CPE Residential IPv6 Security Poll

Mikael Abrahamsson swmike at swm.pp.se
Tue Sep 27 10:40:49 CEST 2016


On Mon, 26 Sep 2016, Ted Mittelstaedt wrote:

> Well there is an answer to that.  Instead of paying your development 
> team to do a from-scratch build, you can just have them port over dd-wrt 
> or openwrt.  Both of these router firmwares are most likely tremendously 
> advanced over anything your CPE development team can come up with.

I've been working with this for the past 3 years or so. We have a CPE 
using OpenWrt we use as development platform.

So while OpenWrt is great for supporting development of new protocols, 
it's nowhere near as stable/bug free as one of the more restrictive vendor 
CPEs. When you have millions of devices in the field, shipping OpenWrt 
with all the bells and whistles available would be just a nightmare. If 
one were to restrict it a lot and just use the features "needed", then it 
might be managable. I know some vendors who do this and ship HGWs based on 
OpenWrt. It's however quite heavily modified OpenWrt from what I can tell, 
and they don't rev their versions as fast as the OPenWrt project does.

> I am sorry about this but there you have it.  The largest ISPs out there 
> are solving the support issue by basically offering no useable support, 
> the customer calls in, complains something doesn't work and is told to 
> go away and find someone else to help them.  These ISPs know that no 
> matter how angry the customer gets with a non-answer, that ultimately 
> the customer knows if they quit service and go to another large 
> competitor that the other large competitor is going to treat them 
> exactly the same way - so they don't benefit by quitting service.

90% (or more) of people want their ISP to just "FIX IT! FIX IT! FIX IT!". 
So we're going to see more and more ISP provided equipment in peoples 
homes and ISPs getting more and more involved in running the home 
networks.

This is not something the ISPs are generally great at, the product cycles 
are generally long, it's quite a lot of "let's come up with something that 
works, is fairly bug free, then run the production line for 3 years, oh, 
and we need to support it for another 3-5 years". This is not a great 
combination with some customers wishes to always have the latest and 
greatest. Very few people give any kind of love to their "home router". 
They go and buy a USD40 device (or complain to the ISP that it's too 
expensive when the ISP wants to charge that kind of money for it) and then 
they connect their 1000 USD iPhone to it and expect everything to work 
great.

But I also (I think we're in agreement here) think I am seeing people more 
interested in their home networks now compared to 5-10 years ago. More 
people now know that you shouldn't put your wifi router in the basement 
behind a lot of boxes if you want good wifi coverage. But there is more to 
be done here, and we need more tools to help the customers figure out 
what's wrong. Doing truck rolls to fix peoples home networks is going to 
be too expensive, so we need home network devices (and SoHo devices) to 
talk to each other so they can figure out what's going on and give advice 
to the customer. Right now I see forum posts all the time with people 
frantically kicking all the things to try to figure out what's going on. 
There is no indication to them if the connectivity is bad because the 
problem is in their home network, on the access line, ISP core network, or 
further out from the Internet. People just don't have the tools to help 
them understand what's going on. The only thing they can say is "my 
Internet is slow", which of course says nothing what the problem really 
is. Current devices can't even tell them if DNS lookups are slow, if TCP 
establishment is slow, if TCP transfer rate is low because of packet loss, 
because of high delay, because of something else. This information just 
isn't available to the end user, and it's sad state of affairs.

The IETF, vendors and ISPs are all quite siloed so I don't know where we 
would start to actually improve this. I tried talking to the TCP people at 
the IETF and had no takers. I tried talking to the IPPM people, but they 
just want to measure with test traffic. I don't know who to talk to next.

-- 
Mikael Abrahamsson    email: swmike at swm.pp.se



More information about the ipv6-ops mailing list