I'll give you my router
when you pry it from my cold, dead hands.
As software-defined networking takes off, it's become the basis of a parallel development: network function virtualisation. NFV is a boon to the data centre. For decades now, giants and minnows of the networking industry alike – Cisco and all of its competitors, along with anybody offering firewalls, WAN optimisation devices …
My FibreOP installation has three boxes:
1) Optical Network Terminal. You need a box with an optical port on it.
2) Their Router with wifi. You need a box with antennas on or in it.
3) Battery Backup (DC UPS): To keep the POTS alive for 911 purposes
I've added GB Ethernet Switches and several more of my own wifi routers.
They can virtualize all they want, but you still need a box(es) with an optical port (or DSL/Cable port), a couple of antennas, and a battery backup.
In my experience, it isn't normally possible to do anything other than tweak minor settings from the customer end of ISP supplied kit. Even changing DNS settings is prevented on some kit so I doubt that carriers give a damn about firmware upgrades by customers.
Rather than switching my VM Superhub into modem mode, I'd rather they gave me the option of a basic cable modem and let me sort the rest.
If the VCE is designed by the same engineers that designed the homehub I was sent, which:
Wouldn't allow a 10.x.x.x subnet
Only allowed a specific set of ports to be opened
Changing the SSID was an advanced feature
Regularly drop the PPoE session
Regularly generated 255 phantom Wifi hotspots one after the other
it will work really well.
What are these guy smoking?
This leaves the user totally vulnerable
Adds massive processing overhead to ISP
Means you don't actually have a broadband Internet connection, but a LAN connection to an ISP data centre
Probably removes much user flexibilty
You can't get back original functionality of ordinary connection by adding your own router.
I always turn off all the functions of my CPE except for switching and phone anyway, in an attempt to get some stability out of it, then put my own router in front of it. I can easily see that less sophisticated, non-Register reading users would be better off with that stuff shifted to the exchange side.
My only concern is that they let me turn their stuff off. If not I suppose I'll just have to tunnel through it. VPNs seem like a sensible idea these days anyway.
"for the masses, for people who dont understand what a router is"
The solution is not dumbing down "the masses", rather that everyone should be educated well enough that some understanding of computers, routers, telephones is part of their knowledge, regardless of whether they attended "public", private, or some other form of schooling. Maybe that promised IT (ITC) curriculum should teach kids more than just sexting, selfies, and slacking.
Dumbing down means control for the elite, or is that what you are after?
" It will probably cost a little premium but there you go"
Again, why pay a premium for something that should be part of the standard setup? The only advantage to moving all these functions "to the cloud" will be to remove control from the user, and add some major points of vulnerability due to this lack of control.
And don't get me started on IOT - even worse. IOT, at least 60 percent of IDIOT...
Great, now you can have your dishwasher message you that it just caught on fire....
What the hell? Why should everyone be required to learn how a router works? You don't know every subject in the world to an equivalent level to that, why are computers special? Because you already know them and think everyone else should too?
There are probably people who feel the same way about cooking, for instance, but maybe you're one of those who can't do anything beyond boiling a pot of water. Or maybe you don't know much about your country's political structure, or home maintenance, or growing food, how to load/use a weapon to hunt, how to create art, and so on. I'll bet you scoff at at least some of those as being important, but there are people who would argue that each of them are more important than knowing how a router works.
"You don't know every subject in the world to an equivalent level to that, why are computers special? Because you already know them and think everyone else should too?"
I agree. Why buy medicines from a pharmacy - that's just giving control to an elite. Everyone should learn chemistry well enough to make their own common medicines at home. Etc...
vCPE won't only be implemented on the carrier side of services. It also has a role to play as a device at the customers' site. Instead of having multiple hardware devices like a router and firewall, they could be provided on a single piece of hardware.
Carriers want to demonstrate value by solving the biggest problems and making networks easy to manage whilst maintaining performance. Enterprise customers are better informed than ever, they will be deciding if the carriers product set matches their aims.
There's only so far carriers can go with reducing the cost of forwarding packets. There still innovation in this area, the cost if scaling a network is still reducing.
Ideally we will see a combination of low cost, high speed services but with the added option of subscribing to network based functions that don't require a fresh piece of hardware to be installed on site.
"Ever since Intel started pumping packet processing capabilities into its silicon"
They did? I mean, I know the IXP422 family did something along those lines, but that was pretty much inherited from elsewhere, being an ARM product in the family inherited from DEC.
"most customers won't notice the change. Heaven knows, they calmly accept the conversion of the once-open Internet with the Web as its interface into a dizzying array of nearly worthless single-function apps."
That's *much* more on the ball. Every single-purpose non-browser app on a smartphone reduces the usefulness of the WWW in general.
Soon, every social app vendor will have their very own private Compuserve or AOL. What a joy that will be. Welcome back to the 1990s, young 'uns.
It will be interesting to see how this plays out. NFV in the home CPE is operating in a rather different environment from the enterprise device. Enterprise networks have massive symmetric bandwidth and almost no latency, so there is no performance overhead in virtualising functions.
But for the typical home user on an ADSL connection their upstream channel may be constrained to 500 - 1000 kbit/s and packetisation and error correction of the link introduces 5 - 20 ms round trip latency. It remains to be seen whether the performance of such a link between the CPE and the centralised NFV server constrains what is possible.
Actually from a consumer grade ADSL line it makes perfect sense to move most of those service of the carrier side.
Having the firewall on the carrier side would block DoS before it reach the ADSL low bandwidth so that's a massive plus (if you get under attack regularly - at which point you might think about stopping trolling people gaming).
DHCP having 60ms (2x30ms) latency is no big deal.
Management would be as slow as accessing any website.
IT makes perfect sense for the carrier and 99% of the users.
As long as there are specialised ISP available for the 1% (Like Andrews & Arnold) it's fine.
I don't want my provider to turn around and say "You want VLAN? Sorry that's an enterprise feature, you can switch to our £999/month tariff"
I get the impression that, much like SDN, vCPE and NFV will rely on a central controller, handling only control plane functions. So filtering of data plane for DDoS purposes would still reside at the vCPE, but the ISP would control those filters centrally. Same for routing, VoIP, etc.
There may be some sheep that like this idea. Personally, I think this will enable ISPs to leave their prices where that are, but cut their costs for network management by at least 50% (have your resume ready, mate). No small wonder why the ISPs are so interested, even beyond the additional revenue streams it could generate.
It is inevitable that most customers will choose the cheapest broadband service, so the service providers struggle to make money from raw packets. I contribute to this effect :-(
I too hope that there will be premium services where, in an upside-down sort of way, you pay more for less functionality at the ISP end. The trouble will be finding a provider who bothers, like providing static IP addresses.
(I sound more and more sad with each post. Let's hope it is only because I am particularly depressed today.)
In this case, "the cloud" is going to have to be "the ISP edge router", which is a bigger stretch of that phrase than I've seen before. Moving DNS, DHCP and VoIP services to remote servers, I can certainly understand - probably half of us have already done that ourselves, with the likes of OpenDNS, hosted Asterisk services etc.
Performing NAT on all the traffic at the ISP level rather than the customer router seems silly at first glance, but once you forget the "cloud" nonsense, it makes a bit more sense in the era of "carrier grade" NAT. Instead of us all NATting our own /24 onto a single IP address, then the ISP NATting that a second time, the ISP could subdivide 10/8 into a /24 for each of 65k customers and have a single level of NAT, avoiding all the usual "double NAT" problems. (Or they could enter the 21st century and finally roll out IPv6...)
Oh yes, I'm sure security will be MUCH better. With DHCP and other services being in "the cloud" (which btw is a term I've always detested anyway--if you had email on Prodigy in 1995, you were using the cloud), instead of Grandma's wireless being compromised or someone getting into her home network because no one changed the default password, now you have the opportunity for thousands of users to be compromised at once--and not even know about it unless the ISP is in a generous mood.
And revenue? What's to stop an ISP from deciding that for each additional IP address in your home, that you shouldn't pay another .50/month? (I know the article addressed this) Marketing? Now demographics on each attached device can be harvested via their MAC address, as well as much more detailed usage statistics. It's a dream for every ISP and a nightmare for every marginally-intelligent customer.
The MAC address info being available to the ISP is a killer security flaw (for the user) in this scenario, especially coupled with all the data-retention laws etc.
Not only will they have the bill payers info to link to for all data coming from the connection, they will be able to determine *which device* on the customer network made the 'interesting' connection, be-it tablet, smartphone or PC etc.
For those of us "blessed" with skill and knowledge to set up and maintain a home network, then we really do not want or need a VCPE, or for that matter a CPE. (Note to self get rid of the Homehub 2, by a proper one you cheapskate.)
But for the vast majority of users, they don't know or care. What bothers me more than the use of virtual devices, is the degree of control it could enforce on my surfing. In the 90s there was a lot of talk about the direction of the internet, a free for all, or walled gardens. If you force your customers to use VCPEs then suddenly you have control, doesn't matter that I have my nice Cisco device, it's still fronted by the ISP, so they can still control my access because their "Firewall" is in front of mine.
So lets hope they offer an op-out that lets you take raw traffic.
Of course, most customers won't notice the change. Heaven knows, they calmly accept the conversion of the once-open Internet with the Web as its interface into a dizzying array of nearly worthless single-function apps.
In much the same way as you have just described hypertext transfer the be-all and end-all of the Internet? Oh, the irony...
How long before they discover they can charge more for their new-found powers. ISP controlled DHCP? Now your account includes only connection for up to 5 devices. Any more than that and you will have to pay more for the additional IP addresses. They have already done this with cable TV connections, so it only makes sense that they will follow the same path with internet service.
Oh, by the way, when your ISP link goes down, you won't even be able to access your in-house NAS because you no longer have any DHCP service.
I use DHCP on my local network with static allocation of IP addresses to known MAC addresses.By the time you add in phones, PCs, game consoles, laptops, printers, virtual machines (doesn't everyone have one?) etc, it's very quick and easy to have twenty or thirty devices on a network.
I used a couple of Sheevaplugs as DHCP/DNS servers in a master/slave arrangement. Setting it up taught me how it works, and when one of them died for some reason, the other kept things going while I fixed the broken one.
"...easy to have twenty or thirty devices on a network."
For those of us that heat our houses with consumer electronics, it's easy to get up above 50. I think I can have more than 80 Ethernet ports (mostly empty of course). I've got three wifis covering the 2.4 GHz band, and two more on 5 GHz band. Fing shows dozens of clients on each router.
It's very educational, in terms of keeping it all working.
I don't trust the router of my ISP and my ISP, so what I have is a tunnel to a rented server in a data centre. The NAT happens there an I connect to it via an OpenVPN tunnel. Of course DHCP and similar services still run locally.
However trusting your ISP in doing that is just foolish. ISPs have shown over and over again that they are not trust worthy. Just think of the BT incident where they replaced advertisements and tracked you. I think it was called Phorm.
Most routers ship with relatively low end hardware - a lower-end ARM or equivalent processor, a few megs of RAM, a little bit of FLASH and some radio gubbins. They don't need any more than that and do the job they're designed to do. Even if you punt the compute to the cloud, you still need a processor, some memory, some way to boot the device and some radio gubbins, even with software defined radio. You can pick up a DSL router with wifi (al be it, only 802.11g) even at PC World for less than £20 these days, so I don't get the argument of cost saving. At bulk, with no retail overheads, the cost must be far lower than that.
With ever increasing bandwidth, the processors are only going to need to get more powerful anyway to cope with squirting stuff at "the cloud". Plus, at least from my perspective when the cloud has a little lie down, it's still useful to be able to get IP addresses on my LAN segment, so for example I could view my IP webcam.
If ISPs want control over their CPE, the existing TR-069 should surely be enough, or if not, developed further to give them the extra features they do want.
For example, I have a Motorola "SURFboard" which is a basic DOCSIS cable modem. It's got a coax connector for the cable, an Ethernet connector, and the connector for the wall wart.
It's got a basic http page listing the diagnostic logs, another for the current status, channels configured, and signal levels, a reboot button, a page for extremely basic DHCP that doesn't really work, and a page listing the open source copyrights.
You want a hub/router/firewall/wifi, you trot over to NewEgg or "Best" Buy and shell out some cash.
You say that as if there is something wrong with having control of your own LAN. Comcast (my ISP) can't even keep their nameservers lit. Buying and configuring my own router is a minor hassle compared to those morons controlling the traffic between my computer and my printer. Of course I am the sort who used to build networking gear, and who would really rather own my own DOCSIS modem, if only Comcast would stop playing games to encourage perpetual rental.
I wish Comcast-supplied modems had a "modem-only" option configurable by the user. I can't even switch off their DHCP server, which means it's a pain to do my own DHCP/DNS. I know there are reasons not to do double-NAT, but my irritation is getting to the point where I'll do it anyway and live with any problems. It's also very hard to get an eMTA modem that supports IPv6.
Biting the hand that feeds IT © 1998–2019