Comcast and Secret Policies

The FCC has finally commented on how they would deal with Comcast in the aftermath of their applications interference scandal. Federal Communications Commission chair, Kevin Martin on Friday told an audience at Stanford University that he had been troubled by Comcast's behavior. He had also stated that the agency is "ready, willing, and able" to deal with the problem. In my opinion the FCC should have acted weeks ago. They should immediately draw up new rules to govern the running of broadband. What is need is a clear set of rules to govern broadband internet services.

This controversy started back in January, with an Associated Press story that revealed that Comcast was interfering with Bit Torrent traffic by sending TCP "reset" packets to end users. In the very face of an amounting body of evidence, Comcast still denied allegations that it specifically targeted Bit Torrent and other applications. Vice president of Comcast, David Cohen even went as far as stating that the company's traffic control measures conform fully to the FCC's definition of "reasonable network management". Only after months of stonewalling did they admit to the truth, that they were not only using traffic shaping practices on P2P traffic but to Lotus Notes email services. This wasn’t the first time that Comcast was not up front. Last year it was reported that they had an Invisible Bandwidth Limit. They stated that it would shut down customers who went above what the company considered average use. The problem was they never gave a hard number for average use, making it difficult to know whether a user was in danger of being shutdown.

Comcast says that it needs to limit bandwidth-consumption of users to keep the quality of services. Their cable networks work by connecting homes up to local nodes, with every home on a particular node drawing from the same pool of bandwidth. The typical node servicing up to 450 homes as few as 15 high bandwidth users maxing out their connections, all 450 homes could see their network access impeded enough to be noticeable.

The problem with the Comcast traffic shaping is that nowhere in their license agreements or in any of their ads do they state that they’re using these measures. Comcast and all ISP have the right to limit user bandwidth but customers have the right to know that their service providers are doing it. That is why the FCC needs to make a bill of rights for consumers’ when it comes to the internet. The FCC should force all ISP to disclose full all bandwidth-caps and the use of packet shaping. I personally left Comcast for ATT mainly because of these unannounced policies. I just hope that ATT starts to use the “Comcastic” model of the internet.

YouTube, Pakistan and BGP

Late on the 24th of February 2008, YouTube became unreachable from almost the entire Internet world. A close look to where the internet traffic was heading showed that packets sent to YouTube were flowing to Pakistan. The interesting part was that the Pakistan government had just placed a ban on the popular online video site. What happened was that Pakistan Telecom placed an address block route to YouTube's servers in an attempt to "black hole" access to the service. Instead of just blocking the path to YouTube's servers for only users inside of Pakistan, it blocked all traffic to almost all users around. This event points out how we, as internet users, take for granted that the internet works and that these service problems could get worse.

On Sunday February 24th a Pakistan inter-ministerial committee ordered all Internet service providers to block the YouTube website for "blasphemous" content and materials that were offensive to Islam. In response the Pakistan Telecom decided to "black hole" YouTube. They simply advertised a different route to YouTube on to their top leave routers. The new route link did not go anywhere. This was a simple measure to filter access to the service from inside of Pakistan. Here is where thing took a bad turn, the routing information escaped from Pakistan Telecom to its ISP PCCW in Hong Kong. From PCCW it spared to the rest of the world. So any packets heading to YouTube would end up in Pakistan Telecom's black hole.

To see how this simple access block went so bad, you have to understand Border Gateway Protocol (BGP) and Classless Inter-Domain Routing (CIDR). BGP is the standard that is used to maintain the routing tables between top leave routers on the internet. CIDR is the way IP addresses are interpreted by the routers. It allows address blocks to be given out in powers of two blocks using a slash after the IP addresses. For example 256 =/24, 512=/23, 1024=/22. Using this system creates a side effect, an IP address can now fall within multiple address ranges. For example, a router could have both 10.0.0.0/8 and 10.10.0.0/16 in its routing table. So they use the longest match first, smallest address block, with the largest number after the slash, takes precedence. Pakistan Telecom advertised a route for 208.65.153.0/24 to its provider. This is a more specific route than the ones used by YouTube (208.65.152.0/22). Both routes were on the routing table but because the longest match first rule, most routers would choose to send traffic to Pakistan Telecom instead of YouTube's own network.

One of the ways that this could have been avoided is by having ISP (like PCCW) limit the BGP advertisements it will accept from a customer. Also BGP vulnerability has been known for a very long time, and until recently only smaller accidents have happen with any frequency. Efforts to make the BGP more robust against this type of accident\attack haven't produced any results. There are routing databases where network operators can register their IP address blocks for the use of generating filters automatically. The problem is, since it’s up to everyone to register their own address blocks, and most people don't, the filters generated from these databases often do more harm than good. The internet can be more fragile then people think. One of the oldest myths on the web is the internet is the US government design the internet to survive a nuclear attack. The truth is the ARPANET (for runner of the internet) was designed to survive network losses, but the reason was that the switching nodes and network links were not very reliable, even without nuclear attacks.