[kwlug-disc] Slow OpenVPN on Rogers?

unsolicited unsolicited at swiz.ca
Sat Jun 18 06:25:21 EDT 2011 

Paul Nijjar wrote, On 06/18/2011 2:24 AM:
> On Sat, Jun 18, 2011 at 02:00:29AM -0400, William Rieck wrote:
>> Rogers statement is here, point number three, that other applications may be
>> impacted when there are P2P sharing applications are running on your
>> network.
>> http://www.rogers.com/web/content/network_management
> 
> That's helpful, thanks.
> 
> Also, the statement in point 5 that "Rogers does not look at content.
> Our traffic management is not used to identify content: it identifies
> only the type of traffic." is demonstrably false. Here is a snippet
> they gave us when they shut us down for having an IRC bot on our
> network.
> 
> ===
>  Times are in GMT.
>  [2009-04-22 14:50:11][99.237.63.4:59609] CONNECT 6669
>  [2009-04-22 14:50:11][99.237.63.4:59609:6669] PASS dci
>  [2009-04-22 14:50:12][99.237.63.4:59609:6669] NICK [SNiFFER]prewya
>  [2009-04-22 14:50:12][99.237.63.4:59609:6669] USER thmcft ""
> "dvo" :thmcft
>  [2009-04-22 14:50:12][[SNiFFER]prewya!thmcft at 99.237.63.4:59609:6669]
> JOIN
> ??hackz?? loser
> ===
> 
> Sounds to me like listing usernames and IRC channels is an example of
> looking inside content. The type of the traffic is IRC traffic. The
> content helps identify it as an IRC bot.

I too came across this page recently.

Paul - I'm not entirely certain that this is the page that applies to 
you. The page I read, and this looks very much like it (or perhaps it 
was some page I read in and around that time), indicated that outgoing 
mail was restricted to going by their servers only (smtp/25). Since 
you're on business Roger's, and, I would hope, not restricted to their 
port 25 - is it possible there are different pages / policies 
depending upon whether you're a residential or a business customer? 
(As a residential Roger's internet customer, I definitely can't go 
anywhere but Roger's, on port 25.)

	On a side note: I don't remember your (Working Centre) policies for 
certain, but I assume you are not specifically 'mandated' to use 
Rogers. I'm guessing you are mandated to use cable? If that is 
correct, is TekSavvy or Acanac cable an option for you? [Reading DSL 
Reports, I am struck by any complaints being mostly from 
non-technically aware clients and/or a failure to accept that poor 
installation technician performance by the copper provider - Rogers or 
Bell - is a fact of life of using them.] TekSavvy has said to me they 
do have to use at least a portion of Roger's network, so are impacted 
by Roger's policies. Acanac is a CLEC, so if they are colocated at the 
other end of the Roger's cable from you - is this a potential path for 
you to stop having to deal with the nonsense you go through?

At the time I was running into these Roger's policy pages, 2 things 
seemed pretty clear: (1) P2P uploads was limited to a max of 80kbps - 
so all of your incoming traffic should be arriving full speed. (2) 
There is no clear definition of just what 'P2P traffic' is [so if you 
could figure out what traffic they are trapping as P2P, and rate limit 
it to, say, 70 kbps, your irc would get through], and in the presence 
of P2P traffic, other traffic may get caught up in the limiting. (As 
you appear to be experiencing.)

Also, in the blurbs I saw about other traffic being caught up, 
instructions were to make sure all P2P traffic had ceased for at least 
10 minutes - at which point the other traffic being caught should be 
able to proceed at full speed. Sadly, that has not been my experience.

As far as I know, any encrypted traffic (non-443?) gets caught up. It 
can be weeks since I P2P'ed a Kubuntu distro, for example, and my ssh 
is still dog slow. So, it is my impression that encryption = P2P in 
their rules.

Any chance blocking any outgoing traffic on the well known bittorrent 
ports produces useful results?

If you are only being impacted in certain ways/users, is using a proxy 
a route for you? (SDF?)

Surely the person who sent you the logs can point you towards, with 
certainty, the specific policy pages that apply to you. (If it's not 
http://www.rogers.com/web/content/network_management?) They won't tell 
you what 'P2P traffic is' I don't expect - if that information got out 
to the wild, workarounds would appear quickly thereafter.

This thread may be of interest to you too - apparently even 
single-line MLPP gets around Bell traffic management, and MLPP for 
cable is soon to be released. However, I haven't seen any confirmation 
that MLPP, single or any other line, gets around Roger's practices.

http://www.dslreports.com/forum/r25676188-cable-internet - just go to 
the bottom post.

More information about the kwlug-disc mailing list