Re: An outage because Comcast is managing p2p traffic? [Typos fixed]

[David Farber <dave () farber net>]

We shall see. Waiting for Comcast!!
________________________________________
From: Brett Glass [brett () lariat net]
Sent: Sunday, April 06, 2008 4:33 PM
To: David Farber; ip
Subject: Re: [IP] An outage because Comcast is managing p2p traffic? [Typos fixed]

At 01:12 PM 4/6/2008, Steven Bellovin wrote:

> My cable modem service was out for eight hours yesterday.  Tests I did
> -- ICMP could get through to various destinations; TCP could not --
> make me believe that the problem is due to Comcast trying to treat p2p
> traffic differently.  See
> http://www.cs.columbia.edu/~smb/blog/2008-04/2008-04-06.html for more
> details.

The fact that ICMP traffic seemed to be getting through but TCP traffic
did not is unusual (and, obviously, dysfunctional). But it is not
indicative of management or throttling of P2P traffic.

We've noted that many providers and private network administrators implement
firewall rules that do the reverse: Blocking ICMP while allowing TCP through.
This has severe negative consequences, because it blocks messages which report
the largest packet size that can be sent between two communicating hosts without
fragmentation (the MTU). Unfortunately, some network administrators are not
knowledgeable about this. They think that by blocking ICMP they are enhancing
security by blocking "ping scans" -- a technique used to scan ranges of IP
addresses for "live" hosts.

But be this as it may, the fact that TCP traffic was not getting through
does not indicate blocking of P2P. It could simply have been due to a
bad firewall rule or a programming error in a set of firewall rules. It
also may have been that only some TCP sessions were blocked by an equipment
failure. For example, if the provider uses a transparent, caching Web proxy
-- a "Web accelerator" which speeds up browsing and thus is good for customers
-- and that proxy goes down, one will likely find that TCP to port 80 on a
remote machine will not work but TCP to other port numbers will. Some providers
also route different types of traffic via different upstream connections for
the sake of efficiency (for example, they might route Web traffic over
asymmetrical links and VoIP over symmetrical ones). Again, this sort of
cost-effective policy can cause network or equipment failures to impact
one protocol more than another.

It is also worth noting that not all P2P traffic uses TCP. Many P2P programs
use UDP primarily or exclusively (especially certain ones, like Skype, which
specialize in "firewall punching"). Management of these applications -- which
sometimes set up rogue servers called "supernodes" on a network without the
operator's consent -- does not involve TCP traffic.

While blocking of P2P by Internet service providers is, IMHO, perfectly
justifiable for reasons I've laid out elsewhere (see my slides at
http://www.brettglass.com/ITIF), it is inappropriate to jump to conclusions
and blame every network outage on this practice.

--Brett Glass


-------------------------------------------
Archives: http://www.listbox.com/member/archive/247/=now
RSS Feed: http://www.listbox.com/member/archive/rss/247/
Powered by Listbox: http://www.listbox.com