Net Neutrality

A small clip from The Oatmeal comic
(which I hope counts as fair use)
This is a complex one.

Firstly, to explain to those that are not technical, this is about settling a battle between ISPs and content providers that has been waged for some years. The Oatmeal try and explain it in very easy to understand terms (here).

As an ISP I am very keen on the principles that we "just shift packets", we don't care what people do with the service, and have no reason to - we are neutral and impartial. We peer with anyone, and we buy transit that connects to anyone neutrally.

However, you could have crazy situations where a major content provider pays an ISP for preferential access to its network, either to be the service the ISPs customers prefer (as it works better) or because the ISP is threatening to stifle the traffic if they are not paid. In some places this has happened.

So the US has just made some slightly controversial rulings on this making Internet have to work as a neutral carrier. The same stuff is happening in the EU.

"The EU Council of Minister has finalised its position on net neutrality and roaming. The Council will now begin trilogue meetings with the European Parliament and the European Commission (The Council and Parliament need to agree a text before it can become EU law)."

Unfortunately the idea of net neutrality has some issues.

So let's look at some of the problems I can see so far :-

"Providers should not limit the rights of end-users to: access and distribute information and content, use and provide applications and services and use terminal equipment of their choice. This is irrespective of the end-user’s or provider’s location or the location, origin or destination of the service, information or content (agreements between providers and end-users in relation to commercial or technical conditions, e.g. price, volume and speed are allowed)."

This is good - it will be interesting to see how BT's wires only FTTC will work with this as BT are currently limiting the VDSL modems that can be used on that service. Not all ISPs give out the login details for lines if you want to use your own terminal equipment.

But this also has implications where users might want to run email servers or use email servers or DNS not provided by the ISP. At A&A we have no issues, and allow anything, but some ISPs have some basic filtering as standard.

"Providers can offer non-internet access services that require a specific level of quality, as long as there is sufficient network capacity available so that the availability and quality of internet access services for other end-users are not impaired in a material manner."

Sounds sensible. Can't see immediate holes in that.

"When providing internet access services, providers shall equally treat equivalent types of traffic"

Again, sounds pretty sensible so far.

"Traffic management measures may be implemented to: comply with legal obligations (laid down in EU or national legislation); preserve the integrity and security of the network, services provided via the network or end-users’ terminal equipment; prevent pending network congestion and mitigate the effects of exceptional or temporary network congestion (provided that equivalent types of traffic are treated equally); or comply with an explicit request from the end-user, in order to prevent transmission of unsolicited communication or to implement parental control measures. When implementing traffic management measures, providers shall not block, slow down, alter, degrade or discriminate against specific content, applications or services, except as necessary and only for as long as necessary, to achieve one of the stated purposes"

This does get fun...
  1. Obviously this makes IPv6 mandatory, else discriminating against specific content (e.g. IPv6 only web sites). That is good news but not what they meant I am sure.
  2. This also outlaws IWF (child abuse image) filtering, as there is no legal requirement to filter such. My main objections to that have always been that it is the thin end of the wedge and ineffective at stopping child abuse. Though this could be provided as part of parental controls.
  3. This outlaws blocking of extremist material or anything else the government wants to block by the back door. They would have to actually pass laws, which is much more controversial. Again, this can be part of optional parental controls.
  4. This also outlaws all of the default filtering that some ISPs are doing as there is a requirement for explicit request from the end user.
  5. "End user" may not be same as "account holder" - it will depend on definitions. This could create problems where the account holder has asked for parental controls but the end user has not!
So, mostly this is good...

Now, I appreciate some of my comments may be a bit silly, I know, but if this ends up in actual law, it could be quite complex to define some of these things and difficult to be compliant. We have seen how badly worded laws end up with stupid convictions.

But can it go wrong?

You even have daft things like, obviously, our customers get good access to our email and VoIP servers as they are on the same network, but access to other networks email and VoIP services may not always be as good - simply due to the practical fact that they are connected by shared transit and peering links. Will that be seen as us as an ISP giving preferential treatment of traffic for us as a provider of email and VoIP? Will we have to move our servers off network to ensure they are treated equally?

I think we will need to watch the wording of this at EU and UK law level very carefully.

Net neutrality is great in principle but the details have to be right.


  1. Don't A&A give priority to voip traffic and some pingy things?

    1. We give a type of priority to all small packets. We treat that whole class of traffic the same. Though that is actually customer controller as well.

  2. > Will that be seen as us as an ISP giving preferential treatment of traffic for us as a provider of email and VoIP?

    For what it might be worth, my view is "no", provided that you do not throttle / filter other traffic of the same type from external providers. Similarly, an access provider would not be precluded from accepting (or even charging to accept) a Netflix-type appliance attached to its network, to lessen the load on peering/transit links.

    It would also appear to prevent a provider from throttling, say, Netflix inbound traffic, unless Netflix were to pay (good), but not require it to upgrade its peering/transit links to support ever-increasing traffic volumes. I wonder whether it might permit an access provider to charge a lower rate for connections using only slower peering/transit links, and a higher rate for connections using faster links, or links which offer better throughput of high-volume traffic (if this is technically possible).

  3. There is some ongoing debate about what the "correct" treatment of traffic is in the Internet community. There was easy consensus that blocking or throttling specific protocols or websites is a bad idea, but some of the fine details (like ping) are still being hashed out.

    Ping is special because it's often used for diagnostics (both reachability and latency) - which suggests it should have the same priority as other traffic - but can also be abused relatively easily for a DoS, for which a sensible mitigation strategy is to deprioritise it. In practice, ISPs often prioritise it (as A&A indirectly does, with its "small packet" bonus), because that makes the latency look lower to unsophisticated tests, but that makes both situations work less well for the end user in practice.

    The state of the art research is into Comprehensive Queue Management, where a modern AQM algorithm (Codel is a favourite) is combined with a fair-queuing system, a Diffserv traffic classifier, and possibly a local shaper to take control of the bottleneck queue. Diffserv classification is not considered unfair, because traffic subject to it is voluntarily marked by the sender, and the expected response of nodes en route is (loosely) specified - both above-normal and below-normal classes are available. It turns out that even quite modest hardware can do all that in realtime these days.

    1. BTW we don't reorder or have queues, so pings stand a lower chance of being dropped but do not see better latency. But yes, a complex area.


Comments are moderated purely to filter out obvious spam, but it means they may not show immediately.


There are lots of ways to debug stuff, but at the end of the day it is all a bit of a detective story. Looking for clues, testing an hypothe...