Speaking Engagements & Private Workshops - Get Dean Bubley to present or chair your event

Need an experienced, provocative & influential telecoms keynote speaker, moderator/chair or workshop facilitator?
To see recent presentations, and discuss Dean Bubley's appearance at a specific event, click here

Thursday, May 10, 2007

Deep packet inspection, audit trails and billing

I've said before that I view DPI as useful for certain things - spotting denial-of-service attacks, throttling bandwidth consumption that seriously threatens network integrity etc. But I don't buy the idea that it can be used to identify individual applications & block/charge accordingly.

There's a bunch of reasons for this, including what happens when you put traffic into a VPN or encrypt it, or you use XML objects that could be used by 15 different applications.

Another good one is MySpace, which is a "meta-service" which can comprise 20+ different bits & pieces of software, application & service amalgamated on a single page. You try explaining to a customer why it costs them double to view Sarah's page than Eric's, just because hers has a short video clip delivered by a new streaming service that someone had tagged as "VoIP" or "P2P.

I think this is the ultimate problem for operators leaning towards the more "fundamentalist" end of the Net Neutrality spectrum. Let's say I get a bill which contains an extra £2 for using a prohibited streaming or VoIP "service". I call up the helpline and say "No I didn't use that". It cuts no legal ice as far as I can see, to say "our DPI box caught this stream of packets and it looks like it's Skype". Just because something "looks" like Skype, that's not a call detail record, or "proof of purchase" - it's a vague, automatically-generated photofit. It could be anything - some new non-VoIP application that someone's made to look like Skype. It could be a new thing that Skype's invented which isn't VoIP at all. It could be someone else initiating a Skype call to me. And so on.

I can't see too many regulators being happy about carriers billing customers based on things they suspect without a proper audit trail.

Bottom line.... I still can't be bothered to get worked up about Net Neutrality. It doesn't work, many supposed network policies are probably legally unenforceable, and all it takes is 1% of customers to query their bills & the whole thing falls apart in a world of customer service opex pain. DPI's fine for the big tasks like protecting the network - nobody's going to argue that one. But for fine-grain application and service discrimination and billing? No way.


Anonymous said...

Hi Dean..jus curious..how many EDGE phones do u thin wereshpiied in 2006 and how many do u think would be shipped in 2007?

Anonymous said...

Hey Dean,

great article, as always! I think some wireless operators might be tempted to use DPI not to change billing but rather to throw away packets they feel are against their policy. E.g. throw away all packets that look like Skype or SIP. But then , I always have my VPN tunnel... So as you say it's difficult.

Some wireless operators have threatened to do this. I've tested many UMTS/HSDPA networks in different countries already but so far VoIP works all right. Let's hope it stays that way.


Dean Bubley said...

Anonymous - that's not a number I have to hand, sorry. If you're interested in commissioning some specific research in to EDGE, please contact me.

Martin - the problem with that type of policy is "false positives" - ie throwing away something that's actually valuable & would cause serious problems, such as tampering with an investment bank's private messaging applications, or something that another part of the operator has developed.

It might work in markets with strong anti-VoIP laws & regulation, or where there's not much competition, though.

Anonymous said...

Dean... your view of net neutrality is that mobile operators make consumers pay according to DPI, but there is another version where operators charge wholesale termination charges according to DPI to the service provoder, i.e. MySpace... this is in light of the two-sided market story, whereby instead of termination according to the source, like nowadays interconnection regime with the RPP regime, termination is discriminated according to applications/source of terminated packets. This would mean that the consumer do not see DPI-led billing and have nothing to complain with... if any this would enable operators to lower retail prices, while having internet guys paying for the service .... finally.
Regards, Paolo

Dean Bubley said...

Thanks for your comment Paolo.

Unfortunately that doesn't work either, because of the whole "mashup" phenomenon. Much of the traffic supposedly coming from "Myspace" is actually coming from 1000 other sites. Someone told me a while back that many Myspace pages can include 200+ DNS lookups.

Taking this to the extreme - does this mean that I should have to pay YOUR telco/ISP for the privilege of transmitting this blog's content to you? And if I'd put up video, or a PDF, or a podcast, then I'd have to pay 10x as much? That's clearly not a viable proposition.

The bottom line is this - consumers want plain-vanilla Internet access, and are prepared to pay a reasonable price for it. If it's underpriced currently, then charge more. Then they want the provider of that access to get out of the way & allow them to do whatever they want.

There's clear and obvious consumer demand for this. If the telco's can't fulfill that demand then someone else will.

Anonymous said...

Agree on the plain vanilla stuff, and am strongly in disagreement with the cultural misalignment that plenty of network operators are showing when dealing with web 2.0 applications... as regards the mashup problem, being not a technician, I am surely wrong in supposing that there is or will be a way of determining whether the traffic is ultimately coming from the "meta-service" provider, ie MySpace, which eventually makes money by mashing up original contents from 200+ DNSs, am I? Moreover, it would be in the interest of MySpace to policing that its customers are not unfairly treated, or, even better, avoid them to be directly charged an wholesale interconnection charge they would not understand.... or monitoring that VOIP-like application are not priced as VOIP. As regards the privilege stuff, I am referring to vanilla-plain Internet access sold at a price lower than what would be charged to the consumer without wholesale termination... so full satisfaction of a latent demand. You are mashing up two related issues: P2P social networking make the consumer a content provider either, and the content provider that makes money out of the whole value chain should be charged for the "priviledge" (read, service) of terminating its content. However, in the middle there is the meta-service provider, who if successful sits onto a mountain of cash, contrary to the vast majority of its P2P community users....

Regards, Paolo