Broadband Revisited

Broadband...isn't this an 'always-on' Internet connection provided by an ISP? Contrary to popular belief, this is not the true definition of broadband. Simply speaking, the term broadband refers to the ability of sending multiple channels over a single link. In other words, you're using the same connection to pass multiple signals. A cable TV network is a perfect example of broadband. You get a single co-axial cable terminated to your TV, but the same cable delivers lots of TV channels for you to watch.

So despite true broadband having been there in our lives for so long in the form of cable TV, we never realized its true meaning. Instead, the image that's been created, of broadband, is completely different-a 24x7 Internet connection. That's because the term has largely been promoted by ISPs for their Internet connections. The focus has been more on an always-on Internet connection than on the actual bandwidth being offered. If there is insufficient bandwidth, then multiple services can't run reliably over the same connection, which is the very basis of a broadband connection. The only advantage of this is that the connection doesn't drop, so users can use it for downloading large software from the Internet.

This has changed recently after the TRAI (Telecom Regulatory Authority of India) said that in order for a connection to qualify as broadband, its minimum bandwidth must be 256 Kbps. With so much bandwidth, users can go beyond Web browsing, e-mail and downloads. They can expect more services from the ISP, which were not possible till now, due to lower bandwidth that was being offered. Some of these can be live audio/video streaming to listen to songs or watch movies in real time without compromising on quality. They can use it for video conferencing, VPN connections or running business applications online.

Having more bandwidth also means opening up a larger pipe for the world to access your systems, therefore, security risks increase. So we've looked at security issues that arise due to broadband. Lastly, an organization going for a broadband connection needs to ensure that it gets the bandwidth being promised by the ISP, for which service level agreements or SLAs are important. This story examines the current state of affairs in the world of broadband Internet and the technologies that make it possible.

Quality of Service and SLAs



The quality of your broadband connection is affected by two main factors: the contention rate and the network congestion. Some of these issues can be resolved by better bandwidth management and others only by upgrading infrastructure to manage that traffic better. Broadband service providers offer a SLA (service-level agreement), that guarantees you (as a subscriber of their service) a particular level of bandwidth and throughput. Bandwidth refers to the available capacity and throughput (or speed) to what you actually experience.

A data capable line has about six usable stream pipes. Out of this six, one is reserved and one is used for internal maintenance purposes by the ISP. This leaves four pipes available for subscriber use. The contention offered to you is the number of remaining pipes that you can go ahead and use. A 1:1 contention is the best, since it guarantees that you get a pipe for your purposes and you can burst data all you want on that pipe. On lower-end connections, contention levels can be at 1:4 (one out of four pipes will be available to you), though 1:2 is also fairly common. How does this affect your bandwidth? Let's say that the line can do 512 Kbps, on this line, a 1:4 contention connection offers you a guaranteed 128 Kbps (1/4th the available) at peak usage. The contention rate depends on both the availability and demand for bandwidth. As the number of users for an ISP grows, they are forced to take contention levels higher, giving you a lower actual data rate. Thus, at a 1:2 contention, your effective data transfer rate at peak usage time effectively halves from (say) 64 KB/s (512 Kbps) to 16 KB/s (128 Kbps).

ISPs can only guarantee bandwidth and throughput from your terminator to their termination point. They would not be able to guarantee service levels beyond that, since it would depend on traffic patterns on the Internet itself. While at the home user level, there may not be a guaranteed SLA, ISPs do offer such guarantees for enterprises at an additional cost. In this SLA, you should look for guarantees on uptime, bandwidth and (if applicable) contention rates. Additional points would be

on how quickly they would rectify a problem and how (and how much in advance) they would notify you before scheduled maintenance.

Uptime is the amount of time as, a percentage, that your connection would remain available for use. During this period, you should be able to satisfactorily use your connection for broadband activities. The normal quote for uptime is 99.9%. Your ISP will reserve a certain percentage for maintenance work, during which your connection will remain either completely unavailable or unusable after a certain level (say, Web browsing may be possible, but not video conferencing). Guarantees on bandwidth and contention would be as per the plan you subscribe to.

ISPs can notify the corporate/enterprise customer in advance (if required) about scheduled maintenance. The usual process could include a simple e-mail notifying you of the proposed maintenance period. Some ISPs also take it to the next level, by sending an SMS to a designated executive in your enterprise about the downtime.

Further, broadband need not be purely wired. ISPs such as AirTel and Sify are providing wireless broadband, without needing wires at your end. Satellites and low-interference / high-power transmission towers are used to propagate your Internet signal almost the same way as a TV signal is propagated. WiFi broadband complicates quality of service considerations further, since obstacles and different types of materials in between the access point and the receiver can severely destroy your connectivity. Also, the number of users jumping into the connection will further degrade and reduce the available bandwidth.

How do you measure what you are getting?



This is the biggest problem of them all. How do you find out what speed/bandwidth you are getting and if it is anywhere near what you are supposed to be getting through whatever plan you are contracted under? There are plenty of ways available that help you clock your connection. Here are a few.

MRTG



The MRTG (Multi-Router Traffic Graph) is a tool that shows you the traffic your connection is seeing and how fast it is. It is easy to deploy such a tool and quite a few ISPs host it themselves and give you a URL. A sample MRTG application can be seen on the National Internet Exchange of India website at:

http://www.nixi.org.

MRTG graphs provide break ups of your usage by day, week, month and year. However, it may not be possible to know if this bandwidth was seen by their entire network or if it was specific to your link. The data used for this representation is taken live.

Hosted 'Internet Exchange' websites like that of NIXI offer you traffic patterns of the network at strategic points in the country or world. You can compare the MRTG you are seeing for your connection with this pattern to check if any outages you are facing are local or endemic.

Web-based tools



You get good speed-checks on most download websites (eg download.com) where a 'Clock your speed' link will find out and tell you how fast your connection is and how long it would take you to download a particular file at that bandwidth.

SBC Global provides a speed check at: http://help.sbcglobal.net/dsl/speedtest.

Although the 'nearest servers' list shows only US cities, you can use it to get a ballpark estimate of your speed in India as well. Also ignore the text that reads 'of your Yahoo SBC Internet Connection'. Like the text says, don't use your Internet connection for a while from this system while the test is running, or you will get skewed results.

BandwidthPlace.com also provides a neat Web-based tool at http://www.bandwidthplace.com/speedtest

and this is quite reliable. Interestingly this tool indicates that almost any speed is 'below par' unless you tell it in the beginning that you're on a 56 Kbps dial-up connection!

CNet.com has a bandwidth meter too at http://reviews.cnet.com/7004-7254_7-0.html.

Though this is classified as a 'review', but it is a bandwidth measurement tool, alright. It doesn't matter what you select or type in on the starting screen. Just enter some data and click on Go. About a minute later, you should see a nice set of comparative graphs telling you how good or bad your connection is.

Self help



The easiest way is if you have access to a server somewhere on the Internet and preferably on a known connection. Create a file of any type and of a known size and upload it to this server. Use the machine and connection you want to clock from and download this file. Time the duration and divide that file-size with the time you noted. This will give you your actual speed for that time. For example,

Third-party tools



Several third-party tools are available that you can download and install at strategic stations along your network that can monitor your connection and give you nice



reports. A sample list of such tools are: NetInfo (http://netinfo.tsarfin.com), OnlineEye Pro
(http://www.pmasoft.net), Traffic Statistics

(http://www.trafficstatistic.com). Some of the above tools are free, others are shareware.

We tried out OnlineEye Pro's shareware edition and it does a lot of things, including giving you a monthly traffic report that you can export as an Excel spreadsheet or view as a graph and print out. The useful thing about OnlineEye was its ability to work with a group of computers and allow remote management-very useful on a LAN. It also bundles some ping, uptime-monitors, auto dialer and disconnect utilities, packet sniffers and port scanners, which make it useful for network monitoring.

Broadband Technologies



Keeping in mind the official definition of what broadband is supposed to be (the ability to use multiple channels at the same time; minimum bandwidth of 256 Kbps according to TRAI), the following technologies can effectively be used to set up broadband connects. We shall examine each one in detail and classify them according to application and effectiveness in their deliverables.

Integrated Services Digital Network (ISDN)



Perhaps the first type of broadband technology to become popular, this requires a switched tele- phone system. It works by multiplexing both voice and data signals digitally over the ordinary copper wire network, providing high speeds and quality. ISDN uses two channels for transmissions, called B (Bearer) and D (Data). The B channel is for both voice and data, while D is for signaling and control information.

The ISDN system also uses two types of interfaces, each differing in the number and combination of channels they carry: the BRI (Basic Rate Interface) and the PRI (Primary Rate Interface). BRI supports two B channels with bandwidths of 64 Kbps each and one D channel at 16 Kbps. PRI has a country dependant number of B channels and a single D channel at 64 Kbps. In North America and Japan, PRI would have upto 23 B channels, providing around 1.5 Mbps. In Europe, Australia and Asia, this goes upto 30 B channels and 2 Mbps. ISDN supports multiple simultaneous calls, and each session on the B channel is a simple 64 Kbps synchronous bi-directional flow. Using a technique called 'channel bonding', B channels can also be multiplexed into a single channel of higher bandwidth.



All telecom and Internet Service Providers in India offer ISDN connectivity, in BRI they use 2 B channels, offering 64 Kbps and on PRI, we get 30 B at around 1.5 Mbps. Using an ISDN connection requires a costly infrastructure. It requires an ISDN line from your telephone company and an ISDN modem or router.

Although the monthly access rates are comparable or lower than normal dial-up or DSL charges, the initial setup fees (mainly for the equipment you need to install and its related deposit fee) can cost about Rs 5,000 for BRI and upto Rs 60,000 for PRI connections.

Applications for ISDN include Internet access, video conferencing (most widely used application on ISDN) and VPN connectivity between offices. ISDN requires you to dial out every time you need to connect and no separate (call) charges are applicable for your online time other than your plan rate.

Broadband ISDN (B-ISDN)



B-ISDN was conceived in the 1970s as an extension to ISDN. B-ISDN was designed to use ATM (Asynchronous Transfer Mode) to use both voice and data on the same infrastructure. The theoretical maximum speeds achievable on B-ISDN stands at 1.5 Mbps over a point-to-point channel.

This technology stands obsolete and has been superceded by the DSL family of technologies.

Digital Subscriber Line (DSL)



As a concept, DSL is similar to ISDN and B-ISDN, using ATM channels to transfer data and voice simultaneously over the same telephone-wire. The crux of DSL technology is the fact that human-audible signals lie in the frequency range 300 to 3,500 Hz, while DSL transfers data signals in the 10 to 100 KHz range, in 4.3 KHz bands. So, a telephone cable can be used to carry voice and data simultaneously. The maximum frequency is 1.1 MHz for ADSL (more on ADSL later).

As we write this, even higher frequencies are emerging, giving rise to more cousins of DSL such as SHDSL. However, SHDSL is not currently supported in India.

Unlike with ISDN where you would get your own line from your premises to that of the provider, DSL uses the same wiring as the normal telephone. This introduces the concept of 'line contention'. Naturally, the better the contention, the more the bandwidth available to you.

DSL uses a DSL modem or router connected to the telephone line and via USB or Ethernet to a computer or network hub/router/switch. Between the DSL modem/router and the telephone line, sits a DSL-splitter that ensures that the modem and telephone units receive only those frequencies the provider has allocated for each.

The applications for DSL are the same as for ISDN-high quality VoIP, video conferencing, high bandwidth Internet access, VPN, Internet streaming of audio and video. DSL requires you to dial out every time you need to connect and no separate (call) charges are applicable for your online time other than your plan rate.



The following sub-sets of DSL currently exist.

HDSL (High Bit-rate DSL): Same as normal DSL

ADSL (Asymmetrical DSL): The data flows faster in one direction than in the other. Usually the inward (download) rates are higher than the outward (upload) rates. Data speeds can start at 128 Kbps and can reach a blistering 1.5 Mbps (downloads). However, ADSL rates fall off dramatically as the distance between the your end and the ISP's terminal ('central office') increases. For example, the same 256 Kbps line might show speeds of upto 9 Mbps if the central office is within 300 meters.

ADSL2 and ADSL2+ are improvements to ADSL that allow download rates of upto 25 Mbps at upto 2.5 Kms from the central office.

Currently, most DSL providers in India provide ADSL connections by default. None of them provide ADSL2 or ADSL2+ yet.

RADSL (Rate Adaptive DSL): Works just like ADSL, except that the modem/router can adjust the speed of your connection as per the quality and length of your line. Here, the modem/router uses the unused portions of the upload bandwidth to create more download bandwidth. RADSL is also more tolerant to signal loss and line noise. The lowest upload speed attainable here is 64 Kbps, the same as a single-channel ISDN connect.

SDSL (Symmetrical DSL): Transfer rates start at 72 Kbps and reach 2.3 Mbps over a pair of copper wires at upto 3 Kms. SDSL is vendor-specific -both the central office and the equipment at your premises should use the same chipset /vendor equipment, since all communications are in proprietary formats. This technology has now been superceded by G.SHDSL.

VDSL (Very High Bit-rate DSL): The theoretical maximum speed of this is 52 Mbps download and 12 Mbps upload, much faster than most common Ethernet connections (10 Mbps). This is done using two different frequency bands each, for uploads and downloads. VDSL can be further symmetric (26 Mbps, 1.5 Km) or asymmetric (100 Mbps, 100 m) also. VDSL is very suitable for HDTV applications.

Cable Internet



Here, a co-axial Ethernet cable is used to connect you via a network of repeaters and routers, to the cable service provider's office. You would need a cable modem or router at your end to receive the connection. Unlike ISDN and DSL connections, there is no need to dial anywhere when using the cable Internet connections. You just turn on your cable modem/router and the connection is available. Typically, cable Internet is delivered over long distances using the same line used for you cable television connection and is provided by the same company. Hence, the name 'cable Internet'. However, some providers are also known to draw dedicated Ethernet lines from the router nearest to you, to give you better connectivity.

Cable Internet connections can actually be truly broadband since the maximum speed attainable over this cable is anywhere starting from 10 Mbps to 10 Gbps depending on the terminals the cable provider is using at their end. Connection speeds vary drastically here depending on the number of users online as well as what they are upto, since the entire line is shared between subscribers in the same neighborhood. Cable providers in India start connection speeds at a mere 64 Kbps.

Cable Internet connections and computers connected over such interfaces are the most vulnerable to hacking attempts since they're always on, and the networks are usually not switched. Modern cable modems support DOCSIS 2.0 (Data Over Cable Service Interface Specification). DOCSIS 2.0 is a specification that enhances security and privacy by encrypting communications between your end and the server provider. DOCSIS also allows the ISP to control your modem from their end-they use this to monitor and troubleshoot your connections.

Applications of cable Internet range from hosting your own private server to using it for applications that need a LAN-like connectivity. The quality is not good enough to run a call center on low-end connections, but you can definitely download large files that are required for BPO operations. IP-TV and video-on-demand are also applications that can use cable Internet.

Other technologies not prevalent in India



The above technologies are available in India. But there are lots of other ways you can have a broadband connection and these are used in some parts of other countries. Let's briefly look at them.

Satellite Internet



Internet connectivity through satellite. The equipment costs Rs 30,000 upwards and monthly bills can be upto Rs 3,000. Connections experience severe delays (upto 0.9 seconds) making it unsuitable for anything other than casual browsing or very slow e-mail access. Useful if you're stuck in a desert or a similar remote area, like deep inside a forest, with a satellite phone capable of Web browsing.

Power-line Internet



Transmission of broadband data over high-voltage power lines. This is a very noisy way of being online, since the electric power-line is inherently noisy. Any power-saving device on the route would introduce distortions into the signals and this would need to be cleaned out. Any implementation should have a built-in error correction and noise-filtering system to keep out these disruptions. This technology is still in its infancy stage.

Another major issue with PLI is the plan to use the 10-30 MHz frequency range for data streams. This is used by shortwave and Ham radio, and these services would be affected by PLI, since high voltage power-cables are unshielded.

Wireless broadband



This is slowly catching on in India, with the rise of so many hotspots. But this is not yet enough to create a completely wireless ISP, since all hotspots currently are locally created and controlled.

Security Issues



"With great power come great responsibilities", said Ben Parker (Spiderman fame). If this lies at the back of your mind just like that of Peter Parker (Spiderman himself), you have understood the crux of this write-up. In our context, we could very well say that with better bandwidth come great responsibilities.

Is broadband prone to more security threats?



Well, for this question you don't have a straightforward answer in 'Yes' or 'No'. But the amount of threat on a given network from the outside world (Internet) is directly proportional to the time for which you are connected with the outside world. And technically, broadband should be a 24-hour on connection. That means logically you are always potentially crackable.

And of course as you are on a faster network (at least 256 kbps), running hacking tools like a portscan or maybe getting data out of your systems using some key logger is also technically faster. And it won't make your network significantly slow and as a result nobody will notice that some malicious activity is happening on the network.

When you opt for any corporate broadband plan, in most of the cases you get a static IP address. And if you are not using that IP address for any specific reason like providing VPN access to you mobile and users, then the only good these IP addresses do is to make yourself very easily identifiable to those with the wrong intentions.

So the greater power of broadband can lead to greater security threats if we do not secure and treat the connection and the medium wisely.

Best practices



Now let's talk about how you can use your broadband connection wisely to reap the benefits while keeping the threats away.

The first and the most important thing when you are using a 24Hr on connection is a firewall. If you have a very small network and you are getting the connection terminated in a PC then activate the operating system's firewall (and keep it properly patched). But this is not the preferable mechanism for even a medium-sized network, where the best practice would be to have a dedicated network firewall server or appliance installed. And terminate your broadband connection on it. For smaller or branch networks, you can build a firewall using customized live Linux CDs such as SmoothWall, which can act as full fledged firewalls.

After implementing the firewall, make sure that all the ports which you don't require to provide some service are closed. You can check whether after implementing the firewall the ports are properly blocked or not. This is done by running some port scanning software such as NMAP from outside your network. You can even run a full-fledged network assessment tool like Nessus on you public IP address.

For hosting your own Web or FTP server, it is a must that you install them in a DMZ (de-militarized zone). A DMZ is a sort of buffer zone that separates the Internet and LAN. It's considered a separate network that is more trusted than the Internet but less trusted than the internal LAN. Generally any public Internet services, which an enterprise provides, are installed in this zone.

Even if you are using appliances, your firewall equipment needs to be continuously patched, to ensure that it can override the latest vulnerabilities.

Finally, ensure that you continuously play the devil's advocate, if not the devil himself, and try to compromise your own security measures from outside so that you can find out what is wrong with your security setups and make the necessary corrections. ¨

Anil Chopra, Anindya Roy, Sujay V Sarma