7 years ago | (#18649437)

If anything, ssh and https should be the highest priority.

No, streaming UDP based protocols have to be the highest priority, otherwise VoIP and similar applications won't work.

Ultimately the only logical way to handle this sort of thing is going to be through service tiers or other non-Net neutral mechanisms.

Net-neutral service teir (1)

davidwr (791652) | more than 7 years ago | (#18649751)

Can't you make service tiers "neutral?"

If the telco or cable company treated all traffic at a given tier equally, and did not play favorites when it came to pricing and marketing, then it's neutral.

If the cable company offers you a "medium latency" package suitable for web browsing at $30/month, and an "enhanced" package suitable for VoIP at $40/month, that's fine.

It's becomes "not neutral" if they price their own VoIP offering at a loss or break-even, knowing competitors will have to charge more to stay in business. If the competitors can't charge less than $25 to make a minimal profit, and the cable company sells the same service at a loss at $20 a month, or bundles VoIP+enhanced Internet for $60/month, that's not neutral.

Likewise, if they treat their VoIP traffic differently than a competitors for a given customer's Internet tier, that's anti-competitive.

Re:Net-neutral service teir (0)

Anonymous Coward | more than 7 years ago | (#18649821)

This is neutral: All encrypted traffic gets clobbered.

We'll see if it's a pretext to go non-neutral later, ie: All encrypted traffic gets clobbered... except for packets to and from our special partner companies. Your vpn-enabled telecommuting sales force can join for the low-low cost of $500k.

Re:... But these are essential (1)

CrazyBrett (233858) | more than 7 years ago | (#18649445)

little more than a glorified TV
... which is exactly what businesses want. This whole "interactivity" thing is mighty inconvenient.

Re:... But these are essential (1)

Kjella (173770) | more than 7 years ago | (#18649537)

If you can't use https or ssh with an internet connection, then that particular internet provider is little more than a glorified TV. (...) So their ideal solution to that is to break the functionality of their internet connection?

Well, for many services a bandwidth-throttled (but hopefully still low-latency) secure connection isn't exactly a big limitation. Your online banking site or that terminal session you were running are hardly bandwidth hogs. Downloading large attachments over a secured connection is another matter. I guess the question is "Are those few enough that we can get away with it?". Sounds like to me like a good way to increase your support costs though...

Re:... But these are essential (2, Insightful)

ObsessiveMathsFreak (773371) | more than 7 years ago | (#18649547)

There are reasons why p2p systems have started encrypting their traffic.

Three words.

Deep Packet Inspection.

Digimon (-1, Troll)

Anonymous Coward | more than 7 years ago | (#18649197)

Digimon, Digital Butt-fucks
Butt-fucks that are Digital...yea!

it's a song...SING IT!

Telecommuter (5, Informative)

Anonymous Coward | more than 7 years ago | (#18649199)

I am a telecommuter and I have certainly noticed the bandwidth decrease for encrypted traffic; at any given time, for my job, I absolutely have to have roughly 15 citrix-application windows open at any given time, and the only way to access the metaframe server is via a VPN connection (as per corporate security policy). I have noticed major, major slowdowns; it's unfortunate that I cannot do my work properly as a telecommuter due to this new procedure of Rogers. Don't get me wrong, everything still works properly, the only thing is that with this slow down of my Citrix sessions (due to the traffic being encrypted), I have learned to live with a "Click now, work later" style application behaviour; it reminds me of using a 486 PC.

brownout heavy users during peak times (5, Interesting)

davidwr (791652) | more than 7 years ago | (#18649249)

Use "brownouts" to shape traffic for "fair load" during peak times.

During non-peak times, when you can carry every bit at maximum speed, do it.

During peak times when you can't, then, for the next few minutes or hours, cap everyone at X bits per second, Y bits per minute, Z bits per 5 minutes, and so on so the leeches-of-the-moment get throttled down and people putting less immediate demand on the system don't notice any change. X should be as close to the normal maximum as possible. Y should be less than 60X or Z should be less than 300X, or both. This way, people just doing normal web browsing won't be impacted but I'll be slowed down if I dare to download all of kernel.org during a busy period.

If you combine charging extra for minimum guaranteed per-second bandwidth and charging extra for high-volume-per-month users with peak-demand throttling, then you can raise revenue and/or discourage people from demanding all-you-can-eat lobster buffet service at cup-o-noodles price.

Do NOT discriminate based on the content of the traffic, especially if you do not know what kind of content that is, i.e. because it is encrypted. That encrypted connection is probably me working from home thank you very much.

Re:brownout heavy users during peak times (2, Interesting)

dreamchaser (49529) | more than 7 years ago | (#18649395)

That's still a bandaid. The real problem is ISP's overselling their bandwidth for years and it's now coming back to haunt them. They say things like "x speed" or "unlimited downloads" but they don't really mean it and the fine print in their TOS's makes that pretty clear. It borders on false advertising.

Re:brownout heavy users during peak times (1)

e4g4 (533831) | more than 7 years ago | (#18649665)

I couldn't agree more - especially the monthly usage limits a lot of ISPs hide deep in their TOSs. It seems like it's especially a problem now that legal usage of extreme amounts of bandwidth is becoming more widestream (think downloading movies/tv shows from itunes - those files run about 500MB/hour). Perhaps we should start forcing ISPs to more openly report how exactly they think the word "unlimited" is defined.

Re:brownout heavy users during peak times (1)

zippthorne (748122) | more than 7 years ago | (#18649697)

It's not necessarily overselling. It could be oversimplification.

They may have enough total bandwidth for everyone to download 3GB/month, but set up so the "burst rate" is much higher a mere 10 kbps. Their customers could download an Ubuntu iso in a couple of hours, but only a few times over the course of a month. (but then again, how many times do you really need to download that iso during the month?)

So for typical usage it is indistinguishable from unlimited, a word itself that has come into the ISP world as a synonym for always-on. i.e. unlimited hours of operation.

Anyway, the whole situation is far too complicated to put on a billboard and expect people to read it and not die in a horrible 21 car pileup.

If everyone flushed their toilets at one time (3, Insightful)

davidwr (791652) | more than 7 years ago | (#18649849)

Telcos have ALWAYS oversold their capacity. So do most other businesses.

If EVERYONE tries to use their phone at the same time, there are problems. Remember trying to make a cell call anywhere in greater New York City on 9/11? Nevermind the destroyed equipment, the demand on each cell tower was just too much.

Even today, on busy days like Mother's Day, it's hard to get a long-distance call between certain cities on certain carriers. It's not as bad as it used to be thankfully.

Other businesses do the same thing. Ever tried to get into a computer store at 5AM the day after Thanksgiving? Some stores have fire-wardens at the door and when the store reaches fire-code capacity they won't let anyone else in until someone leaves. There's a popular restaurant I used to go to that took a different approach: They kicked you out after a certain period of time during peak hours. Think of it as "traffic-shaping" your restaurant experience.

Re:brownout heavy users during peak timesPROBLEM (1)

Nom du Keyboard (633989) | more than 7 years ago | (#18649511)

During peak times when you can't, then, for the next few minutes or hours, cap everyone at X bits per second, Y bits per minute, Z bits per 5 minutes,

Do that, and suddenly you can't advertise those peak speeds any longer that you are so fond of comparing to your DSL competition.

Re:brownout heavy users during peak timesPROBLEM (1)

Watson Ladd (955755) | more than 7 years ago | (#18649769)

They use the term peak speeds to refer to top speeds, not top usage speeds.

Use measures to defeat your ISP's snooping (3, Interesting)

Brian Ribbon (986353) | more than 7 years ago | (#18649327)

When people complain about anything related to ISP surveillance, I always wonder how bothered they really are about security. If you're truly interested, you'll use an encrypted network, preferably an onion routing network, because you never know who is watching. My branch of civil rights activism is highly controversial and generally misinterpreted, so I always make sure that I route my traffic in an encrypted form through my ISP's routers

Sadly, some people really don't understand that the internet is NOT anonymous and that you must use other measures to achieve a reasonable degree of security.

You are not a loan (nt) (0)

Anonymous Coward | more than 7 years ago | (#18649385)

NT

Re:Use measures to defeat your ISP's snoopiREALLY? (1)

Nom du Keyboard (633989) | more than 7 years ago | (#18649587)

My branch of civil rights activism is highly controversial and generally misinterpreted

But you don't mind giving us a web-site to find you at (anu.nfshost.com) that tells us your interest is in making paedophilia more accepted in society, or all the other tracks you've left on a simple Google search.

Re:Use measures to defeat your ISP's snooping (0)

Anonymous Coward | more than 7 years ago | (#18649601)

I use encryption on my ISP connection for an entirely different reason. Verizon has a policy against allowing web servers (and charges a fortune for static IPs). The answer is an encrypted tunnel to a high-bandwidth endpoint that I control. I'm pretty happy with their FiOS service under these conditions. Instead of paying $300/mo for their Commercial FiOS I'm paying $50 and I have all the same functionality of the higher cost service.

Obviously not everyone has access (and control) of a high-bandwitdth Internet resource so this solution cannot apply to them.

--
anonymous because I don't want Verizon to change my situation

Re:Use measures to defeat your ISP's snooping (0)

Anonymous Coward | more than 7 years ago | (#18649649)

The next stage is quite obvious:

Encrypted connections that masquerade as unencrypted ones using known protocol signatures and mimic functions.

don't blame (4, Insightful)

feldsteins (313201) | more than 7 years ago | (#18649341)

I'm no fan of cable companies, but someone has to speak up about the problems associated with P2P. I'm aware of some educational institutions that saw their newly upgraded networks come to a complete grinding halt - simply because of P2P sharing. They had no choice but to shape their traffic so that other business could get done. They didn't ban it or shut it off. They simply said X amount of our bandwidth can be used for it during business hours and Y amount at other times. And now look what's happened: P2P clients have deliberately foiled such attempts by encryption. Great. Now those institutions will be crippled once again by dorms full of students sharing their entire music collection to the world, many not even aware that they are doing it.

I don't want to kill P2P. I am no fan of cable companies or the RIAA or the MPAA. But don't blame network admins when they have to fight back on this stuff!

Re:don't blame (2, Insightful)

CrazyBrett (233858) | more than 7 years ago | (#18649501)

Fine. So put intelligent rate or bandwidth caps on and be upfront about that policy (this goes both for cable providers and universities). You used to be able to build networks with the assumption that most people wouldn't be transferring data most of the time. This simply isn't true any more.

That doesn't make sense (1)

davidwr (791652) | more than 7 years ago | (#18649527)

They simply said X amount of our bandwidth can be used for it during business hours and Y amount at other times.
If those limits applied to all traffic from the dorms, there wouldn't be a problem.

Let's say the University decides that during peak hours, dorm computers can use an aggregate of 100Gb/sec and 1000Gb/min during business hours and twice that at night without impacting other traffic.

Let's say they've studied the problem and know if they cap each dorm user's 1000Mb/sec ethernet port's out-of-university traffic at 100Mb/sec and 3000Mb/min during peak time and 1000Mb/sec and 6000Mb/min during off-peak hours they will be able to meet the needs of not just the professors and staff but also the students who aren't heavy users. It makes sense for them to impose such a cap. Of course, the actual numbers of the cap should be re-evaluated as conditions change.

If the internal university networks have bottlenecks, consider imposing similar caps on out-of-dormitory or out-of-LAN traffic as well. If a bunch of students want to have a dorm-wide LAN gaming party, that's one thing. If they put their traffic on the wires that connect the buildings and it saturates the wire, that's a problem.

That's not why P2P is encrypted (2, Informative)

Rix (54095) | more than 7 years ago | (#18649529)

Various bittorrent clients implemented encryption because of ISPs trying to tell their customers what they could use the bandwidth they had purchased for.

If we had strong network neutrality legislation, it wouldn't have been necessary.

Re:don't blame (1)

The_Deacon (137827) | more than 7 years ago | (#18649577)

There is still a way to deal with this cleanly and neatly, and without inspecting the traffic content.

See, you've even mentioned part of the solution in your post. You don't shape traffic campus-wide based on whether it "looks like p2p" (is encrypted) or not. Instead, you segregate users by use (e.g. the dorms from your comment, versus the business offices) into separate subnets.

Got a problem with the dorm and computer lab subnets sucking down 100% of the traffic? No problem - core routers implement a rule to guarantee that the business subnets will always have priority over traffic from the dorms subnet. Or that the dorms will never get more than ~75% of the full pipe. Or whatever.

The point is, you're no longer spending your time fruitlessly inspecting *every TCP session* to determine what type of traffic it is, and trying to apply blanked traffic shaping rules across the backbone. You just ensure that your user groups are segregated appropriately, and the "business critical" stuff is on subnets with guaranteed minimum bandwidth. If your business users are doing p2p on that subnet, then you deal with it through regular channels -- e.g. it's a business productivity issue, move it off this subnet. Etc.

In the end it's cheaper (you don't have to spend big $$$ on packet-inspection software & hardware that has the ability to monitor the backbone), AND it won't leave the encrypted-traffic users feeling slighted, AND it'll guarantee your business needs (e.g. minimum bandwidth to operate) are met.

Re:don't blame (2, Insightful)

feldsteins (313201) | more than 7 years ago | (#18649923)

The solution cannot be to simply throttle all traffic from dorms. People in dorms are often doing academic work. We cannot lump those packets together with music and movie sharing and then simply throttle the whole thing down to where we know it's going to crawl. That solution does not work. We have to have a way to segregate it.

Re:don't blame (1)

ady1 (873490) | more than 7 years ago | (#18649657)

P2P sharing != Music/movies sharing.

P2P traffic can be just as important as any other traffic. Surely most of it isn't that important at the moment but IMO no internet traffic should be identifiable except for the given recipient it is intended for. An ISP is no one to decide which traffic is more important if they are getting the amount of money they want.

I don't buy this crap where an ISP offers a package with hidden assumption about you usage. Who the fuck is rogers to decide what I am doing with the bandwidth I AM PAYING THEM for. It's like selling me a Race Car which doesn't run over 50KM because they made an assumption that the average user in their normal usage won't be driving it over 70KM.

Re:don't blame-But I Do! (1)

Nom du Keyboard (633989) | more than 7 years ago | (#18649671)

I'm no fan of cable companies, but someone has to speak up about the problems associated with P2P. I'm aware of some educational institutions that saw their newly upgraded networks come to a complete grinding halt - simply because of P2P sharing. They had no choice but to shape their traffic so that other business could get done.

Why is your business more important than my business. I might be distributing my newest song via P2P, while other people are engaged in other business. My filesharing is as important to me as your other business is to you, and you've appointed yourself the gatekeeper of how bandwidth is to be used. Just give everybody the same bandwidth allotment, and let them use it as they see fit, instead of trying to be the arbitrator of what's right and what's wrong.

How do the know it is encrypted? (1)

master_p (608214) | more than 7 years ago | (#18649389)

The referenced site is slashdotted...does anybody know?

Encrypt it All (4, Interesting)

Nom du Keyboard (633989) | more than 7 years ago | (#18649397)

So much for the idea of Net Neutrality. Encrypt all the traffic, and it will all again be treated as equal.

And if they slow it all down, sue them for not providing the level of service they promised when you signed up. The whole unlimited, high-speed broadband thing is such a fraud anyway, it deserves to land in court -- preferably sooner, rather than later.

no bueno (1)

pak9rabid (1011935) | more than 7 years ago | (#18649399)

Welp, yet another ISP that i'll be boycotting

This is Cute (4, Funny)

Nom du Keyboard (633989) | more than 7 years ago | (#18649423)

Clicked on the link for Michael's site, and got:

Michael Geist

This site is temporarily unavailable. Please notify the System Administrator

And just how are you supposed to to that?

Re:This is Cute (0)

Anonymous Coward | more than 7 years ago | (#18649483)

Boycott? Most people don't have much of a choice. That's the problem.

I guess you could boycott with a couple tin cans and a long string.

Re:This is Cute (0)

Anonymous Coward | more than 7 years ago | (#18649557)

Yup - there is only one other viable choice to Rogers in most areas: DSL via Bell (or one of their affiliates).

OR Satellite internet for even worse packet shaping at the satellite level (not even provider controlled) and Apollo mission like ping-times.

Re:This is Cute (4, Funny)

Jah-Wren Ryel (80510) | more than 7 years ago | (#18649863)

This site is temporarily unavailable. Please notify the System Administrator
And just how are you supposed to to that?

Post it to slashdot. Obviously the sysadmin is slacking off, so that probably means he is reading slashdot.

That is why I left (0)

Anonymous Coward | more than 7 years ago | (#18649507)

Stupid decisions like this are what made Rogers lose my business. Throttling encrypted traffic was the last straw, so I switched the internet, phone, and TV services at two houses and convinced a few friends to do the same. I am Rogers free and it is excellent.

This won't fly. (4, Insightful)

644bd346996 (1012333) | more than 7 years ago | (#18649513)

Telecommuting is too popular for this tactic to work in the US. There are some very powerful companies that have a vested interest in VPNs being reliable and responsive. How many of you think Cisco would let ISPs get away with this? Sure, Cisco sells lots of expensive hardware to ISPs, but they also sell a lot of hardware and software to businesses and consumers so that VPNs can be established.

Also, I know that many employees of my local and state governments use VPNs daily. If their VPN connections get any slower, they will be well-nigh unusable. This is essentially a lower-stakes version of NTP wanting to cripple every congressman's BlackBerry. Our monopolies seem to be forgetting rule #1: don't piss off your regulators!

Re:This won't fly. (1)

ezterry (613886) | more than 7 years ago | (#18649763)

Well just did a small test:

From my apartment (Rogers cable internet) to my Linode virtual dedicated host:
Download 20MB of zeros over scp: 409.6KB/s
Download 20MB of zeros over http: 423.33KB/s
The upload [encrypted] was at 46.9KB/s (which given the other information going upstream sounds like the 768kbit upload cap.)

So either this is something those who are paying for the 100/GB transfer/mo (rather than the default 60 of the cheaper plans) are likely immune to.

Or this is untrue.

However one interesting potential is if they are splitting traffic into classes, Everyone on that part of the network may have saturated the encrypted pool... The problem with bittorrent and similar protocols is when mis-configured to make too many connections they don't play nice with other TCP connections on the same link. (with or without encryption)

Michael's site is dead (0)

Anonymous Coward | more than 7 years ago | (#18649531)

Porr Michael Geist's site is dead. He must have forgotten that his server uplink is with Rogers.

Solution: Encapsulation (2, Insightful)

RadicalHiltz (1073312) | more than 7 years ago | (#18649667)

The whole attempt to slow encrypted traffic is useless, simply taking the encrypted packet and running it through say, http encapsulation, would make it impossible to degrade; that is only if they are not willing to shape http requests.

Maybe they should just (4, Insightful)

pair-a-noyd (594371) | more than 7 years ago | (#18649721)

upgrade their shitty equipment?
Seems like I have read over and over about how North America is like pretty much at the bottom of the ladder of high speed Internet service compared to the rest of the world with the exception of places in Africa.
I think I read places like France and Korea have gigabit service pretty much nation wide.

WHY is the (used to be) world leader of technology and one of the richest nations on Earth (USA) still dragging it's feet and living in the past? I know so many people that are STILL running 54k dialup modems at home but their actual throughput averages around 48k. And they are paying an average of $30 a month for such sorry service! Not to mention, frequent disconnects, busy trunks in the evenings, etc..

How pathetic.

These companies have no interest in providing a quality service, their only interest is milking their customers for as much as possible as long as they can. They'll continue to use antiquated and archaic equipment to provide substandard service until they are FORCED to by either massive equipment failures or court order.

So why not use stego also to disguise encryption? (0)

Anonymous Coward | more than 7 years ago | (#18649745)

Recall the program "texto" that takes data and hides it as a (rather longer) text message that appears to be a very long harangue about some boring subject, but where every word choice encodes some bits?

That would be extremely hard to tell from normal boring text, though it would take still MORE bandwidth. By salting with some other words from anywhere, the resulting message could be assured to NOT have a small unique vocabulary that might be used to select it, making it hard to tell what is going on. For that matter, it can be hard to tell simple base64 encoded binaries apart from other material.

I also wonder whether the cable companies actually measure entropy or not. Is compressed data also throttled?

There are enough snoops around these days that a stego layer above the crypto layer is widely desirable. Since a packet sniffer has only a small string of data to work on at a time, it cannot do some of the sophisticated detection possible on longer data strings. For an ISP in particular, detecting crypto under stego could be prohibitively expensive. (Also such a response would make it clear that the result was an increase in traffic, not a decrease.)

How much slowdown? (1)

reub2000 (705806) | more than 7 years ago | (#18649799)

By how much is Rogers slowing down encrypted traffic? I don't see a mention of that anywhere.

Yawn (0)

Anonymous Coward | more than 7 years ago | (#18649825)

Michael Liberal Geist again... ...nothing to see, move along...

Workaround? (2, Insightful)

TerranFury (726743) | more than 7 years ago | (#18649837)

Perhaps one could slap HTTP headers on all traffic, call everything either a GET or a PUT request, and tunnel out with only a modest overhead?

What about gaming? (1)

Corngood (736783) | more than 7 years ago | (#18649857)

I'm pretty sure Xbox Live uses encrypted p2p udp and tcp, and has no set port numbers. How can they tell that apart from encrypted bittorrent? Did they just gimp live for all of their users?

Tagging (1)

sam991 (995040) | more than 7 years ago | (#18649887)

Seriously, no blamecanda?
Load More Comments
Slashdot Login

Need an Account?

Forgot your password?

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>