Comcast XFINITY → Comcast is using Sandvine to manage P2P Connections

That RFC has very little to do with this discussion. It was drafted largely in response to packets with non-zero reserved bits in the TCP header being rejected by firewalls. Specifically he was concerned with firewalls blocking traffic with hosts that decided to try to implement explicit congestion notification. He did include commentary stating

"We would recommend that the TCP reset not be used as a congestion control mechanism, because this overloads the semantics of the reset message, and inevitably leads to more aggressive behavior from TCP implementations in response to a reset. We would suggest that simply dropping the SYN packet is the most effective response to congestion. The TCP sender will retransmit the SYN packet, using the default value for the Retransmission Timeout (RTO), backing-off the retransmit timer after each retransmit."

There's a bit of an issue with that statement; the goal of Sandvine is to shut down connections, not throttle them. For Sandvine to work transparently it should seem like the host port is closed for connections, and the standard TCP/IP stack response to closed ports is to send a reset! Everybody seems to forget this because nearly everything (including Windows) comes with a firewall these days with a Draconian ruleset that still seems to foster the idea that obscurity has some relation to security. Disable your windows firewall or flush IPtables and try to connect to a closed port -- you'll get a nice RST back indicating the port is not available. From a debugging standpoint this is what you want to see -- some response that will help you determine why things aren't working.

The RFC author's main concern was that TCP implementations would get more aggressive in response to RST packets and start spewing SYNs (he cited the example of a stack that generated 4 connection attempts even after receiving RST responses). It's 5 years later now, and there's no indication that was really a valid concern.

It's important to keep in mind that all RFCs are not standards in and of themselves. Some do gain general acceptance as standards, but anyone can bring forth a document for review. You have to look at RFCs like 1149 or 968 to see that pretty much anyone can submit an RFC about anything, and it doesn't necessarily mean it's right.Is it mean? Sure. Is it tricky? Absolutely. Is it wrong? It depends on how you define wrong. We're talking about using valid TCP constructs to initiate the shutdown of a connection.

If Comcast were a carrier this would be a different discussion, but they're not. Carriers don't have to worry about things like DMCA notices because the responsibility for mitigation falls on the networks that represent the endpoints of the conversation. Comcast doesn't have that same luxury, as they are often one of those end-point networks. This has become more of a problem as options like BitTorrent have drastically lowered the knowledge base required to participate in the distribution of copyrighted material. Others in this thread have argued that P2P applications can indeed be used for legal purposes, but lets be realistic, most of the time that's not the case. Talking about the legal uses of P2P in this thread is like hanging out in a bordello and preaching about the virtues of virginity.The response to the abuse department talking one-on-one with folks that would be the target of this "education initiative" has been to post videos on YouTube or come on forums like this and talk about how Comcast is an evil company that doesn't let users download anything. Let's be realistic, customer education ain't gonna get this done.Pushing configs out to cable modems seems like a kludgy way to deal with this, but it might be workable. Otherwise doing differential throttling would mean more complexity to their existing traffic shaping solution. While that sounds trivial, years of experience in networking has shown me that simple things are easier to manage and break less frequently. In my opinion it's not worth trading overall network path stability to implement a Rube Goldberg system that would punish heavy file sharing users with the network equivalent of a young child's "time out".

-Eric

Just wanted to say..for those people that haven't read threw all the pages..best way to seed if you have sandvine on your line, is to download something, then just leave it seeding, don't restart it..im still seeding at normal rate for the past 2 hours after my download was done.

aye, minute you restart the seed though it'll do the resets to any non-comcast user

comcast still denies this, and RCN can't give me service in my area since comcast owns all pipes. Viva le monopoly

Is there some reason why RCN can't expand their plant into your neighborhood?

all I got from them was "we are unable"

from the email: "Thank you for your recent interest in RCN. Unfortunately, RCN does not
currently offer service at the address you provided. At the present time,
we do not have an estimated time frame as to whether or not we will become
a service provider in your neighborhood. We will gladly keep your
information on record should service become available.
"

My guess is that there isn't an "Monopoly" process in effect, then. I don't see how it is Comcast's fault that RCN won't expend capital to expand their service footprint.

beyond that I am displeased with comcast, they do own all lines in my development. I wish RCN would build some, but they refuse to tell me how many people I'd need to have willing to sign up for service in order for them to build out (I asked for such).

This isn't actually affecting me I got 70 drop connections in a hour downloading a torrent.

I will test tonight with a new legitimate seed and see what happens - will report back

OK. For anyone having problems seeding torrents. If you are using Azureus as your torrent client. Turn on encryption, which is supported in this application. Sandvine will be unable to determine what type of traffic it is and allow it to go through. It works great for me. Here is how you do it. Enable Advanced Mode and then click on Tools. Open Connection pull down inside tools. Inside you will see a selection called Transport Encryption. Open this setting up. Enable Require encrypt transport. I should point out that if other users that are seeding or leaching do not have encryption enabled then you as the seeder will suffer because they will be unable to connect to you.

The Azureus team has really been working on this.

»www.azureuswiki.com/inde ··· #Level_5

eMule (and Mods) users:

Please see Possible Work-around For Sandvine Problem (comcast, Cox, Others), Try this experiment and report back...

Thanks for the updates, funchords, But what about people on Utorrent? I have been doing fine with seeding..i have been just leaving utorrent going after my download is done, i believe im on my 4th day seeding..which is kinda sad to have to leave it seeding that long just to reach a good ratio, MORE upload speed so i can quit seeding faster.

Q: Is Azureus really system sources hungry like i hear it is?

I've never noticed Azureus eating system resources in large amounts.

Just tried out Azureus..Didn't like it, to much crap they force on you to download with the program. I'll stick to utorrent.

But i do applaud their efforts on isp's throttling to help their users out.

post back if you find utorrent offering a similar update hardening the encryption...

jig, Best thing to do on utorrent now is download a torrent and just leave it seeding (dont restart utorrent)

Probably sound like a broken record there but it has worked for me since they put sandvine on my line. Its obvious comcast is admitted to their sandvine efforts and are not giving it up anytime soon.

I find it funny though no one seems to have it on their line where "Blast" is available. For those who don't have blast it will probably be on your line in due-time.

Do we know whether Blast!==DOCSIS3?

if you don't mind me asking, which version of utorrent are you using?

i'm not on comcast, i'm on TimeWarner/old adelphia. there seems to be some new type of seed filtering going on, say in the past month or so. considering how in bed these companies are in divvying up the clientèle, i can't help but think they'd collaborate on new technology. probably went for a volume pricing deal...

I heard Comcast is using Docsis 2 for (Blast!) areas..

Comcast is probably no where near a docsis 3 rollout..

I use Utorrent 1.6.1 (website where i get my torrents only accepts that version.) No higher version is allowed.

But what is weird..Just recently Whenever i start utorrent i now get the red question mark at the bottom..nothing on my system has changed for it to do that..so im sorta at a lost on that front..

F.W.I.W, I am on the Blast 16/2 speedtier at a DOCSIS 1.1 registration

arg this sandvine is starting to realy piss me off. Even the advanced iptables trick(Link) along with forced encryption is no longer working as of today.

I'm ready to cancel comcast and switch to the local telco but I'm sorta holding out hope that someone will come up with a permanent solution or our local telco will make fios avail on our block which is still dsl atm while neighboring blocks are on fiber.

Does Verizon serve any part of Roseville? If not, no FiOS for you. Ever. FiOS is a Verizon product, which won't, ever, be delivered by AT&T (or, more likely in your case, Surewest).

no its surewest I meant to say fiber since they either provide high speed via dsl(6meg/786k) or via fiber(10meg/20meg/50meg synchronous tiers).

We did get a notice from Surewest awhile back about an upgrade in the works by years end. Heres hoping its sooner since surrounding areas have been upgraded already

But as its been said before here, that only works on YOUR side of the connection. Comcast is sending these packets out to everyone...

You would need to do this, and all people you are connected to need to do this...

Yikes...thats expensive

Hello,

Don't wait if you have acceptable options.

This is a game of "whack-a-mole" or "cat-and-mouse" between an ISP which has secretly deployed a severe interference technology that they won't acknowledge or support. That tells me that even if a work-around is found, Comcast will block it as soon as it becomes popular. While this is intellectually fascinating for me as a protocol geek, my goal as a Comcast HSI customer is Internet Access -- not to play hide-and-seek.

I said earlier in this thread, somewhere, that Sandvine has an interest in seeing Comcast succeed in this technology. However, Comcast has deployed it in such a disastrous manner that it doesn't work as advertised (or perhaps, it never worked as advertised). Sandvine promises that their technology will not harm the end-users' (ISP subscribers') experience. Either by design or mis-configuration, at Comcast -- the second largest USA ISP -- end users are being affected.

And not just heavy users -- my upload stream is 16 kB/s to 20 kB/s -- and over 50 percent of my connections get aborted by the RST flag.

So, don't wait. Please leave, and leave loudly. Make sure people know that you left COMCAST because they were using SANDVINE. I don't want one more ISP buying SANDVINE without knowing what is happening at COMCAST and getting SANDVINE to guarantee in writing that their product won't be tearing down end-users' connections in lieu of less invasive and damaging methods.

A good blog entry on the Azureus developments:

www.fsckin.com/2007/09/18/the-real-fix-for-comcast-bittorrent-throttling/

I'm doing some experiments with this, now.

I just tried your suggestion with Azureus using the OpenOffice 2.3.0 Win32 torrent and I found that all of my connections were killed by RST after switching to upload. I did not stop the torrent. That torrent had 600 seeders and about 30 peers, however. It is not a good test vehicle.

This was a good test vehicle: Click here for *.torrent file 27K Seeders 31K Leechers

Here were my results:

Test Results

Chart Showing Relationship of RST% and either Time or Relevant Peers

I found that I had no more and no less success than I've had previously -- about 40% of the connections were killed while seeding.

Are you seeing something different? Can you repeat my test and post your results? Can you define "worked" vs. "not worked" -- what is your criteria for success? Are you measuring the number of RST? Are you saying you can to reach your upload limit only if you do this?

Thanks in advance.

Robb

Have you tried it using Utorrent? I don't use Azureus so i don't know that program.

Only thing i can say is, after a torrent download is done, i leave it seeding and it still maxes out my upload speed if i want it to.

This is using utorrent 1.6.1