Tangled in the ThreadsJon Udell, February 21, 2001
Everyone's got a different story to tellAs the broadband rollout proceeds, somewhat fitfully, it raises issues of cost, convenience, freedom, and control
The broadband revolution is finally here, but plenty of obstacles remain. These are perennial topics of discussion in the networking newsgroup. Here's a complaint that's widely heard nowadays:
Why are so many players involved in setting up my DSL? The phone company, then a provisioning company, and finally, my DSL vendor. Added to that, I have complexities of some companies insisting I buy a router while others simply give me or ask me to buy a DSL modem. What gives?
Networking ace Randy Switt responded with a pointer to an excellent article he wrote for Network Magazine. Entitled DSL: Heaven or Hell?, Randy's article -- which details the logistical challenges involved in qualifying copper circuits for DSL service, and the administrative challenges of getting ISPs and telcos to coordinate the provisioning of the service -- made me realize that I'm lucky to have had a good first-time DSL installation, and doubly lucky to have been able to move the service from one home to another.
When we moved a year ago to a new house, which is the same distance (roughly a mile) from the telco switch as our old house, but in a different part of town, I had a very nervous afternoon waiting for my DSL link light to turn green. It might not have happened, for a long and depressing list of reasons that Randy's article cites. And scarily, there was really no way to prove it one way or the other ahead of time, though it ought to have been a crucial element of the homebuying decision.
I was just recently in almost as dicey a situation. My roommate moved out, and the DSL line was in his name on his phone account. Numerous calls to billing all returned a response indicating that transferring an account in anyway would cancel the DSL line, and I would have to reprovision. This was bad not only because I would've had to go through the installation nightmare again, but it would also have forced me over to PPPoE (I am a legacy DHCP customer right now). Fortunately, because I hang out on the local support group and try to help as much as I can, some support reps came to my rescue and ran interference for me. I had to keep my roommate's phone number, but at least everything is in my name now!
Yes, moving is a nightmare for those who (like us) are DSL addicted. There is NO good way to ensure that your house will be provisionable. Lawrence Baldwin's put together a pretty good little step-by-step procedure for maximizing your chances of having ADSL service at your new home.
As Randy points out, aspects of this procedure are BellSouth-specific, but the concepts are universal. A savvy real-estate agent would do well to become very familiar with these concepts -- or at least direct people to resources like Baldwin's page.
Broadband access methods: all over the map
The setup that I've got is nearly ideal for my purposes. My ISP delivered, as part of the service, a fully-configured Cisco 675 DSL modem/router. It's running as a router, not a bridge, and it uses NAT to achieve rather effective security. This means that I only need to point the various computers on my private LAN at the 675. I could manage IP addressing on the private LAN with DHCP but there are few enough devices here that, so far, I haven't bothered. From the ISP's perspective, there's a standard configuration for all the access devices it places in customer's homes, and this cuts down on lots of potential problems.
My setup is sensible, I think, but what the newsgroup discussion reveals is that it's not a very typical. When Srinivas Murty asked whether he would need a router, I thought he should expect it to be provided as part of the DSL service. But apparently, that's not often the case.
Actually, Jon, unless it's SDSL, I think it's rare for the providers to offer a router (though in saying that I remember now that even Bellsouth offers a router option to businesses, albeit for a $600 install charge!).
Here's Randy's mini-FAQ, in answer to a list of questions from Srinivas:
Q: Do I need to have a router?
A: You need to have SOME form of router even if it is a converted PC. But we all know that PCs crash, and it's not necessarily the best thing to have your entire network depending on one PC. A standalone hardware router is going to be much more reliable, not to mention easier to setup.
A software-only router is an acceptable solution for a small home network where money is tight and the consequences of outages are small. But hardware routers aren't that expensive, and should be very easy to justify for any sort of business. I strongly recommend a hardware router for any business running a network.
Q: If I use software routing, what kind?
A: Microsoft's ICS, built into Win98SE and Win2K, works and it's free. Sygate, Wingate, and Winroute are others. A more robust solution is IPChains in Linux, but you better know and like Linux before you go this route (Netfilter is a new, more advanced version of IPChains in the new Linux kernal). I personally use IPchains on Mandrake Linux 7.2 on a Packard Bell P100 w/2 NICs, and it runs for months at a time. In fact, I would pretty much classify IPchains on Linux as nearly as reliable as a purchased hardware router and much more flexible, though it takes CONSIDERABLY more effort and knowledge to setup.
We're all assuming here, of course, that the broadband circuit is connected to a LAN in the home. But, that's often not the case:
I think most home users are expected to only have one machine on the 'net, thus no need for a router. Of course, the ISP views the security of this to be an OS problem while the OS vendors view it to be an ISP problem. The average consumer blindly runs open on the Internet. If the ISP is to provide global firewalling, you can bet sophisticated users would complain.
An ideal solution would be to offer a simple bridge-style (layer-2) to sophisticated users who want to run their own NAT/firewall and a NAT/firewall capable box (layer-3, provides DHCP inside) with a built-in cable/DSL modem upstream and Ethernet hub downstream.
I hadn't thought about it in these terms, but if the target device is an otherwise standalone PC, then DSL might be treated just like a dialup stack, with respect to the customer/ISP relationship. In other words, the ISP tells the customer to go to Control Panel->Network, do this and that, plug in these numbers, etc.
Well, they don't use Win9x dial-up networking since the line (DSL or cable) is dedicated and the modem connection is automatic (it negotiates the modem connection on power on).
In our market the cable company (which deployed city-wide 1.5 years before DSL was available) sent out a cable guy (who tested the line quality and sometimes replaces low quality splitters in the house) and a PC guy (who had a truckful of various Ethernet cards, ISA and PCI) to do the install.
But, many broadband providers are falling back to the dial-up paradigm now as PPPoE and PPPoA are catching on (unfortunately). Both PPPoA and PPPoE often tie into Windows' Dial-Up Networking interface for authentication. You login just like you would dial up an analog modem connection.
Can security be centralized? Should it be?
The "global firewalling" Bruce refers to is a possibility discussed in another thread. Laurent Syzster offered his recipe for a "cabled-SOHO" network:
Laurent Syzster:. a hub. an old 486 with 16MB RAM
Get a distribution of Linux designed to build a router (like the Linux Router Project, http://lrp.c0wz.com/) and install it on your old 486. Configure it like this:. eth0 (connected to the cable modem), DHCP client. eth1 (connected to the hub), 192.168.1.1, DHCP server
Connect this Linux router's first ethernet card directly to the cable modem and the second one to the hub. Then connect your other PCs to the hub.
Of course configuring the router as a NAT firewall and DHCP server will take time and patience. Also, if you are new to Linux and IP networking, the learning curve might be quite steep.
That's a geek recipe, but surely not a recipe for large-scale adoption of broadband. Wouldn't the best model for most people be, in fact, one in which all firewall, routing, address assignment, VPN, and other configuration is done centrally, on the provider's end of the pipe, rather than locally, in customer premises equipment?
The broadband rollout may be creating an installed base that is going to exert significant drag on future development. If more were centralized, things could change more easily, and we know for sure that things will change.
I know what you are saying, setting up a Linux box to route is not for the masses, regardless of what the slash-dotters want us to believe. Most users don't even want to understand what a "port" is, much less NAT and routing. On the other hand, the hardware home routers on the market are cheap and easy to set up now, though many providers aren't always making it easy to use them. When providers issue internal PCI modems, or USB modems, customers often find that driver availability is limited, and the best solution may be to just buy a compatible external modem or modem/router combo.
Even though hardware routers are dramatically easier to set up than previous generations, that's still something to learn and something to do. The concept of service delivered to the home is: I just want to use it.
There's a huge business opportunity here. The phone companies get this. They find lots of ways to attach new backend services to the pipe they've already got to my home. For IP networking, the service innovation possibilities are infinitely richer. But the customer premises equipment is already a problem. A PC, an operating system, a disk -- too many moving parts, too much upgrade inertia. The single biggest innovation of the web remains that when your hotel reservation service or your news service changes, it just happens for you, no configuration change required.
Firewalling, to take just one example, might be a service delivered through a pipe to the home, not a service configured into a box that lives in the home.
I agree that firewalling should be a central office option, something that would be provided at a monthly charge -- maybe basic level would be free, enchanced would be extra? Then other value-added services like VPN.
Basic level: Free. Will let packets out, but won't let packets in.
Return level: 4.99/month. Prerequisite for usage-specific packages. Offers the ability to buy a package to allow packets in.
Game package: 9.99/month. Allows you to choose two games from partner companies to let through your firewall.
Web package: 9.99/month. Allows web access to partner web sites.
Email package: 9.99/month. Allows you to email and receive email from partner mail sites.
Anarchist package: 49.99/month. Will allow all packets to or from the Internet to pass. All users requesting this package must submit proof of age and consent to ongoing monitoring by the FBI.
Alan makes a great point. The issues at stake are more than cost and convenience. Freedom and control are equally at stake. Not everyone will want to define the terms on which he or she engages with the Net, but if the opportunity to do so is restricted, a do-it-yourself firewall/router starts to look attractive even to people who'd otherwise rather not have to know about ports, NAT, and routing.
Jon Udell (http://udell.roninhouse.com/) was BYTE Magazine's executive editor for new media, the architect of the original www.byte.com, and author of BYTE's Web Project column. He's now an independent Web/Internet consultant, and is the author of Practical Internet Groupware, from O'Reilly and Associates. His recent BYTE.com columns are archived at http://www.byte.com/index/threads
This work is licensed under a Creative Commons License.