CPE Residential IPv6 Security Poll
Ted Mittelstaedt
tedm at ipinc.net
Wed Sep 28 21:38:40 CEST 2016
On 9/27/2016 1:40 AM, Mikael Abrahamsson wrote:
> On Mon, 26 Sep 2016, Ted Mittelstaedt wrote:
>
>> Well there is an answer to that. Instead of paying your development
>> team to do a from-scratch build, you can just have them port over
>> dd-wrt or openwrt. Both of these router firmwares are most likely
>> tremendously advanced over anything your CPE development team can come
>> up with.
>
> I've been working with this for the past 3 years or so. We have a CPE
> using OpenWrt we use as development platform.
>
> So while OpenWrt is great for supporting development of new protocols,
> it's nowhere near as stable/bug free as one of the more restrictive
> vendor CPEs. When you have millions of devices in the field, shipping
> OpenWrt with all the bells and whistles available would be just a
> nightmare. If one were to restrict it a lot and just use the features
> "needed", then it might be managable.
That's what I have been arguing for. If they only have the ability to
configure their CPE with a web browser and they cannot ssh into an
openwrt command prompt and do anything with it, then IMHO they don't
have the need to go mucking about with a web interface that makes it
easy for them to shoot themselves in the foot.
> I know some vendors who do this
> and ship HGWs based on OpenWrt. It's however quite heavily modified
> OpenWrt from what I can tell, and they don't rev their versions as fast
> as the OPenWrt project does.
>
You should look at dd-wrt also, the effort on it is quite different
than openwrt it's not just "another openwrt"
>> I am sorry about this but there you have it. The largest ISPs out
>> there are solving the support issue by basically offering no useable
>> support, the customer calls in, complains something doesn't work and
>> is told to go away and find someone else to help them. These ISPs know
>> that no matter how angry the customer gets with a non-answer, that
>> ultimately the customer knows if they quit service and go to another
>> large competitor that the other large competitor is going to treat
>> them exactly the same way - so they don't benefit by quitting service.
>
> 90% (or more) of people want their ISP to just "FIX IT! FIX IT! FIX
> IT!".
90% of more of people want to do the cheapest thing. If they can con
their ISP into fixing for free what they would normally have to pay
to have done, they will TRY that first.
> So we're going to see more and more ISP provided equipment in
> peoples homes and ISPs getting more and more involved in running the
> home networks.
I disagree this is what's going to happen. The larger ISP's around
here, at any rate, have figured this out and started to tightly define
what they will do. Sure, they add wifi into their CPEs. But, they
restrict their CPEs down so badly that you can't do anything interesting
with them. That's fine for Ma and Pa Kettle and that's what I think
they should be doing - as long as they leave a button that can be pushed
to turn everything off on the CPE so the customer can use their own
ethernet-to-ethernet router.
I do not see any real interest by any of the large ISPs in getting
further into the home. The reality is that by adding wifi they have
actually withdrawn somewhat from the home network. Now with wifi
they don't have to deal with ethernet chipset incompatibilities because
some customer found an old dumb ethernet hub in someone's garbage
and dragged it home expecting to use it.
>
> This is not something the ISPs are generally great at, the product
> cycles are generally long, it's quite a lot of "let's come up with
> something that works, is fairly bug free, then run the production line
> for 3 years, oh, and we need to support it for another 3-5 years". This
> is not a great combination with some customers wishes to always have the
> latest and greatest. Very few people give any kind of love to their
> "home router". They go and buy a USD40 device (or complain to the ISP
> that it's too expensive when the ISP wants to charge that kind of money
> for it) and then they connect their 1000 USD iPhone to it and expect
> everything to work great.
>
> But I also (I think we're in agreement here) think I am seeing people
> more interested in their home networks now compared to 5-10 years ago.
Yes, probably because as time passes the young 10 year old grandsons are
growing up.
> More people now know that you shouldn't put your wifi router in the
> basement behind a lot of boxes if you want good wifi coverage. But there
> is more to be done here, and we need more tools to help the customers
> figure out what's wrong.
hear hear!! Well said!
> Doing truck rolls to fix peoples home networks
> is going to be too expensive, so we need home network devices (and SoHo
> devices) to talk to each other so they can figure out what's going on
> and give advice to the customer. Right now I see forum posts all the
> time with people frantically kicking all the things to try to figure out
> what's going on. There is no indication to them if the connectivity is
> bad because the problem is in their home network, on the access line,
> ISP core network, or further out from the Internet. People just don't
> have the tools to help them understand what's going on. The only thing
> they can say is "my Internet is slow", which of course says nothing what
> the problem really is. Current devices can't even tell them if DNS
> lookups are slow, if TCP establishment is slow, if TCP transfer rate is
> low because of packet loss, because of high delay, because of something
> else. This information just isn't available to the end user, and it's
> sad state of affairs.
>
Well that's the part that isn't easy to do. Particularly since
different problems can have identical symptoms. They may have slight
packet loss that doesn't impact anything other than DNS or other UDP
and makes sites far away very slow while sites within a few hops are
not affected.
> The IETF, vendors and ISPs are all quite siloed so I don't know where we
> would start to actually improve this. I tried talking to the TCP people
> at the IETF and had no takers. I tried talking to the IPPM people, but
> they just want to measure with test traffic. I don't know who to talk to
> next.
>
I think an area that can be improved greatly in CPEs is enhanced signal
reporting. You look at a typical cable modem CPE and it might show
signal to noise ratios on the cable but there's nothing in the interface
showing if the numbers are good or bad. Even putting a bar in there
that shows a continuum of red to green with the signal somewhere on that
would be helpful - as the customer can tell the tech support person
"My WAN signal levels are all showing red" and the frontline support
person can't then argue that's normal. After all, all WAN connectivity
does run on lower level something.
Ted
---
This email has been checked for viruses by Avast antivirus software.
https://www.avast.com/antivirus
More information about the ipv6-ops
mailing list