Traffic management - how deep packet engines will shape the Internet slow lane
- Author: Monica Horten
- Published: 19 November 2010
Report from Broadband Traffic Management congress, London, 16-18 November 2010
An afternoon spent among the telcos and their suppliers does not bring much cheer to those who want to protect the open Internet. If deep packet inspection (DPI) is a cornerstone of the network, how should policy-makers be thinking?
* PLUS * I experience a DPI sales demo: "Content filtering ? Certainly. Which filters do you want?"
Broadband Traffic Management is a new exhibition which provides a forum for discussion of the issues surrounding the new technologies which operate and run broadband networks. A visit to it was eye-opening.
It was revelatory to see how much enthousiasm is going in to developing new ideas to alter the structure of what we know today as, 'the Internet'. The changes will be justified by
various economic rationales, but especially the expontential growth of video content.
It was evident that traffic management systems do enable the network operators and ISPs to restrict traffic on a per user basis. They can see what each individual is doing, right down to applications and content, and have functions which permit or block activity.
Deep packet inspection is the main tool which enables them to do so, and speakers discussed how DPI is no longer just an optional add-on, but a 'cornerstone' of traffic management systems.
Some of the vendors do understand that there are liability and civil liberties issues, and they expect the regulators to do the job of setting the boundaries. Jonathon Gordon, director of marketing at Allot Communications, interviewed by iptegrity, said that dpi systems do not open up the content, only the information that is readable on the outside of the packet. This is still quite a bit (see below). Mr Gordon discussed how the regulators and the law set the boundaries of what operators can do legally, and that interception of content for commercial purposes is forbidden by privacy law. He said that some EU network operators are nervous of collecting any of this data, due to the regulatory issues.
Unfortunately, not all vendors are so well informed about regulation. One seminar speaker responded to a question about liability (in this case of delayed transmission of security updates) saying 'we do not have scientific or religious discussions about this'.
Talking to the sales people manning the exhibition stands was the most revealing part of the afternoon. One salesman spoke of 'gold and silver' service levels. He justified the telcos using such differentiated service levels by saying that 'it depends on the pain points. If they don't get enough money out of subscribers, they need to squeeze out more'.
I queried it, asking if he was suggesting the creation of a slow lane?' Yes, he said, with great excitement, 'the free service is the slow lane. The medium lane is probably what everyone gets today ( fair queuing). The fast lane will charge more, that's for the elite flyers.'
Read on for my personal experience of a deep packet inspection sales demonstration. It must surely give plenty of food for thought for policy-makers.
Deep packet inspection (DPI) sales demo
I watched a demonstration of a deep packet inspection system in action. I was stood with the salesman for the company which developed the system, and two middle-eastern men from a company which installs telecoms networks in countries such as Egypt and Saudi Arabia.
The salesman demonstrated the interface, and logged in to a live network in the US (although he did not give the name). He said the system could do traffic shaping, filtering, bandwidth restriction, network protection, deep packet inspection, behavioural analysis and look inside packets.
He explained how, when a subscriber is located, it would identify the device, and for example, an iPhone user with a premium subscription could be given priority. By comparison, a low entry subscription plan could be given web-only, and a higher paying one could have streaming media enabled.
He demonstrated how the DPI systems can look into applications running on the network.
He explained that where traffic is not encrypted, the system can show the, file, web browser, and content, including for example, content of YouTube. The operator can set the permissions which determine whether or not the individual user is able to access any of these applications.
The demo investigated the peer-to-peer applications. One click on P2P in the menu revealed a list of P2P applications running, such as BitTorrent, eDonkey, FlashGet, Kazaa, Soulseek, and iMesh. A click on Bit Torrent showed up another list detailing uTorrent, KRPC, and encrypted.
It got really interesting when the salesman showed how the system could look into individual usage. He clicked on a menu label which read 'students'. This brought up the IP addresses of all the users whose accounts were stored under this category. When he clicked on the IP address, we were able to see all the applications that individual was running. In this case, the user was running the P2P protocol Bit Torrent, and we could see that he was running 13 Bit Torrent connections, which port he was using, which IP address he was connecting to, and that he was using the specific uTorrent protocol.
The salesman went on to demonstrate how the ISPs can set up the rules for their network in the DPI system, notably he mentioned filtering rules and shaping rules. It was astonishing how easy it all was.
"Content filtering?" enquired one of the middle-eastern gentlemen. "Certainly" replied the salesman, "you can have rules for filtering by destination, by application, for example, or other content filters, maybe you want to block certain URLs or you don't want your users to type in their Skype user name..." and he explained how the DPI system enabled such blocking.
As the salesman and the middle-eastern gentlemen exchanged business cards and booked a meeting, I walked away. I am sure the saleman went home happy. I am not sure that the citizens of a certain middle-eastern country will be quite so happy about this outcome.
Report from Broadband Traffic Management congress, London, 16-18 November 2010
This article is licensed under a Creative Commons Attribution Non-commercial-Share Alike 2.5 UK:England and Wales License. http://creativecommons.org/licenses/by-nc-sa/2.0/uk/ It may be used for non-commercial purposes only, and the author's name should be attributed. The correct attribution for this article is: Monica Horten (2010) Traffic management - how deep packet engines will shape the Internet slow lane, 19 November 2010
- Article Views: 15572
IPtegrity politics
- Online Safety and the Westminster honey trap
- Shadow bans: EU and UK diverge on user redress
- EU at loggerheads over chat control
- Why the Online Safety Act is not fit for purpose
- Fixing the human rights failings in the Online Safety Act
- Whatever happened to the AI Bill?
- Hidden effects of the UK Online Safety Act
- EU puts chat control on back burner
- Why did X lock my account for not providing my birthday?
- Creation of deep fakes to be criminal offence under new law
- AI and tech: Asks for the new government
- How WhatsApp holds structural power
- Meta rolls out encryption as political headwinds ease
- EU law set for new course on child online safety
- Online Safety Act: Ofcom’s 1700-pages of tech platform rules
- MEPs reach political agreement to protect children and privacy
- Online Safety - a non-consensual Act
About Iptegrity
Iptegrity.com is the website of Dr Monica Horten, independent policy advisor: online safety, technology and human rights. Advocating to protect the rights of the majority of law abiding citizens online. Independent expert on the Council of Europe Committee of Experts on online safety and empowerment of content creators and users. Published author, and post-doctoral scholar, with a PhD from the University of Westminster, and a DipM from the Chartered Institute of Marketing. Former telecoms journalist, experienced panelist and Chair, cited in the media eg BBC, iNews, Times, Guardian and Politico.
Online Safety
- Online Safety and the Westminster honey trap
- Shadow bans: EU and UK diverge on user redress
- Why the Online Safety Act is not fit for purpose
- Fixing the human rights failings in the Online Safety Act
- Hidden effects of the UK Online Safety Act
- Why did X lock my account for not providing my birthday?
- Online Safety Act: Ofcom’s 1700-pages of tech platform rules
- Online Safety - a non-consensual Act
- Online Safety Bill passes as US court blocks age-checks law
- Online Safety Bill: ray of hope for free speech
- National Crime Agency to run new small boats social media centre
- Online Safety Bill: does government want to snoop on your WhatsApps?
- What is content of democratic importance?
- Online Safety Bill: One rule for them and another for us
- Online Safety Bill - Freedom to interfere?