November 7, 2007 | WebMemo on Internet And Technology
On October 25, the Technology Liberation Front, a technology policy weblog, hosted an online discussion  concerning recent actions by Comcast Corporation to limit certain types of traffic on its network in order to manage demand. This is an edited transcript of that discussion.
Adam Thierer: The Associated Press reported this week that cable giant Comcast is apparently engaging in certain "traffic-shaping" techniques as they relate to BitTorrent, a peer-to-peer file-sharing protocol. What exactly is Comcast up to, and what are the ramifications of the company's traffic-shaping activities for the longer term debate over net neutrality policy in this country? That's going to be the focus of this discussion.
Joining me for this discussion are Jerry Brito of the Mercatus Center; James Gattuso of The Heritage Foundation; Ed Felten, who is a professor of computer science and public affairs and director of the Center for Information Technology Policy at Princeton University; and Richard Bennett, who has spent the last 30 years designing network traffic systems and is an expert on network management issues.
Jerry Brito, before we get into the meat of the issue, could you describe exactly what is happening in this case?
Jerry Brito: Sure. The AP conducted an investigation of Comcast's traffic management and basically found that in certain instances, whenever they used BitTorrent to transfer a file or try to upload a file, the connection would be reset. Upon further investigation, they found that whenever a file was trying to be uploaded, Comcast would, essentially, pretend to be the user on the other end of the transfer and send a reset message so that the connection would be dropped.
This caused a big uproar among the blogs and also among some newspaper columnists. Look, they said, this is more evidence that the big providers need to be regulated; we need to have net neutrality regulation. Now, what's interesting to me about this is that Comcast definitely has an interest in managing its network because BitTorrent traffic accounts for a lot of bandwidth use and affects other users on the network. But the way that they're doing it is that they're blocking an entire protocol, it seems. They're not going after heavy users, they're going after an entire protocol, and that's what seems to be enraging the net neutrality proponents.
Adam Thierer: Ed, can you give us your perspective on this and what's going on here?
Ed Felten: Sure. I think there are really two issues here. One is that Comcast has not been upfront with people about what they're doing. What we know about what's happening has been discovered by experiments, like the experiments that the AP did, and, by inference, from things that happen in other people's networks. But as far as we know, what Jerry described is basically right: Comcast is apparently looking for certain uses of the BitTorrent protocol and then intervening by essentially telling each end of the network connection that the other end has hung up.
Second, this is not the usual way of managing and dealing with congestion on the Internet or in large networks. There are other mechanisms that are built into TCP which to me seem like more natural and more friendly ways to shape traffic. But what Comcast is doing is, I think, a bit sneakier.
Adam Thierer: What would be the friendly way to manage traffic, in your opinion?
Ed Felten: Well, the usual way of dealing with a congested network is to have the network drop individual packets of data. When you communicate across the Internet, the data that you sent is divided up into packets. The usual thing that happens in congestion is that individual packets get lost or dropped when the network in the middle is overwhelmed, and the hosts at the endpoints that are communicating recognize the dropped packets and say, okay, the network must be congested, so let's slow down. And there's a really exquisitely engineered mechanism by which the end hosts can react to congestion on the Internet. But all that relies on the network in the middle responding to congestion in a certain way--by dropping packets--whereas Comcast did something else.
Adam Thierer: I see. Let's bring Richard Bennett in at this point and ask him for his thoughts on this issue and exactly how he would respond to what Professor Felten said.
Richard Bennett: I really don't see Comcast as the wrongdoer here. They do have a responsibility, as Jerry pointed out, to their customers to keep their network stable and responsive, and that appears to be just exactly what they've done. And it is worth clarifying that they don't block or meter the normal use of BitTorrent for downloading distributions of open source files or movies or whatever. The restrictions that they place on their network are a slow rate of BitTorrent uploads, which means that if you're operating BitTorrent after your download is completed--that is, you're serving up files to the rest of the internet-- they put a cap on the amount of bandwidth that they will let you have to do that based on the conditions on the network at that particular point in time.
Now, Ed has criticized Comcast because it's not using the standard mechanism in TCP that was supposedly engineered to control congestion on the Internet, and I think it's worth pointing out about that that's not really a general purpose solution to all sorts of network congestion problems. The TCP mechanism, which is called "slow-start," is actually a point solution that was rapidly tacked onto the Internet protocol suite in the mid-1980s to solve the problem called "congestion collapse" that was caused a very different protocol, FTP.
The mechanism works for FTP because FTP only opens one socket pair for its file transfer. BitTorrent, however, opens multiple socket pairs, and so if one of those streams is suppressed by the slow-start algorithm, it simply shifts over to the other streams that haven't been slow started and continues transferring data. BitTorrent's goal is to maintain a constant rate of upstream traffic, and because it has that goal, it will defeat the standard anti-congestion mechanism that's used by FTP.
So what Comcast is doing is actually a very common technique that every firewall uses for exactly the same purpose: using "TCP resets" to control access to and traffic within a network that's connected to the Internet. They're managing their private network, and they're doing it in a rational way.
Adam Thierer: Professor Felten, what is your response to Richard Bennett? Also, if Comcast has the ability to take other approaches, what are they and where would the approach that they've taken fit in that pecking order?
Ed Felten: First, I want to agree with Richard that part of the problem here is that Comcast is not talking about what they're doing and not explaining themselves or indeed even really admitting that they're using this particular method. I think it would help everyone if Comcast would just explain what they're doing and why--their justification--because certainly, I think no one is arguing that they shouldn't be able to manage the traffic on their network when it becomes congested.
My questions are: Are the methods they used aimed well at dealing with the congestion? Do they have other goals? And why haven't they explained to their customers what they're doing? There was a considerable period when most of the Comcast customers who were affected by this were unaware of what was going on, and I don't think that helps anybody. If Comcast's goal is to reduce the use of BitTorrent, or certain uses of BitTorrent, they ought to explain to their users that if you use BitTorrent in this way, you'll get performance that you may not like because of the traffic shaping.
Adam Thierer: Professor Felten, I actually agree with that; if there's one thing everyone can agree on, it's that the more transparency, the better, as concerns these traffic-shaping or network management activities. Seemingly, Comcast is coming around to that view.
However, it also seems clear that more transparency would not be enough to satisfy some of the critics out there and that the practices that we're describing here, which Richard describes as fairly routine, are drawing these critics' ire. Would you say that there's something wrong with these techniques or that there's a preferable way to do this?
Ed Felten: Well, I can imagine that the mechanism they're using may be justified, but they have not offered a justification, so we can't really look at what they're doing and draw a conclusion about whether it's justified or not. In other words, we can't really evaluate yet whether the accusations of their harshest critics are actually correct at a technical level. And they could clear that up, assuming that they actually are behaving appropriately, by just talking about what they're doing.
Richard Bennett: I think they are trying to set the record straight. The basic details have actually been known by the BitTorrent community for several months. There was also a third article by the AP reporter who broke this story in the mainstream media that was a little bit more sympathetic to the Comcast point of view. In that article, Comcast was a little bit more forthcoming about what they're doing and why, and they made the point that they're not actually blocking these uploads altogether but just essentially rescheduling them for some future time when the network is not so busy.
You have to understand that Comcast is playing a cat and mouse game with BitTorrent. And if you look into the details of how BitTorrent is engineered, it's fairly obvious that concealment of BitTorrent streams from traffic shaping and admission control and other sorts of network management technologies is an explicit goal of the project. Every concealment method that you can think of is used by BitTorrent to escape detection by the kind of network management systems that people like Comcast have to run. So to the extent that Comcast is transparent, they're simply making themselves vulnerable to a new version of BitTorrent that can escape whatever techniques they're employing.
Adam Thierer: Interesting. James and Jerry, what are the ramifications for the broader policy debates here in D.C. and across the country about net neutrality?
James Gattuso: What struck me about the press coverage of this is that a lot of it has a fairly cartoon version of net neutrality. A lot of people are writing about how net neutrality means that you can't prioritize anything on a network, and you have to treat everything equally. That is one version, but I think that the generally accepted version of network neutrality accepts that network management and prioritization has its role. Really, the focus in recent months has been on whether you can charge for prioritization. This is not a case in which Comcast was trying to create two tiers in order to get more money from one user or trying to discriminate.
But reading the press, you would think that network management in itself was a violation, which just is not where the debate is.
Jerry Brito: Professor Susan Crawford and others point out that the technique that Comcast has chosen here entails that it basically pretends to be the client or the server and send the other party hang-up commands. They say this is fraudulent or impersonation, almost like identity theft. So is it something nefarious, or is it something common?
Richard Bennett: The geeks on Slashdot point out that this is a common technique that firewalls use. Crawford implies that, because it's used by the great firewall of China, it's some kind of authoritarian technique. But actually, it's a common technique for any firewall.
And that's especially true in this case. The cable modem network is so sensitive to upload traffic congestion that the most efficient way to keep it clear is simply to limit the number of connections that can be made inside the cable modem network. In traffic engineering, we call that technique "admission control," and it's used to block new communication sessions when you don't have the communications resources to supply them with the bandwidth that they need. So I think there's really nothing wrong with that.
Ed Felten: I agree that it's a common technique, but if you look at the nuts and bolts, it is an impersonation of each party to the other in some circumstances. Apparently, it's not broadly accepted in this instance.
So I don't think it's right to dismiss the argument that it involves impersonation of one party, because it does, after all, involve sending network packets that purport to come from somebody other than the person who really is sending them. And whether you consider that a legal violation, an ethical violation, or neither, that's up to you. It's also worth noting that falsely attributing the source of network packets is a technique widely used by actual bad guys as well.
Richard Bennett: But that's like saying that bad guys use telephones, and so anyone who uses a telephone is suspect. What I'd like to know is what is the alternative if they're not going to use TCP resets? Unfortunately, the IP protocol doesn't really provide many tools to the traffic engineer to do things like this in a more explicit way. And a TCP reset is unfortunately just the best tool that it provides to bring about admission control when there's no higher-level session protocol like SIP being used that could explicitly refuse to take the call.
Ed Felten: Well, I just think we don't know, given that Comcast is being so closemouthed about what specifically they are doing beyond sort of stating vaguely, "We're shaping traffic." I think we don't know--we can't tell whether what they're doing is the best, least invasive way for them to accomplish their legitimate network management goal or not.
Jerry Brito: Another question: Why is Comcast choosing to sort of target an entire protocol? If what they're trying to do is target bandwidth hogs, why not do per-user management? And in that sense, they could then publish what their cap is and anybody who goes above this cap is either metered or kicked off the network.
Adam Thierer: Jerry, let me make that a little bit more concrete, because this is my favorite hobbyhorse, as you know--the question of why in the world are broadband providers in this country not dealing with this problem of excessive bandwidth use by whatever application or party by essentially better metering the price? That is, instead of engaging in some form of packet discrimination, they could engage in what would be a more reasonable form of price discrimination, using price signals to get at users at the margin who are using bandwidth excessively. Why is this not feasible?
Ed Felten: Technically, it's completely feasible. The reason it mostly doesn't happen is that consumers seem to hate it. What consumers want to buy, apparently, is a reasonably priced service that says it provides whatever it is they're going to want. And the ISPs are stuck here--between their customers' desire to have unlimited service at a fixed price and the difficulty in actually providing service to people who use everything that the network makes available to them. So they're left trying to steer an uncomfortable middle course, promoting the service as nearly unlimited or essentially unlimited but then trying to actually limit what some of their customers do.
Richard Bennett: I think that's mostly true but beside the point. Comcast does offer different tiers of service, and they don't claim that any of them is unlimited. They have specific download maximums and specific upload maximums, and they offer commercial accounts to people who want to operate servers. So the tiered service model is essentially already in effect, and, of course, nobody wants the commercial service because it's a lot more expensive than the residential service.
And why target BitTorrent when what you're actually going after is bandwidth hogs? As a practical matter, it's really the same thing. All the bandwidth hogs are running BitTorrent, so that's really all you have to do.
James Gattuso: A Washington Post article today put the ISPs' dilemma this way: They want to offer unlimited service and then hope that no one takes them up on it. Another analogy is a bank: All banks have on-demand withdrawals, but you just have to hope that everyone doesn't come to the bank at the same time and ask for their money back.
Richard Bennett: Well, this is the real dilemma of Internet engineering in general, and it's really a central point that almost never comes up in the network neutrality debates. The Internet is not designed to allow every person who's using it to inject sustained traffic into it. The entire technology of packet switching is based on the assumption that users don't all access the network at the same time.
If you want to have a network in which everyone is guaranteed a certain level of traffic throughput whenever they can get on the network, we have that: It's called the telephone network, and it's limited bandwidth. The reason that we get high performance out of the Internet is because we have these high-speed links that are shared by multiple people who don't use them all at the same time. It's a bursty traffic model--that's the secret sauce that makes the Internet go. When you get applications that violate that assumption, it's trouble.
Ed Felten: I basically agree. And this is the dilemma: Because consumers are unwilling to accept pay-per-bandwidth, ISPs are stuck hoping that not too many consumers use all their bandwidth all the time.
Adam Thierer: So, one of the responses that I've heard from a lot of bloggers is, "Well, why don't they just build more capacity?" And I guess there's something to that, after all; if we had unlimited capacity in the network, that would solve this problem, right? But is that realistic, is it just a case that we could just build a little bit more and it would solve the problem? What are the alternatives here, and is just building capacity going to solve the problem?
Richard Bennett: Yes, they do have to add more capacity to the networks. Every ISP is constantly adding capacity to their networks, because user demand for bandwidth is like user demand for memory or CPU speed: It only increases. And the more you put out there, the more ways people find to use it.
Jerry Brito: It's like the old iron law of expenditures. Expenditures rise with your wages and your income. And so, more bandwidth won't necessarily solve the problem; there'll probably be more bandwidth-intensive things out there to use any more bandwidth that's provided. So network management is going to continue to be an issue even in a world of more capacity.
Richard Bennett: Absolutely. There is one thing that Comcast really should do. Their network is highly asymmetrical; it's tuned to handle more downloads than uploads. But the major implication of BitTorrent becoming such a hugely popular protocol is that traffic is becoming more symmetrical. There's a new version of the cable modem network called DOCSIS 3.0 that's intended to provide a more symmetrical network, and I think Comcast needs to move in that direction. I think that will alleviate a lot of these problems over the long term. But it's an expensive transition, and it obsoletes all the cable modems that people have bought in order to use the Comcast network.
Adam Thierer: Jerry and James, this Comcast controversy comes fresh on the heels of the recent Verizon controversy with NARAL involving supposed text-blocking activities for messages going over their network. Do you think these incidents are the sort of horror stories that would drive public policy or renewed regulatory efforts, either at the FCC or in Congress, to impose net neutrality?
James Gattuso: I think these incidents are enough to keep net neutrality in the news. But by themselves, I don't see this being enough to push forward legislation. There were non-regulatory ways of handling each of these incidents, either through existing legal mechanisms or through the marketplace. And none of them violate the definition of net neutrality that would be imposed in a lot of the bills that are out there, which involves charging money for tiered pricing. These incidents are apples to the oranges of the main net neutrality debate.
Jerry Brito: Remember that the FCC is still considering its notice of inquiry, and the FCC has been very clear about what it wants in comments: instances of blocking. When I did a count of how many were presented, there were none. So to the extent that the FCC might want to move in this direction, this may give them at least some of the evidence that they were looking for.
Ed Felten: This controversy does illustrate one of the conundrums in the net neutrality debate, which is the difficulty of distinguishing legitimate network management from interferences with neutrality. It's not always an easy thing to tell the difference, as we can tell by this discussion here and in the blogosphere. Unlike, say, the NARAL example, where it was really about a network provider being uncomfortable with specific content, this really does get to the heart of the regulatory difficulties involved in network neutrality.
Richard Bennett: The network neutrality advocates really are hoping that this will revive the issue, because network neutrality has really been on life support for the last 14 months. It is no accident that the people who have been the most vocal this week and the most prone to demonize Comcast are the people who were front and center on network neutrality when it was a live issue 14 to 18 months ago.
Adam Thierer: Well, that's going to do it for our discussion this week. I want to thank Ed Felten, Richard Bennett, James Gattuso, and Jerry Brito for joining me. And to read more commentary on this and other issues, please visit us at techliberation.org.
Adam Thierer is a Senior Fellow with the Progress & Freedom Foundation and the Director of PFF's Center for Digital Media Freedom. Jerry Brito is a Senior Fellow with the regulatory studies program at the Mercatus Center at George Mason University. Edward W. Felten is Professor of Computer Science and Public Affairs, and Director of the Center for Information Technology Policy, at Princeton University. Richard Bennett is Senior Staff Engineer at Trapeze Networks and a contributor to numerous networking standards and technologies. James L. Gattuso is Senior Research Fellow in Regulatory Policy in the Thomas A. Roe Institute for Economic Policy Studies at The Heritage Foundation.