dslreports logo
site
 
    All Forums Hot Topics Gallery
spc

spacer




how-to block ads


Search Topic:
uniqs
303898
share rss forum feed


espaeth
Digital Plumber
Premium,MVM
join:2001-04-21
Minneapolis, MN
kudos:2
Reviews:
·Vitelity VOIP
reply to funchords

Re: Comcast is using Sandvine to manage P2P Connections

said by funchords:

Then you're a bad player, stop doing that! -- There are solutions. Read this informative RFC:

RFC 3360: Inappropriate TCP Resets Considered Harmful
That RFC has very little to do with this discussion. It was drafted largely in response to packets with non-zero reserved bits in the TCP header being rejected by firewalls. Specifically he was concerned with firewalls blocking traffic with hosts that decided to try to implement explicit congestion notification. He did include commentary stating
"We would recommend that the TCP reset not be used as a congestion control mechanism, because this overloads the semantics of the reset message, and inevitably leads to more aggressive behavior from TCP implementations in response to a reset. We would suggest that simply dropping the SYN packet is the most effective response to congestion. The TCP sender will retransmit the SYN packet, using the default value for the Retransmission Timeout (RTO), backing-off the retransmit timer after each retransmit."
There's a bit of an issue with that statement; the goal of Sandvine is to shut down connections, not throttle them. For Sandvine to work transparently it should seem like the host port is closed for connections, and the standard TCP/IP stack response to closed ports is to send a reset! Everybody seems to forget this because nearly everything (including Windows) comes with a firewall these days with a Draconian ruleset that still seems to foster the idea that obscurity has some relation to security. Disable your windows firewall or flush IPtables and try to connect to a closed port -- you'll get a nice RST back indicating the port is not available. From a debugging standpoint this is what you want to see -- some response that will help you determine why things aren't working.

The RFC author's main concern was that TCP implementations would get more aggressive in response to RST packets and start spewing SYNs (he cited the example of a stack that generated 4 connection attempts even after receiving RST responses). It's 5 years later now, and there's no indication that was really a valid concern.

It's important to keep in mind that all RFCs are not standards in and of themselves. Some do gain general acceptance as standards, but anyone can bring forth a document for review. You have to look at RFCs like 1149 or 968 to see that pretty much anyone can submit an RFC about anything, and it doesn't necessarily mean it's right.

said by funchords:

said by espaeth:

Since we're back to talking technical details -- what do you propose for a better solution?
Well, let's get one thing perfectly straight: the RST forgery/injection is wrong and must be stopped -- even if there is no other solution to replace it.
Is it mean? Sure. Is it tricky? Absolutely. Is it wrong? It depends on how you define wrong. We're talking about using valid TCP constructs to initiate the shutdown of a connection.

If Comcast were a carrier this would be a different discussion, but they're not. Carriers don't have to worry about things like DMCA notices because the responsibility for mitigation falls on the networks that represent the endpoints of the conversation. Comcast doesn't have that same luxury, as they are often one of those end-point networks. This has become more of a problem as options like BitTorrent have drastically lowered the knowledge base required to participate in the distribution of copyrighted material. Others in this thread have argued that P2P applications can indeed be used for legal purposes, but lets be realistic, most of the time that's not the case. Talking about the legal uses of P2P in this thread is like hanging out in a bordello and preaching about the virtues of virginity.

said by funchords:

Be public about the problem, and enlist the customers' assistance in solving it. "This is a shared service and heavy uploading by one or two customers impacts the entire neighborhood." That's not hard to say -- Wireless ISPs and Satellite ISPs make this fact very clear to their customers. The reason they're not being public about the problem is because they have to compete with DSL and FIOS, which balances a lot more bandwidth across a much larger field of customers. As a result, DSL/FIOS can tolerate a larger percentage of heavy uploaders before their other customers begin to be affected.
The response to the abuse department talking one-on-one with folks that would be the target of this "education initiative" has been to post videos on YouTube or come on forums like this and talk about how Comcast is an evil company that doesn't let users download anything. Let's be realistic, customer education ain't gonna get this done.

said by funchords:

Those that do not cooperatively manage their usage can be put in a penalty box, like the port 25 issue is handled on Comcast. If the account is uploading at a sustained rate over 60%-80% of his tier for two hours, then limit the account to an upload of 128 kbps and send an e-mail to account holder. The account holder gets a Computer-Based Training lesson about about "fair use" of a "shared connection," clicks a link, and he is restored to full service by noon the next day.
Pushing configs out to cable modems seems like a kludgy way to deal with this, but it might be workable. Otherwise doing differential throttling would mean more complexity to their existing traffic shaping solution. While that sounds trivial, years of experience in networking has shown me that simple things are easier to manage and break less frequently. In my opinion it's not worth trading overall network path stability to implement a Rube Goldberg system that would punish heavy file sharing users with the network equivalent of a young child's "time out".

-Eric


ztmike
Mark for moderation
Premium
join:2001-08-02
Michigan City, IN
reply to funchords

Just wanted to say..for those people that haven't read threw all the pages..best way to seed if you have sandvine on your line, is to download something, then just leave it seeding, don't restart it..im still seeding at normal rate for the past 2 hours after my download was done.


dfxmatt

join:2007-08-21
Evanston, IL

aye, minute you restart the seed though it'll do the resets to any non-comcast user

comcast still denies this, and RCN can't give me service in my area since comcast owns all pipes. Viva le monopoly



NormanS
I gave her time to steal my mind away
Premium,MVM
join:2001-02-14
San Jose, CA
kudos:11
Reviews:
·SONIC.NET
·Pacific Bell - SBC

said by dfxmatt:

...RCN can't give me service in my area since comcast owns all pipes. Viva le monopoly
Is there some reason why RCN can't expand their plant into your neighborhood?
--
Norman
~Oh Lord, why have you come
~To Konnyu, with the Lion and the Drum

dfxmatt

join:2007-08-21
Evanston, IL

all I got from them was "we are unable"

from the email: "Thank you for your recent interest in RCN. Unfortunately, RCN does not
currently offer service at the address you provided. At the present time,
we do not have an estimated time frame as to whether or not we will become
a service provider in your neighborhood. We will gladly keep your
information on record should service become available.
"



NormanS
I gave her time to steal my mind away
Premium,MVM
join:2001-02-14
San Jose, CA
kudos:11
Reviews:
·SONIC.NET
·Pacific Bell - SBC

My guess is that there isn't an "Monopoly" process in effect, then. I don't see how it is Comcast's fault that RCN won't expend capital to expand their service footprint.
--
Norman
~Oh Lord, why have you come
~To Konnyu, with the Lion and the Drum


dfxmatt

join:2007-08-21
Evanston, IL

1 edit

beyond that I am displeased with comcast, they do own all lines in my development. I wish RCN would build some, but they refuse to tell me how many people I'd need to have willing to sign up for service in order for them to build out (I asked for such).



MysticGogeta
The Robot Devil
Premium
join:2005-03-14
Katy, TX
reply to funchords

This isn't actually affecting me I got 70 drop connections in a hour downloading a torrent.
--
Team Discovery-Join the fight


dfxmatt

join:2007-08-21
Evanston, IL

I will test tonight with a new legitimate seed and see what happens - will report back



eatnaders

join:2005-04-07
Mount Laurel, NJ
kudos:1
reply to funchords

OK. For anyone having problems seeding torrents. If you are using Azureus as your torrent client. Turn on encryption, which is supported in this application. Sandvine will be unable to determine what type of traffic it is and allow it to go through. It works great for me. Here is how you do it. Enable Advanced Mode and then click on Tools. Open Connection pull down inside tools. Inside you will see a selection called Transport Encryption. Open this setting up. Enable Require encrypt transport. I should point out that if other users that are seeding or leaching do not have encryption enabled then you as the seeder will suffer because they will be unable to connect to you.



funchords
Hello
Premium,MVM
join:2001-03-11
Yarmouth Port, MA
kudos:6

The Azureus team has really been working on this.

»www.azureuswiki.com/index.php/Av···#Level_5



funchords
Hello
Premium,MVM
join:2001-03-11
Yarmouth Port, MA
kudos:6
reply to funchords

Re: Something for eMule clients to try- improves Sandvine issues

eMule (and Mods) users:

Please see Possible Work-around For Sandvine Problem (comcast, Cox, Others), Try this experiment and report back...



ztmike
Mark for moderation
Premium
join:2001-08-02
Michigan City, IN

Thanks for the updates, funchords, But what about people on Utorrent? I have been doing fine with seeding..i have been just leaving utorrent going after my download is done, i believe im on my 4th day seeding..which is kinda sad to have to leave it seeding that long just to reach a good ratio, MORE upload speed so i can quit seeding faster.

Q: Is Azureus really system sources hungry like i hear it is?



Madcap
Baby's on Fire
Premium
join:2004-06-26
Fpo, AP

I've never noticed Azureus eating system resources in large amounts.



ztmike
Mark for moderation
Premium
join:2001-08-02
Michigan City, IN
reply to funchords

Re: Comcast is using Sandvine to manage P2P Connections

Just tried out Azureus..Didn't like it, to much crap they force on you to download with the program. I'll stick to utorrent.

But i do applaud their efforts on isp's throttling to help their users out.



jig

join:2001-01-05
Hacienda Heights, CA

post back if you find utorrent offering a similar update hardening the encryption...



ztmike
Mark for moderation
Premium
join:2001-08-02
Michigan City, IN

jig, Best thing to do on utorrent now is download a torrent and just leave it seeding (dont restart utorrent)

Probably sound like a broken record there but it has worked for me since they put sandvine on my line. Its obvious comcast is admitted to their sandvine efforts and are not giving it up anytime soon.

I find it funny though no one seems to have it on their line where "Blast" is available. For those who don't have blast it will probably be on your line in due-time.



funchords
Hello
Premium,MVM
join:2001-03-11
Yarmouth Port, MA
kudos:6

Do we know whether Blast!==DOCSIS3?



jig

join:2001-01-05
Hacienda Heights, CA
reply to ztmike

said by ztmike:

jig, Best thing to do on utorrent now is download a torrent and just leave it seeding (dont restart utorrent)

Probably sound like a broken record there but it has worked for me since they put sandvine on my line. Its obvious comcast is admitted to their sandvine efforts and are not giving it up anytime soon.
if you don't mind me asking, which version of utorrent are you using?

i'm not on comcast, i'm on TimeWarner/old adelphia. there seems to be some new type of seed filtering going on, say in the past month or so. considering how in bed these companies are in divvying up the clientèle, i can't help but think they'd collaborate on new technology. probably went for a volume pricing deal...


ztmike
Mark for moderation
Premium
join:2001-08-02
Michigan City, IN
reply to funchords

I heard Comcast is using Docsis 2 for (Blast!) areas..

Comcast is probably no where near a docsis 3 rollout..

I use Utorrent 1.6.1 (website where i get my torrents only accepts that version.) No higher version is allowed.

But what is weird..Just recently Whenever i start utorrent i now get the red question mark at the bottom..nothing on my system has changed for it to do that..so im sorta at a lost on that front..



EG
The wings of love
Premium
join:2006-11-18
Union, NJ
kudos:9

said by ztmike:

I heard Comcast is using Docsis 2 for (Blast!) areas..

F.W.I.W, I am on the Blast 16/2 speedtier at a DOCSIS 1.1 registration

crucialcolin

join:2004-09-12
Roseville, CA

1 edit
reply to funchords

arg this sandvine is starting to realy piss me off. Even the advanced iptables trick(Link) along with forced encryption is no longer working as of today.

I'm ready to cancel comcast and switch to the local telco but I'm sorta holding out hope that someone will come up with a permanent solution or our local telco will make fios avail on our block which is still dsl atm while neighboring blocks are on fiber.



NormanS
I gave her time to steal my mind away
Premium,MVM
join:2001-02-14
San Jose, CA
kudos:11
Reviews:
·SONIC.NET
·Pacific Bell - SBC

said by crucialcolin:

I'm sorta holding out hope that someone will come up with a permanent solution or our local telco will make fios avail on our block which is still dsl atm while neighboring blocks are on fiber.
Does Verizon serve any part of Roseville? If not, no FiOS for you. Ever. FiOS is a Verizon product, which won't, ever, be delivered by AT&T (or, more likely in your case, Surewest).
--
Norman
~Oh Lord, why have you come
~To Konnyu, with the Lion and the Drum

crucialcolin

join:2004-09-12
Roseville, CA

1 edit

no its surewest I meant to say fiber since they either provide high speed via dsl(6meg/786k) or via fiber(10meg/20meg/50meg synchronous tiers).

We did get a notice from Surewest awhile back about an upgrade in the works by years end. Heres hoping its sooner since surrounding areas have been upgraded already



Roundboy
Premium
join:2000-10-04
Drexel Hill, PA
reply to crucialcolin

But as its been said before here, that only works on YOUR side of the connection. Comcast is sending these packets out to everyone...

You would need to do this, and all people you are connected to need to do this...
--
[spoiler]Steve the pirate DIES![/spoiler]



hobgoblin
Sortof Agoblin
Premium
join:2001-11-25
Orchard Park, NY
kudos:11
reply to crucialcolin

said by crucialcolin:

no its surewest I meant to say fiber since they either provide high speed via dsl(6meg/786k) or via fiber(10meg/20meg/50meg synchronous tiers).

We did get a notice from Surewest awhile back about an upgrade in the works by years end. Heres hoping its sooner since surrounding areas have been upgraded already
Yikes...thats expensive
--
"A foolish consistency is the hobgoblin of little minds."
- Ralph Waldo Emerson


funchords
Hello
Premium,MVM
join:2001-03-11
Yarmouth Port, MA
kudos:6
reply to crucialcolin

said by crucialcolin:

I'm ready to cancel comcast and switch to the local telco but I'm sorta holding out hope that someone will come up with a permanent solution or our local telco will make fios avail on our block which is still dsl atm while neighboring blocks are on fiber.
Hello,

Don't wait if you have acceptable options.

This is a game of "whack-a-mole" or "cat-and-mouse" between an ISP which has secretly deployed a severe interference technology that they won't acknowledge or support. That tells me that even if a work-around is found, Comcast will block it as soon as it becomes popular. While this is intellectually fascinating for me as a protocol geek, my goal as a Comcast HSI customer is Internet Access -- not to play hide-and-seek.

I said earlier in this thread, somewhere, that Sandvine has an interest in seeing Comcast succeed in this technology. However, Comcast has deployed it in such a disastrous manner that it doesn't work as advertised (or perhaps, it never worked as advertised). Sandvine promises that their technology will not harm the end-users' (ISP subscribers') experience. Either by design or mis-configuration, at Comcast -- the second largest USA ISP -- end users are being affected.

And not just heavy users -- my upload stream is 16 kB/s to 20 kB/s -- and over 50 percent of my connections get aborted by the RST flag.

So, don't wait. Please leave, and leave loudly. Make sure people know that you left COMCAST because they were using SANDVINE. I don't want one more ISP buying SANDVINE without knowing what is happening at COMCAST and getting SANDVINE to guarantee in writing that their product won't be tearing down end-users' connections in lieu of less invasive and damaging methods.
--
Robb Topolski -= funchords.com =- Hillsboro, Oregon USA
Are you affected by Comcast's RST forging? How to test it! -or- Read my original report.


funchords
Hello
Premium,MVM
join:2001-03-11
Yarmouth Port, MA
kudos:6
reply to funchords

said by funchords:

The Azureus team has really been working on this.

»www.azureuswiki.com/index.php/Av···#Level_5
A good blog entry on the Azureus developments:

www.fsckin.com/2007/09/18/the-real-fix-for-comcast-bittorrent-throttling/
--
Robb Topolski -= funchords.com =- Hillsboro, Oregon USA
Are you affected by Comcast's RST forging? How to test it! -or- Read my original report.


funchords
Hello
Premium,MVM
join:2001-03-11
Yarmouth Port, MA
kudos:6

2 edits
reply to ztmike

said by ztmike:

jig, Best thing to do on utorrent now is download a torrent and just leave it seeding (dont restart utorrent)

Probably sound like a broken record there but it has worked for me since they put sandvine on my line. Its obvious comcast is admitted to their sandvine efforts and are not giving it up anytime soon.
I'm doing some experiments with this, now.

I just tried your suggestion with Azureus using the OpenOffice 2.3.0 Win32 torrent and I found that all of my connections were killed by RST after switching to upload. I did not stop the torrent. That torrent had 600 seeders and about 30 peers, however. It is not a good test vehicle.

This was a good test vehicle: Click here for *.torrent file 27K Seeders 31K Leechers

Here were my results:

Test Results

Chart Showing Relationship of RST% and either Time or Relevant Peers


I found that I had no more and no less success than I've had previously -- about 40% of the connections were killed while seeding.

Are you seeing something different? Can you repeat my test and post your results? Can you define "worked" vs. "not worked" -- what is your criteria for success? Are you measuring the number of RST? Are you saying you can to reach your upload limit only if you do this?

Thanks in advance.

Robb

--
Robb Topolski -= funchords.com =- Hillsboro, Oregon USA
Are you affected by Comcast's RST forging? How to test it! -or- Read my original report.


ztmike
Mark for moderation
Premium
join:2001-08-02
Michigan City, IN

Have you tried it using Utorrent? I don't use Azureus so i don't know that program.

Only thing i can say is, after a torrent download is done, i leave it seeding and it still maxes out my upload speed if i want it to.

This is using utorrent 1.6.1
--
"I am the worst president in US history, I'm either stupid or dumb most of the time, but people still believe me." George W. Bush