Internet monitoring a necessity: Sandvine

CEO Dave Caputo says his company and its network-management technology is misunderstood by net neutrality advocates.

The final day of the Canadian Telecom Summit on Wednesday was highlighted by a panel discussion on net neutrality, the slightly amorphous topic that generally revolves around how much control service providers have over internet access.

Canadian internet service providers have over the past few years blocked access to websites, inserted their own content onto web pages and — at the centre of a current dispute — limited the speeds of certain uses. Their actions have drawn outrage from many users and prompted politicians and regulators to take a hard look at just how much control and influence ISPs have, and will continue to have, over the internet.

At the heart of that control is technology developed by the likes of Waterloo, Ont.-based Sandvine Inc., which allows service providers to determine what type of traffic is going over their networks, and manage accordingly. Following the panel discussion, Dave Caputo, Sandvine's chief executive officer, talked about the company and its role in the net neutrality debate with During the panel discussion, you sounded more like a technologist than a business executive, where you're more in tune with what you're actually making as opposed to selling it. What do you consider yourself?

Caputo: I'm very passionate about our technology and I'm pretty passionate about the concept with which Sandvine was founded on, and that was to improve the quality of the experience on the internet. When we first set down that path, the idea of looking at every packet… we said this is the most difficult problem that we could possibly imagine. The internet is so big, so vast, so continuous. And then we said that's "cool." We're going to attack a problem where we can't imagine there's a more difficult problem. I take nothing away from rocket scientists or biologists who are trying to cure cancer, but in our domain we really couldn't think of a more difficult problem, and that really excited us.

From having this technical vision that there are ways to optimize a ton of real-time traffic, I see myself more as a technologist trying to solve that problem, assuming that there's a very good business model at the end of the day when you figure that out. Has the internet always been managed, because this idea of network management almost seems recent?

Caputo: I had dinner with Vint Cerf [a U.S.-based computer scientist often called the father of the Internet] probably a year back and I think he'll be the first to admit that he's surprised and shocked at what his authoring of TCP/IP has meant. If you look at that underlying transmission protocol, when you send a flow of packets — if they're getting through — they get bigger until you get congestion, then the packets get smaller. The idea of flow control in the internet has been a tenet of it since day one.

It really depends on where you draw the line on what management is. The service provider has to figure out the business model of how much service they're going to give a subscriber and how much bandwidth they're going to provide to the internet. That oversubscription ratio is their business model.

For every five megabits they sell you for $40, they buy a quarter of a megabit because they're planning on you not using your computer 24/7. They count on you being away at work or being asleep. They simply cannot provision that five megabits because that costs way more than what they're selling it to you for. They need people not using the internet for it to work at $40 a month. Now CBC may buy its one-megabit connection for $800 a month because it's a dedicated one-megabit connection. Do you see dedicated connections ever becoming the norm for residential users?

Caputo: It's absolutely mainstream in the business environment. That's the way CBC or Sandvine buys its bandwidth. In residential, no, because what do people want? They want 10 megabits, 30 megabits, 100 megabits. Because that's going up, there's no way you can afford to ever provide that in the network.

The price of transit has plummeted — when we started this business it was probably $1,500 per megabit and it's now down to $10, but you can still see if you offer someone 10-megabit service for $40 and provision that all the way through [the day], it's $100 a month. The economics don't work. You said during the panel discussion that deep-packet inspection (DPI) has almost become a four-letter word. One of the audience members asked the question of how deep is deep. To add to that — where does privacy start to become an issue?

Caputo: I hope I said it goes as deep as you need to go because there's no point to going any deeper than you need to. If you can figure out in the first byte that it's web surfing, get on with your life, there's another packet coming really quickly.

The reason we have to reserve the right to go as deep as you need to go is because there's a ton of malicious traffic out there — worms, spambots, zombies. You have to go to the level where you can identify them. There used to be this honour system on the internet called "published ports." Everything on port 80 was web traffic, everything on port 1225 was Kazaa. That became too simple a system for people to put in false ports. If you wanted to block Kazaa in the workplace, you blocked port 1225, if you wanted to block video gaming, there was a published port for Doom.

'Let's be clear, it's not trying to figure out what songs or movies people are downloading.'

The gamers, the peer-to-peer file sharers, the malicious hackers figured this out and said, "what's the one port no one is going to block?" Port 80, because can you ever sell an internet service that doesn't allow you to web browse? In the workplace, can you have it so that people aren't allowed to web browse? People would rebel pretty quickly to that, so everybody started masquerading as web traffic on port 80. It's an antiquated honour system now because there's plenty of application developers that have no honour.

What deep-packet inspection or broadband intelligence gives you is a way to identify traffic. If you say we're concerned that we're going too deep and we limit how deep we're going, the malicious writers will go one byte deeper than that. Let's be clear, it's not trying to figure out what songs or movies people are downloading, they're not trying to figure out the content on a per-subscriber basis, they're trying to figure out the growth and behaviours of protocols and how they could optimize the experience for the most number of subscribers. Do you even need to use DPI to detect peer-to-peer traffic? It's the only internet application that is disassembled and reassembled from a large number of sources?

Caputo: One of the things we're very proud of in our technology is that we can identify traffic by behaviours, signatures, mathematics of cross packets. Everybody is lumping that in and calling it deep-packet inspection — we prefer "intelligence" — but we look at what is the cheapest way, mathematically, to identify something.

Quite often, applications that are trying to hide understand the computational resources needed to identify them and often times it's cheaper for us to identify them on a behaviour basis. We absolutely have that capability, it's inherent in our solution. Some people have a negative view of Sandvine — one keynote speaker at a security conference last year referred to your company as "evil." How do you react to that perception?

Caputo: Here we are, a company founded on improving the quality of the experience of the internet and trying to make the world a better place. I absolutely, categorically reject anyone who makes that characterization. I would say it's someone who truly doesn't understand what we're doing.

One of the biggest ironies is that people who might not be too happy with what we're doing are often the largest benefactors of it. Ultimately, I don't let that bother me. As to whether all packets are created equal, you can read a ton of blogs — and there is a fringe minority — who believe that. I believe they're painting the service providers into a corner. If all packets are created equal then it's equal utility and we should be charging on a per-packet basis, and I don't think anybody wants to go there.

When people are saying we need a law called network neutrality and it should be vigorously enforced, well there's other laws, copyright laws, and should those be vigorously enforced as well? I have a feeling it's the same group of people who are saying ignore these laws but create this law and vigorously enforce it.

I think the beauty of it is the net neutrality debate is something that is going to be solved in our lifetime and, like I said before, I think it's going to be laughable in the next two or three years that people used to say all packets should be treated equally. Is there a possibility of two internets emerging, where one is reserved for peer-to-peer traffic while the other runs everything else?

Caputo: It could evolve in a way where people provide services where they say these applications are optimized on this tier and these applications are not optimized on this tier. In fact, let's look at the Amazon Kindle. It's a little e-book where you don't pay a monthly subscription but every time you buy a book, you pay either $9.99 or $5.99. It doesn't take too much imagination to understand that it's a computer and it's using the internet to deliver [books], yet there's no monthly subscription fee. So how does that work? You pay Amazon, and Amazon pays the service provider right then and there for providing [the content]… Is that a different network? People don't think of it that way. It's an internet that only delivers books that you buy and newspapers that you subscribe to. People won't call it a separate internet, but here's a device that only does this. So theoretically an internet service provider could sell customers a dedicated peer-to-peer router?

Caputo: Conceivably. The beauty is to let the market figure it out, and it will. Much of the emotion in the net neutrality debate is fuelled by customers' mistrust of ISPs. Many are fed up with telecommunications companies overcharging them for cellphone subscriptions or providing poor customer service over the years. How are they supposed to trust those same companies to provide neutral internet access?

'The churn wars haven't happened in broadband yet. People sign up with one and they're with them for two years, five years, forever. But they're absolutely coming.'

Caputo: With every service you've ever churned in your life, be it your bank, insurance company, cellphone service, why did you churn that service? Because you got a better deal elsewhere?

Caputo: Right. Depending on your demographic, the No. 1 or No. 2  reason is the customer service issue. The more money you make, the more likely it is the customer service issue. The less money you make, it's more likely you churn on price. The churn wars have not really happened in broadband yet. People get the broadband connection at work and they think it's this fragile thing — "I've got my wireless router working and I'm not going to mess with it." The reality is, today the typical 12-year-old can easily handle switching from one service provider to another and it's only going to get easier.

If you look on the wireless side, from the financial results — I don't know it to be true but I've heard enough people say it to believe it to be true — that the No. 1 correlating factor to the profitability of a wireless provider is their churn rate. The higher their churn, the lower their profitability.

The churn wars haven't happened in broadband yet. People sign up with one and they're with them for two years, five years, forever. But they're absolutely coming, and ground zero is going to be London in the UK. Almost every other taxi cab [has an ad on it] for 10 megabits for 10 pounds or 15 megabits for 15 pounds. It's hypercompetitive. Is that because of Openreach?

Caputo: Yes, the open access you can wholesale from British Telecom allows you to package it in many, many different ways. It's going to be ground zero for churn. If you think about it you're going to have to have it priced right and you're going to have to have a great quality of experience or else your churn is going to go up. If Johnny comes home and he's scoring better on Halo at Bobby's house because Bobby has a different ISP, and that's the reason, Johnny is going to say, "Daddy, can we switch to Rogers?" or whoever. Having said that, we can already anticipate the reader comments to this interview where people will say, "But we don't have choices in Canada." Most people only have a choice between two providers. Are you endorsing more wholesale competition?

Caputo: I think everybody would be happy with more competition on any service. For me, it's more customers. But Bell Canada has applied to the Supreme Court to get rid of that regulated wholesale competition because it says there is enough competition. Most people wouldn't consider a choice between two providers as healthy competition.

Caputo: I'm moving right now and I'm having to pick my service provider, so there's Bell and Rogers and Barrett Xplore satellite and there's Execulink in Waterloo. There's a host of ISPs ready to sell, most of them are wholesale. There are WiMax providers coming out. But satellite is really expensive and those other ISPs wholesale from Bell.

Caputo: Hey, I'm happy for more competition. Okay. Going back to the issue of the ISPs' image — some have labelled heavy internet users as "bandwidth hogs," yet you call them "consumption kings" because they are snapshots of what the mainstream user is going to be in the future. Can you expand on that?

Caputo: The subscribers that use large amounts of bandwidth are the leading adopters of what everyone is going to be doing on the internet. They're the first people on YouTube or Facebook. We can learn a lot [from them] and we certainly love consumption kings as they're very good for Sandvine's business.


Peter Nowak


Peter Nowak is a Toronto-based technology reporter and author of Humans 3.0: The Upgrading of the Species.