cancel
Showing results for 
Search instead for 
Did you mean: 

Ellacoya

fred
Grafter
Posts: 57
Registered: 27-02-2008

Ellacoya

I've seen many references here to PlusNet traffic management by Ellacoya switches, but have not found detail of what they do, and how they do it. Is it anywhere on this board? If not, could someone write a short guide?
The Ellacoya web site is bland to the point of no information!
33 REPLIES
Community Veteran
Posts: 14,469
Registered: 30-07-2007

Re: Ellacoya

It's a very complex activity that he Ellacoyas do which is not easily explained.
They basically inspect every packet, determine what type of data it is, check your products specification and current usage and either allows it through or blocks it.
There are also bands that a packet can be put into from titanium gold, silver and bronze. Each band has a gven bandwidth allowance on the BT centrals The higher the band the higher the priority it has over other data. Things like streaming or VOIP or games are in the highest titanium band and are thus allowed through. Things like P2P are in bronze so if all the bronze bandwidth is used up, the packet is dropped.
Also your product type and usage allowance determines things like max traffic throughput that will be allowed in each band. BBYY Pro for instance has all P2P traffic in Gold.
Then there is peak/off-peak which alters how data is prioritised.
Plus several other checks / allowances.
Then there is whether you have exceeded your peak time allowance and thus all data is throttled to 128Kbs (BBYW) or some other value on legacy products..
This is all checked by the Ellocoyas.
As I said, a VERY complex configuration and process. PlusNet have been developing this set-up with Ellocoya for several years.
fred
Grafter
Posts: 57
Registered: 27-02-2008

Re: Ellacoya

Thanks Peter for the v brief introduction. You haven't lost me yet, where do I look for further information? For what you have said so far raises more questions than it answers.
Community Veteran
Posts: 14,469
Registered: 30-07-2007

Re: Ellacoya

Not sure... PN have not published any details about what they do (the above is just what I have found out via PUG discussions with PN over the years) and Ellacoya only give 'marketing' info out as you have probably found.
What I will say is it is not just Ellacoya involved here, PN have done a lot of development of their workplace system for monitoring and configuring the Ellocoyas together with Ellocoya and come up with a very unique set-up that allows real-time changes to be made. It is way beyond and more flexible than any other ISP's implementation of Ellacoya.
fred
Grafter
Posts: 57
Registered: 27-02-2008

Re: Ellacoya

Thanks again Peter. It seems then that we have PlusNet saying "We're an ISP, trust us". But they have a system that:
Quote from: Peter
They basically inspect every packet, determine what type of data it is, check your products specification and current usage and either allows it through or blocks it.

So packet by packet they get to decide which is transmitted (either way) and which is not. I would be alarmed if the Royal Mail opened and read each letter or packet on its way to or from my house to determine whether it should be sent First Class, Second Class or should be put in the skip.
Is this analogy wrong? Why? Or is it justified "because everyone else is doing it as well"? Apart from the pecuniary advantage to the ISP, how does it differ from Phorm?

If the Police are investigating a crime, then it may be reasonable for them to open mail, provided that their actions are directly related to the investigation, and proportional.
Given that ISPs are being pressured into acting as the enforcement agents for RIAA and affiliates, are packets inspected for signs of being a P2P audio or video file? Are we all suspected of the crime?
And then very rapidly we are into a whole minefield of unfair administrative action to suit those in power! If I have understood the outline of Ellacoya's capabilities correctly, it could drop every encrypted packet, for example, to ensure that I have nothing to hide. Or it could drop every encrypted packet except to a destination approved by the UK Government (approved because they already have other ways of getting at my bank statement, for instance). Ellacoya is probably the mechanism by which every web page that I request is scanned against the Internet Watch Foundation's secret list of sites that I may not visit to ensure that I don't. OK while it is limited to kiddie porn, but what if the government (whose creature the IWF is) decides that I should not know about Falung Gong, or Tienanmen Square, freedom of an independent Tibet, or democracy?
I guess that Ellacoya is also the weapon that PlusNet will deploy to keep records of all our internet activity once the requirement comes into force. Will it be capable of being limited only to those things the government has dictated should be kept? Or will it keep all traffic content as well ... too difficult to separate ... just in case it was needed ... ?
Before the paranoia worsens and I conclude that, as in Soviet Russia or East Germany, I should be truly fearful of those who claim to help me, could a few more facts come out into the open?
Community Veteran
Posts: 14,469
Registered: 30-07-2007

Re: Ellacoya

I new my simple explaination would be mis-interpreted... oh well let's try and fill in the whole I appear to have fallen into  Cheesy ....
As I said it is a complex process.....
The packet inspection does not mean ALL the data in every packet is looked at and remembered/stored for future reference, it is just certain parts of the packet primarily header info that is looked at so your analogy of reading peoples mail is not the same thing.
PlusNet use what are called signature files, which is information that can be used to determine the type of data passing through the Ellacoya. This could be things like IP address, port number(s), protocols (HTTP, HTTPS, FTP, NNTP etc), certain key features of games packets etc. In many cases it is the packets used to initialise a TCP connection that are checked, and once the type of connection is determined, subsequent packets are just passed through unchecked if allowed by the various traffic allowances / product definitions. UDP packets by their nature would have to be checked more often as no actual connection is set-up.
When a new game is created, a signature file has to be created for it so it can be identified as a game packet and given the highest priority over PNs network.
No info about the contents of the packets is remembered. Once a packet or stream has been determined the info in the packet is forgotten.
Does that help?
Community Veteran
Posts: 4,729
Registered: 04-04-2007

Re: Ellacoya

Quote from: fred
Apart from the pecuniary advantage to the ISP, how does it differ from Phorm?

The Ellacoya's prioritise traffic, much in the same way as bus lanes or 2+ lanes on the roads. Phorm stores details of the sites that you visit to feed targeted advertisements. See the Phorm mega thread
Quote from: fred
Ellacoya is probably the mechanism by which every web page that I request is scanned against the Internet Watch Foundation's secret list of sites that I may not visit to ensure that I don't. OK while it is limited to kiddie porn, but what if the government (whose creature the IWF is) decides that I should not know about Falung Gong, or Tienanmen Square, freedom of an independent Tibet, or democracy?

The Ellacoya's are not used for this purpose, this is done in the core routers.
Chilly
Not applicable

Re: Ellacoya

AIUI Ellacoya's are basically just Layer3 or Layer4 switches (Depending on model deployed) on a large scale: Huge throughput, and advanced QoS tools/utilities. (Although they also have L1-7 awareness)

Looking at the image below you can see the layers of the OSI model.
Your data starts at the top layer (typically) and works through the subsequent layers to the bottom, at which point the signal is an electrical one which can be passed down the wire.
To take different forms of hardware as examples of the highest layer they can operate;
A network hub would operate at layer1 - it receives the signal, and repeats it to all ports. The destination port has to ignore the packets not addressed to it, and process the packets either addressed to it, or which it can forward on to the packet destination.
A typical network switch (think about the switch built into modern internet modem/routers) will operate at layer1 and layer2 - it can see where the packet should go, and can send it to the appropriate port. It can't tell anything else about the packet, so all packets are treated equally.
A switch used in larger corporate networks may be a layer3 switch - this can see what type of data the packet contains (is it a http request? Is it a VoIP packet? etc) This type of switch can be programmed to give priority to different types of packet: http: requests would likely be lower than database calls or VoIP packets for example.
Not all corporate networks use L3 Switching, but its becoming increasing common as costs decrease and demand for bandwidth increases - use of interactive media such as VoIP or video conferencing also increases the need for advanced switching and traffic prioritisation)
A Layer 4 Switch has extra abilities, as it can do stuff with the next layer up too - for example if an onward packet is lost, it can retransmit it rather than having to pass the retransmit request back down the line to the originating host. (The amount of packet caching depends upon the deployment and hardware.)
The top end Ellacoyas claim to be 1-7 aware, although they only appear to be deployable at layers 1-4, so quite what they do with the other layers, if anything, is a bit of a mystery - perhaps this ability is what is leveraged to perform inspection of packets with spoofed headers to provide true DPI (Deep Packet Inspection)? (DPI is similar again to the process used by the SPI [Stateful Packet Inspection] that goes on in most modern internet router firewalls, except that SPI works at fewer levels of the OSI model to try to make sure that the packet is what it claims to be)
Anyway, regardless of the actual deployment, you can be fairly certain that the operation of the Ellacoyas is purely transitive - they handle so much throughput it would be difficult, and *very* expensive to do much more with the traffic as it passes through - the lack of latency on packets is very important, so everything has to happen as quickly as possible - you might also notice an absence of a pricelist for the kit - I think the adage "If you have to ask, you can't afford it" applies here.
[iurl=http://www.tutorial5.com/content/view/26/79/][/iurl]

For another viewpoint on DPI, take a look at this article too:
http://arstechnica.com/articles/culture/Deep-packet-inspection-meets-net-neutrality.ars/2
Hopefully my assumptions aren't too misleading - but do remember they are based on very little knowledge, and a lot of guesswork. Wink
If anybody can/needs to correct me - please do so - I'm interested too!
fred
Grafter
Posts: 57
Registered: 27-02-2008

Re: Ellacoya

James_H,
Thanks for your more detailed input, and especially your references. I have read all four pages of the Ars Technica article (you pointed at page 2). In turn they point to a supplier's white paper which also makes alarming reading.
I will respond in detail later today. But I think it fair to say that my paranoia has not been quelled.
Community Veteran
Posts: 4,729
Registered: 04-04-2007

Re: Ellacoya

I would suggest that its not what the Ellacoya's are capable of, but what use PlusNet choses (plans) to use them for.
fred
Grafter
Posts: 57
Registered: 27-02-2008

Re: Ellacoya

Quote from: PJ
To use your Royal Mail analogy, it's no different to the Royal Mail looking at the stamps on a letter and prioritising it accordingly.

IF it were only SPI (Stateful Packet Inspection). That looks at the ports and packet headers. That is analogous to looking at the stamps and the address when sorting a letter.
But Deep Packet Inspection starts from the premise that the information on the outside of the packet (that SPI examines) is in fact a lie, and it needs to examine the contents to see what throttling or routing decisions it should make. That is where the traffic "signatures" become relevant.
Community Veteran
Posts: 3,789
Registered: 08-06-2007

Re: Ellacoya

Quote from: fred
That is where the traffic "signatures" become relevant.

Unfortunately that assumption is incorrect.
A "traffic signature" in it's simplest form is just a port number.  Unfortunately this is not a reliable identifier for the type of traffic any more.  As an example, a lot of P2P applications try to 'hide' themselves on either common ports like 80 (http) or VoIP ports.  In addition they encrypt their traffic to make it more difficult for hardware like the Ellacoya's to identify.
However, in the case of P2P it's actually the *behaviour* of the traffic that can be identified, not the individual packets themselves.  In this case, a 'traffic signature' may be fairly complicated but will deal with a large number of outbound connections and several inbound connections being set up in short succession.  There is still no necessity to perform any DPI on the packets themselves.
Offhand, I can't think of any particular situation which would require the Ellacoyas to perform DPI but I'm sure that we can raise Tommo to perhaps comment on the thread
B.
fred
Grafter
Posts: 57
Registered: 27-02-2008

Re: Ellacoya

Quote from: chillypenguin
Quote from: fred
Apart from the pecuniary advantage to the ISP, how does it differ from Phorm?

The Ellacoya's prioritise traffic, much in the same way as bus lanes or 2+ lanes on the roads. Phorm stores details of the sites that you visit to feed targeted advertisements. See the Phorm mega thread

Quote from: Ars
Looking this closely into packets can raise privacy concerns: can DPI equipment peek inside all of these packets and assemble them into a legible record of your e-mails, web browsing, VoIP calls, and passwords? Well, yes, it can. In fact, that's exactly what companies like Narus use the technology to do, and they make a living out of selling such gear to the Saudi Arabian government, among many others.
...
Much DPI gear is also CALEA-compliant. The boxes generally contain an "aux" port that can spit out a real-time copy of any required information: all traffic from a specific IP address, e-mail, Internet phone calls, URLs. The rules are simply programmed into the box's GUI and bam!—instant surveillance.

That PlusNet may not be doing it currently is no great comfort. As politicians award themselves ever greater powers over the population, one might be comfortable with the people in power at the moment. But does that bind their successors to be reasonable? No chance! The question put simply is whether it passes the Stalin test. "Would Uncle Joe Stalin have made good use of this bit of kit?"
Just consider the rise and rise of ANPR (Automatic Number Plate Recognition). When first introduced, there was quite a bit of discussion about its deployment. But assurances were given that it would only be used to compare the passing vehicles against the list of "lost or stolen" vehicles. To the best of my knowledge that was the last discussion before the announcements that we would all have our number plates logged on every journey we made, with the results stored for at least two years, just in case we travel in the company of known criminals. [Inferring guilt by association used to be illegal!] More recently the police just had to ask for real time access to the London Congestion Charge camera image and data streams, and they were granted it! No debate, of course you can.
So here we have a technology that is quite capable of logging everything that we do on line, and you tell me that the police won't ask for it? Of course they will. And the point that another has made about the volumes to store: Just how cheap is storage now, and which way is it going? I have just bought a 320 GB disk for a sixth of the price of the first 2 GB drive that I bought. That won't be a hindrance.
fred
Grafter
Posts: 57
Registered: 27-02-2008

Re: Ellacoya

Quote from: Barry
Quote from: fred
That is where the traffic "signatures" become relevant.

Unfortunately that assumption is incorrect.
A "traffic signature" in it's simplest form is just a port number.  Unfortunately this is not a reliable identifier for the type of traffic any more.  ...  However, in the case of P2P it's actually the *behaviour* of the traffic that can be identified, not the individual packets themselves. 

That is not my reading of:
http://arstechnica.com/articles/culture/Deep-packet-inspection-meets-net-neutrality.ars/1
and the following pages, and of the white paper to which they refer:
http://www.getadvanced.net/learning/whitepapers/networkmanagement/Deep%20Packet%20Inspection_White_P...
In the attached image from that white paper, they are clearly looking at the packet payload.
I am reminded of the Information Commissioner's comments about sleep walking.
Community Veteran
Posts: 4,729
Registered: 04-04-2007

Re: Ellacoya

Tin foil hat time.
PlusNet did not need to invest in Ellacoya's at great expense if the just wished to snoop on your traffic, that can be done with far cheaper hardware that's already on their networks.
Where the Ellacoya's come into there own is sophisticated traffic identification and QoS controls.
Chilly