Carrier Ethernet is a continuing hot topic in networks as it sweeps all before it. However, there is often some confusion about what it all means and how it is distinguished from traditional Ethernet. This article from Jim Theodoras, Chair of the Carrier Ethernet Subcommittee, Ethernet Alliance explains the some of the key issues about the Carrier Ethernet. His key points include:

• Carrier Ethernet has evolved to specifically carry disparate traffic from different subscribers. Each subscriber’s particular packets are therefore packaged up and transported undisturbed from one location to another, this provides traffic segregation and security;
• The first attempts to combine multiple subscribers Ethernet packets ran into all sorts of trouble because of inconsistent use of LAN addressing between different subscribers, in other words it was hard to identify who was what;
• Standardisation of hierarchical MAC addressing was required so that carriers could have their own addressing schemes, which were separate from their subscribers’
• Virtual LAN (VLAN) tagging allowed carriers to identify and separate traffic from different LANs. This has now expanded to allow double tagging to meet the needs of carriers for video traffic, etc.;
• Quality of service (QoS) is a key area of development. Simply marking a packet as a priority is not enough and Hierarchical QOS is helping carriers identify latency-sensitive traffic amongst a deluge of non-critical packets.

As well as all of the wonderful corporate blogs and customer publications that we manage for industry leaders  like Orange Business Services, Alcatel-Lucent, Juniper Networks,  Airwave, TelecityGroup and Vodafone, we also still like to get our hands dirty with the nitty gritty of the technology businesses. Writing white papers is never easy but does give us an opportunity to really get our teeth into some pretty cool technology. In the last couple of months, we’ve written reports on M2M telemedicine, M2M applications, Cloud Computing and enterprise perimter security. The latest is a report on femto cells (or small cells) for Alcatel-Lucent. Bell Labs performed an extensive five country consumer survey (and I mean extensive) on attitudes to small cells and mobile broadband. So while pundits may argue mobile operators should be paying the costs for network in-fill, a surprising number of people are prepared to buy their own femto cell if it provides an significantly improved mobile broadband experience. I know I would.

If you’re interested in what people would do with a femto cell at home, check out this white paper that we wrote for Alcatel-Lucent: Alcatel-Lucent small cells whitepaper

In the mainstream media, there is still far too much rubbish, lies and misinformation about technology. Too many pundits who fail to question what they are being told.

There was a classic example on Radio 4’s Today Programme  - a discussion on why 3G service in the UK is so disappointing and patchy. While Peter Cochrane, one time CTO of BT, did make the occassional relevant point, such as why O2 has a poor network***, he also blamed poor 3G network coverage on clustering. Apparently kids sit around coffee shops, simultaneously watching the same video on their individual mobiles. This, apparently, is the reason for our collectively poor service experience. I’ll leave you to make your own conclusions about that. Check out the interview here at 7:13 on Friday 15 Jan: http://news.bbc.co.uk/today/hi/listen_again/default.stm

But it got me thinking about all the recieved wisdom about technology, all the rubbish masquerading as fact.

One of those is country league tables for broadband speeds. It may be interesting to know where the UK is – 26th apparently – but does this mean that we are really way down the list of broadband competitiveness, or indeed if broadband competitiveness has any baring on the digital economy? Does the relative position of where we a country is in the league table mean that somehow that its internet users are less evolved, that with 5mbps they do not operate on the same level of conciousness of citizens graced by 50mbps? Or does it mean that those with higher speed, more reliable connections simply are recipients of even more mass media channelled downwards through these fat pipes.

I love my fast broadband, I genuinely like the experience of BT Vision’s IPTV, and I regularly use BBC iPlayer and download games to my PS3, I use Spotify and spend huge sums on TV and music on iTunes. But will i be disappointed if in two or three years this isn’t a 50mbps or 1gbps connection?

My current 16mbps pipe is a conduit to mass media. Of course, that’s not so say that my internet experience is limited to this – quite the contrary, much of my working life is spent researching online, and I buy online in preference to visiting stores – but this does not need require a constant race for increased broadband access speeds. The impact of high speeds means that much of my Internet experience is now a sit-back rather than sit-forward experience. I watch, listen and play much more now than read and browse. Any rich media I want, it’s on demand. And i can’t help thinking its a little addictive, and that i’m spending less time discovering and learning. So tell me now – what does broadband competiveness means to the digital economy? It means more supine people, able to consume media in more ways, more often. Hardly enlightened! So why do writers, consultants and politicians continue to bang on about the need for broadband competitiveness without thinking about what it means?

Footnote:

***O2’s lower GSM spectrum band – 900Mhz – means it had quite large cell sizes originally. The high spectrum of 3G – 2100Mhz – needs smaller cells sizes, and therefore more of them. O2 is still in the process of trying to acquire additional cell sites rather than using just the GSM sites it already has, a process known as infill. This may have been fine if it wasnt for the boom in mobile apps and content created by the iPhone, which has taken O2 by surprise. The shear volume of data traffic generated by apps and content has highlighted another weak point – backhaul. Even when there is sufficient wireless capacity, many cell sites do not have sufficient capacity to bring the traffic back to the core network. That’s why as an iPhone user you are offered free access to BT Openzones – its cheaper for O2 in the short term to pay BT to backhual its apps and content over WiFi. More backhaul is being provisioning but at the moment, it can’t keep pace with demand.

Judging from some of the news stories circulating online recently, you might be forgiven for thinking so. Researchers keep discovering flaws in the way that it works. Worryingly, these are not simply execution flaws. Rather, they are basic design flaws, which raise significant problems when it comes to mitigation.

Most recently, PhoneFactor, a company specializing in authentication using telephones, discovered a fundamental design flaw in SSL, a key technology designed to protect online web sessions from being hacked. 18 months ago, Dan Kaminsky, director of penetration testing at security consulting firm IOActive, discovered a flaw in the way that the Internet resolves web addresses. And shortly after he made his announcement, another pair of researchers announced yet another flaw, this time in the border gateway protocol [BGP], which is a key Internet technology designed to exchange information between different networks.

The most worrying thing about flaws such as these is that they render almost everyone using the Internet open to potential security attacks. For example, the flaw that PhoneFactor found lies with the secure socket layer [SSL], which is used to encrypt information passing between a website and a browser. It enables an attacker to inject their own data into the communication stream between the user and the website — even when that website is using encryption technology. This partly invalidates the padlock that you will see in your browser when surfing supposedly secure websites. Perhaps even more worryingly for enterprise users, it also potentially affects users of smartcards, which could render your whole two factor authentication system for remote employees [if you use one] vulnerable to attack.

Because SSL is a foundational technology which protects so many other things online, this design flaw is particularly worrisome. For example, others have pointed out that SSL is commonly used to protect database queries sent from one computer to another. If an attacker can inject their own commands into an SQL database query, they could turn something fairly innocuous — such as a request for a single customer’s details, for example — into something more malicious, such as a instruction to delete all of your customer records [assuming that the database granted such permissions].

Security problems have also been found in MD5, an encryption mechanism that has been traditionally popular on the Internet, and was used by some certificate authorities [the companies that create digital certificates designed to identify organizations and people, and authenticate them online].

Even so, not everyone believes that the Internet is fundamentally broken. Leslie Forbes, technical services manager at F-Secure, which sells software and services designed to make people more secure online, argues that it is the way we use it that is inherently flawed. “It is the model we used to trust [or not] the services offered across the medium that is broken,” Forbes says. “So, based on the premise that the Internet is supported by software, and software will have bugs — some never dreamed over the time of coding — there will always be fixes to be made.”

One of the biggest problems when such flaws are discovered is the remediation process. Fixing deployment errors is bad enough, but it generally only involves passing a piece of software or firmware and then distributing it online. But when the security problem involves a basic mistake in the design of a protocol, then this entails a potential change to a standard, which can be a much more complex task. Standards bodies move at a glacial pace, meaning that it can take years to alter existing documents to account for a design problem. In the meantime, companies must find workarounds that at least prevent an attack from happening in the interim.

Unfortunately, the general consensus is that such design flaws will keep cropping up as we become more adept at finding them [and hopefully do so before the Internet criminals]. “Any complex system will be difficult [or time-consuming] to analyze empirically, so it will continue to be both possible, and likely, that while there are Internet protocols, there will be serious flaws,” warns Martin O’Neal, managing director of security consulting firm Corsaire.

Not only must these companies work together, but they must do so largely in secret, so that they can find the solution to the problem before malicious attackers do. To this end, a group of companies including Microsoft formed the Industry Consortium for Advancement of Security on the Internet [ICASI]. ICASI focuses on working together to try and find solutions to security problems affecting the broader Internet and not limited to any one vendor.

Unfortunately, such efforts do not otherwise result in a fix before attackers exploit such basic vulnerabilities. For example, the SSL flaw that PhoneFactor discovered was kept secret until it was independently uncovered in a discussion forum. Shortly after that, security researcher Anil Kumas used it to engineer an attack against the Twitter micro-blogging service that would enable any attacker to authenticate themselves as another user.

Alternately, the question of whether the Internet is broken maybe too simplistic. The online world is never that binary. After all, you are still reading this article online — something that is miraculous when we consider that the web didn’t exist 20 years ago. However, thanks to increasingly sophisticated attackers online, we are finding the Internet in a continuous state of disrepair. This is the nature of the medium. It is chaotic, disjointed, and always in flux. Perhaps the best that we can do is to secure systems as best we can by applying the most up-to-date patches, and then protecting all of our valuable data by increasing his, and applying multiple layers of defense to thwart any single attack. Internet may not be broken, but that doesn’t mean we shouldn’t do our best to try and fix it.

Further info

PhoneFactor SSL flaw discovery http://www.phonefactor.com/sslgap/

BGP flaw – http://www.zdnet.com.au/news/security/soa/Flaw-in-BGP-net-protocol/0,130061744,339291643,00.htm?omnRef=1337

Twitter hack http://www.securegoose.org/2009/11/tls-renegotiation-vulnerability-cve.html

Kaminsky DNS flaw news http://www.orange-business.com/en/mnc2/footer/news/enterprise_briefing/september2008/industry_watch.jsp

ICASI http://www.icasi.org

This blog was contributed by Danny Bradbury, one of Futurity Media’s international network of writers

Recent figures from In-Stat suggest that hot-spot usage surged in 2009. In-Stat predicts that usage will increase 47% in the year to 1.2 billion – presumably it means sessions, although that isn’t clear in the release. The analyst says that the turnaround for the market has been driven by mobile operators who are looking to offload browsing traffic from their 3G networks onto Wi-Fi. In some Wi-Fi hotspots smartphones already account for the majority of sessions. In the UK, mobile broadband networks such as 3G and HSPA overtook Wi-Fi as the most popular way of accessing Internet on the move back in September 2008 – according to Point Topic.

So why are we looking to Wi-Fi again for browsing on the smartphone? Part of the reason is simple usability, because it is much easier to access Wi-Fi network on the new generation of smartphones. But there is also a network reason: new mobile internet browsers – such as Safari and Opera – are also much more multimedia rich, which puts strain on available network capacity. Although HSPA is becoming increasingly widespread, coverage is still very patchy in rural areas and browsing the Internet or downloading email over GPRS is truly a painful experience. You could, therefore, consider the surge in Wi-Fi use as an indictment on the  quality of 3G networks, because operators have been forced to offload traffic. Essentially, however, the underlying network technology should be irrelevant to the user. Operators just need to make sure that they provide the necessary bandwidth by whatever means if they don’t want their users to churn.