CPE Residential IPv6 Security Poll
swmike at swm.pp.se
Tue Sep 27 10:40:49 CEST 2016
On Mon, 26 Sep 2016, Ted Mittelstaedt wrote:
> Well there is an answer to that. Instead of paying your development
> team to do a from-scratch build, you can just have them port over dd-wrt
> or openwrt. Both of these router firmwares are most likely tremendously
> advanced over anything your CPE development team can come up with.
I've been working with this for the past 3 years or so. We have a CPE
using OpenWrt we use as development platform.
So while OpenWrt is great for supporting development of new protocols,
it's nowhere near as stable/bug free as one of the more restrictive vendor
CPEs. When you have millions of devices in the field, shipping OpenWrt
with all the bells and whistles available would be just a nightmare. If
one were to restrict it a lot and just use the features "needed", then it
might be managable. I know some vendors who do this and ship HGWs based on
OpenWrt. It's however quite heavily modified OpenWrt from what I can tell,
and they don't rev their versions as fast as the OPenWrt project does.
> I am sorry about this but there you have it. The largest ISPs out there
> are solving the support issue by basically offering no useable support,
> the customer calls in, complains something doesn't work and is told to
> go away and find someone else to help them. These ISPs know that no
> matter how angry the customer gets with a non-answer, that ultimately
> the customer knows if they quit service and go to another large
> competitor that the other large competitor is going to treat them
> exactly the same way - so they don't benefit by quitting service.
90% (or more) of people want their ISP to just "FIX IT! FIX IT! FIX IT!".
So we're going to see more and more ISP provided equipment in peoples
homes and ISPs getting more and more involved in running the home
This is not something the ISPs are generally great at, the product cycles
are generally long, it's quite a lot of "let's come up with something that
works, is fairly bug free, then run the production line for 3 years, oh,
and we need to support it for another 3-5 years". This is not a great
combination with some customers wishes to always have the latest and
greatest. Very few people give any kind of love to their "home router".
They go and buy a USD40 device (or complain to the ISP that it's too
expensive when the ISP wants to charge that kind of money for it) and then
they connect their 1000 USD iPhone to it and expect everything to work
But I also (I think we're in agreement here) think I am seeing people more
interested in their home networks now compared to 5-10 years ago. More
people now know that you shouldn't put your wifi router in the basement
behind a lot of boxes if you want good wifi coverage. But there is more to
be done here, and we need more tools to help the customers figure out
what's wrong. Doing truck rolls to fix peoples home networks is going to
be too expensive, so we need home network devices (and SoHo devices) to
talk to each other so they can figure out what's going on and give advice
to the customer. Right now I see forum posts all the time with people
frantically kicking all the things to try to figure out what's going on.
There is no indication to them if the connectivity is bad because the
problem is in their home network, on the access line, ISP core network, or
further out from the Internet. People just don't have the tools to help
them understand what's going on. The only thing they can say is "my
Internet is slow", which of course says nothing what the problem really
is. Current devices can't even tell them if DNS lookups are slow, if TCP
establishment is slow, if TCP transfer rate is low because of packet loss,
because of high delay, because of something else. This information just
isn't available to the end user, and it's sad state of affairs.
The IETF, vendors and ISPs are all quite siloed so I don't know where we
would start to actually improve this. I tried talking to the TCP people at
the IETF and had no takers. I tried talking to the IPPM people, but they
just want to measure with test traffic. I don't know who to talk to next.
Mikael Abrahamsson email: swmike at swm.pp.se
More information about the ipv6-ops