Carriers vs. the OSI model
The Web Dev Zone is brought to you in partnership with Mendix. Discover how IT departments looking for ways to keep up with demand for business apps has caused a new breed of developers to surface - the Rapid Application Developer.
Disclaimer: my experience with Internet Service Providers is limited to the Italy landscape, on wired and mobile networks. However, from what I read around, issues of this kind are present also in the rest of the Western world.
The OSI theoretical model of network protocols, and later the extracted TCP/IP model, clearly divide responsibilities between the layers. Citing only the upper ones:
- the IP layer provide a best-effort delivery mechanism, where packet of a fixed length in bytes are carried from one IP address in the world to another.
- the TCP (or UDP) layer builds over IP to produce a virtual, reliable and unlimited text stream from one point to another, featuring retransmission of lost packets and throttling.
- the application level layer, with procotols such as HTTP, sends messages between hosts over TCP establishing a semantic over free-form text. For example, in HTTP request and responses follow a strict syntax allowing information such as the browser (User-Agent) or user language (Accept-Language) to be carried around.
However, ISPs are commonly muddling some of these responsibilities to the only level they control, the IP one (3rd layer in the OSI model); once again business reasons take priority on a functional and reliable network.
The only fiber optic player in Italy, back from its start Fastweb has put everyone of its users inside a NAT. So Fastweb customers don't have a public IP, not even a dynamic one (although they of course have one inside Fastweb's network, and this has created the fastest file-sharing network in Italy, Adunanza.)
However, due to Fastweb speed, no one cared about the IP address in the cities were subscription was available. It's a positive trade-off to renounce to a public IP to get a 10x increase in bandwidth.
Net neutrality is a complex issue, but summarizing it in a phrase it's about the priority on the usage of bandwidth: do real time traffic such as streaming movies and concerts overtake normal navigation and download of files?
What is currently technically possible is to "color" the packet streams and treat them differently: labels to identify the category of traffic of each packet are being built in a repurposed field . The goal is to guarantee "Quality of Service".
Net neutrality is just an instance of the conflict between IT and telcos: over-the-top players such as Google are routinely crucified by telecommunications company. Hearing IT players, they are using an infrastructure like a public road without having to compensate anyone; hearing the telcos, the platform that generate much of the traffic should contribute to the development of the network.
I'm biased towards the first point of view like many of us, but having been in contact with both academic and business telco people I know what they're talking about. Let's remember that the Internet was not created by private initiative, and that networks have externalities that make it worthwhile to consider financing them more than what the private market would.
Let's not even talk about VOIP blocks (can't use Skype on the 3G network) or ISPs making you pay for a video call even if you make it with a data plan! It's like an highway toll depending on what you're transporting, milk or gas: technically a waste of resources, and maybe even unethical. But we are talking about big money here...
The neverending quest of the Internet Service Providers to disrupt the OSI model for business reasons started (for me) in 2008, but they were doing it before judging from the workarounds I have seen recorded on the Internet.
Consider as examples:
- blocking classical inbound ports, such as TCP 80. Could be workarounded by telling the domain yourhost.freedns.com:8080 or :8888 to other people wanting to reach you.
- Blocking outward ports, such as TCP 25. Maybe you must send mail through their server? This was workarounded by adding additional ports to SMTP servers, GMail still allows a range of ports.
- Blocking p2p ports, to prevent legal disputes in an unclear landscape of who's responsible for copyright infringement.
Moving into the mobile camp, we are seeing even more providers interfering at the HTTP level in 3G and 4G networks.
As a first example, they are adding HTTP headers of their own, identifying the user mobile phone number where applicable and for authorized domains. Custom headers such as X-Carrier-Msisdn: 12345678 are being added without any proxy being configured in the client.
We then come to the discrimination of devices: the difference in data plans between phones and laptop or tablets. In wired networks, you are still pretty sure to buy an ip address, so that what you route on that is more or less your concern (given you're able to change ports and crypt traffic in the worst circumstance.)
However, my 3G data plan is valid only for smart phones. If I try to tether, they may look into the user agent header and block my connection, or make me pay a daily subscription to the tablet/laptop version of the data plan.
The fact that they're intercepting your HTTP requests and reading them is already annoying. But what if you change your user agent to view a website whose mobile version isn't complete?
For any engineer that has studied the OSI model, or even only knowing the TCP/IP stack, this is ridiculous. The freedom of a complete Turing machine has been brought to the mobile world, since now you can run any code you have written on an Android device; but they may cut your connection or charge you more for business reasons if your navigation pattern is not the predicted one.