ISP port blocking practice

Sat Oct 24 10:17:24 UTC 2009

> > Isn't blocking any port against the idea of Net Neutrality?
>
> Yes.
> 
> Owen

No.

The idea of net neutrality, in this context, is for service providers
to avoid making arbitrary decisions about the services that a customer
will be allowed.

Blocking 25, or 137-139, etc., are common steps taken to promote the
security of the network.  This is not an arbitrary decision (and I am
defining it this way; I will not play semantics about "arbitrary". 
Read along and figure out what I mean.)  For 25, SMTP has proven to be
a protocol that has adapted poorly to modern life, and a variety of
issues have conspired that make it undesirable to allow random home
PC's to use 25.  Reasonable alternatives exist, such as using 587, or
the ISP's mail server.  A customer isn't being disallowed the use of
SMTP to send mail (which WOULD be a problem).  A customer may use any
number of other mail servers to send mail.  Not a serious issue, and
not arbitrary...  it's generally considered a good, or even best
current, practice.

Blocking VoIP from your network to Vonage, because you want your 
customers to buy your own VoIP service?  That's a very clear problem.
There's no justifiable reason that any viable broadband service
provider would have for blocking VoIP.  Yet there could be a reason
to forbid VoIP; I can, for example, imagine some of the rural WISP
setups where the loads caused on the infrastructure interfere with
providing service. 

Similarly, it'd be ridiculous to expect an 802.11b based rural WISP 
to be able to support HD Netflix streaming, or dialup ISP's to be
able to support fast downloading of movies.  These are not arbitrary
restrictions, but rather technological ones.  When you buy a 56k
dialup, you should expect you won't get infinite speed.  When you
buy WISP access on a shared 802.11b setup, you should expect that
you're sharing that theoretical max 11Mbps with other subs.

It gets murkier when you get into situations such as where your 
cableco has sold you a 15Mbps Internet connection, but proceeds to
"traffic engineer" your activities down to a slower speed.  There
are real questions that should be addressed; for example, if you
are paying extra for a "premium" service (as in when the default
speed is 7Mbps and you've upgraded), should a customer expect that
they will actually get substantially more capacity?  How does the
reliance on overcommit affect things?  The ideal is to sell a
high speed connection to someone who uses none of it, of course...
but if you're selling lots of capacity, and betting that only a
little will be used at a time, and you've guessed wrong, the big
question is, is that tolerable, or is net neutrality going to
force you to provide what you've sold?

So, now, back to blocking...  many service providers block 80, on
the basis that they don't want customers running servers.  This
could very well be a net neutrality issue.  It's probably not a
security issue.  It's a decision being made at a business level, in
order to promote the purchase of "business class" services.   It's
an arbitrary decision about what a customer will be allowed to do.

There's lots of interesting stuff to think about.  Net neutrality
isn't going to mean that we kill BCP38 and port 25 filtering.  It
is about service providers arbitrarily interfering with the service
that they're providing.  Customers should be given, to the maximum
extent reasonably possible, Internet connectivity suitable for 
general purpose use.  Where service providers start infringing on
that, that's what should be addressed by network neutrality.

... JG
-- 
Joe Greco - sol.net Network Services - Milwaukee, WI - http://www.sol.net
"We call it the 'one bite at the apple' rule. Give me one chance [and] then I
won't contact you again." - Direct Marketing Ass'n position on e-mail spam(CNN)
With 24 million small businesses in the US alone, that's way too many apples.