An Empirical Evaluation of Deployed DPI Middleboxes and Their Implications for Policymakers

Abstract

Middleboxes are commonly deployed to implement policies (e.g., shaping, transcoding, etc.) governing traffic traversing ISPs. While middleboxes may be used for network management to limit the impact of bandwidth-intensive applications, they may also be applied opaquely to limit access to (or degrade) services that compete with those offered by the network provider. Without regulation or accountability, such practices could be used to raise the barrier to entry for new technologies, or block them entirely. Further, by breaking end-to-end system design principles, these practices can have negative side-effects on reachability, reliability and performance.

This paper presents evidence of deployed middlebox-enabled policies that provide differential service to network applications affecting subscribers of T-Mobile US, Boost Mobile, and others. We used rigorous controlled experiments and statistical analysis of the performance of popular online services to identify traffic differentiation. The observed policies include throttling bandwidth available to video and audio streaming, transcoding video, and selectively zero-rating traffic such as video and music streaming. Such policies may violate the “No Throttling” and/or “No Unreasonable Interference” provisions of the Open Internet Order [15] (OIO), and potentially violate rules in different jurisdictions. Some of these policies were not transparent to consumers and/or were presented in misleading ways, violating the transparency requirement of the OIO. We recommend that providers concerned about traffic loads use application-agnostic techniques to throttle, thus meeting the “reasonable network management” clause of the OIO. Such policies are also easy for consumers to understand, thus providing better transparency.

We find that the observed policies are implemented using deep packet inspection (DPI) and simple text-matching on the contents of network traffic, potentially leading to misclassification. We validate that misclassification occurs, causing unintentional zero-rating or throttling. For example, video-specific policies can arbitrarily apply to non-video traffic, providing another example of “Unreasonable Interference” barred in the OIO. In fact, we show that current approaches to implementing network management policies are fundamentally vulnerable to unintentional behavior; i.e., the DPI-based approach to network management cannot guarantee 100% accuracy. We recommend that the specific implementations of DPI-based throttling be made public to improve transparency. Further, we recommend that policymakers and net- work operators adopt alternative rules and approaches to network management that avoid such flaws and vulnerabilities.

Last, network management policies currently lack auditing provisions, and we argue that this hinders enforcement and compliance with rules. Further, network providers’ policies evolve over time, requiring constant vigilance. We recommend that regulators incorporate auditing technologies such as those presented in this work as part of future policies.