Category: Uncategorized

Seldom but from time to time I encounter networks that my VPN struggles with. Sometimes the VPN tunnel is established just fine, pings are going through the tunnel but web browsing and other download activities just don't work. The effect is caused by fragmentation, i.e. the IP packet size of the downlink is too large for some part of the network between me and the server and hence the IP packet is split somewhere or simply discarded because it has become too long.

The remedy for such behavior is to reduce the Maximum Transfer Unit (MTU) for the tunnel interface on my computer to a lower values such as 1200 bytes and things come back to life. What I always wondered, though but never had the time to figure out was how the server is notified of the reduced MTU!?

When I recently encountered the scenario again I had a closer look at the TCP connection establishment and found that the MTU size is contained in the first IP SYNchronize packet in the TCP header. The parameter that conveys the maximum size a TCP packet can have is contained in the Maximum Segment Size (MSS) parameter. The first image on the left shows the default MSS over my Ethernet at home, 1460 bytes. Together with the additional IP overhead the IP packet size is 1506 bytes. The MTU size configured on my Ethernet interface is 1500 bytes.

When I change the MTU size on the fly on my Linux machine with 'sudo ifconfig eth1 mtu 800', my MTU size shown by 'ifconfig' becomes 800. The MSS size then becomes 760 bytes and the Ethernet packet is 814 bytes long. The 14 extra bytes are for the Ethernet header that is not counted in the maximum MTU size because the Ethernet header is discarded at the next router and replaced by another Ethernet header or some other protocol if the next hop is over a different network technology.

There we go, another mystery solved.

Over the years I've used Metageek's WiSpy USB tracer a lot to figure out what is going on in the 2.4 GHz Wi-Fi band. When I was recently investigating a slow Wi-Fi which I ultimately nailed to a runaway Wi-Fi card I also picked up the signals of my wireless mouse and keyboard alongside my own Wi-Fi signal. The image on the left shows the three signals. The mouse transmitted near channel 2, the keyboard near channel 7 and the Wi-Fi center frequency is on channel 11. The green dots in the lower part of the image even show when I used the mouse and when I used the keyboard. The Wi-Fi was pretty dormant during the trace and the image was only created by the beacon frames of the Wi-Fi access point.

Over the past days we've heard in the media that the NSA has infected at least 50.000 computers worldwide with digital sleeper agent software, as Techcrunch puts it. Obviously this has created a lot of outrage across the industry and also in the non-technical media. But despite all the outrage nobody really commented that actively infecting computers is by an order of magnitude worse from an ethical point of view than anything we have heard about the NSA's doings in recent months.

Listening passively on transmission links and harvesting data is one thing (which is already bad enough by itself), but infecting 50.000 computers with spyware is quite quite another. And I wonder who those 50.000 computers belong to!? Did the NSA really find that many terrorists out there? Somehow I doubt it. As if it isn't already bad enough that companies and individuals have to fight criminals trying to infect their PCs with malware that do all sorts of things like stealing passwords, extorting money, and so on. No, now we also have to defend ourselves against nation states doing similar things on a similar scale!?

It makes me wonder when this will go from accusation to proof? What it would take is the code or the executable of the malware and a link back to it's origin. With that in hand it wouldn't take long to actually find the malware in practice (unless all copies destroy themselves without leaving a trace). And then imagine the malware is found on computers of governments and private companies around the world. This is the point when the abstract becomes personalized. And when you look at what happened when the German Chancelor found out her phone calls were listened to you get an idea what is likely to happen in this case. Is it really possible to cover up 50.000 infections?

It really depresses me that a nation goes that far… And while we are at it: What makes us think it is only one nation who thinks it's a good idea to do such things?

One train of thought I followed with my easy smartphone Wi-Fi tracing setup I wrote about recently is how often a typical smartphone contacts the network per hour even if it is not used and just lies on the table and what impact that has on the cellular network in a larger context. Even though I monitored the devices behavior over Wi-Fi the result can be applied to cellular as well as it is likely that most applications do not make a difference anymore between Wi-Fi and cellular connectivity. The result is quite interesting:

Even without user interaction my smartphone contacts the network 10 times per hour. Out of these, 4 times is for checking email. Another 4 times Android calls home to Google, mainly using a Google Talk domain, even though I've disabled the app. Less frequently a DNS query and subsequent traffic can be observed to a number of additional Google domains. I feel quite observed by such unwanted behavior but there's something that can be done about it with a rooted phone as I've described here in the past. Further connections are made for various other purposes. My calendar and address book are synchronized with my Owncloud server at home every four hours, the NTP server is queried to keep the clock in synch, crash reports are sent to crashlytics.com (have I consented to this?), the weather app requests updates, the GPS requests ephemeris data periodically, etc.

So what does this mean on a larger scale? Let's say a network operators has 15.000 3G base stations (extrapolated from here) and 10 million smartphones. If those smartphones were evenly distributed across all base stations there would be around 660 smartphones per base station or around 220 smartphones per sector. If each smartphone connected to the network 10 times an hour that's 2200 requests an hour per sector. If the connection is held for 10 seconds on average, that's 2200 requests / (60 minutes * 60 seconds / 10) = 6 concurrent connections just for the background traffic of the devices.

Some cells are obviously busier than others so some cells probably see two or three times this number, i.e. 15-20 concurrent connections just for background traffic. As the number of concurrent users in 3G cells is likely to be less than a three digit figure that's quite a sizable percentage. And the 10 connections per hour is perhaps even a conservative number as many subscribers use instant messengers that need to send frequent TCP keep-alive packets so they don't loose connectivity to the server. On the other side, many smartphones are used over Wi-Fi, especially when people are at home, which is likely to significantly reduce background traffic over cellular in residential areas. Not so in business areas, however.

So where do we go from here? One good thing is that LTE networks are mostly in place now and many new smartphones, especially those of heavy users are LTE capable by now. That significantly reduces the load on 3G networks. And from what I hear the number of simultaneous users in an LTE cell can be much higher than in a 3G cell. The right technology at the right time.

A few weeks ago I asked the question here if anyone knew what the 4 dots in the GSM logo actually stood for. A few people contacted me with good suggestions what the dots could stand for, which was quite entertaining, but nobody really knew. On the more serious side, however, a few people gave me interesting hints that finally led me to the answer:

On gsm-history.org , a website of Friedhelm Hillebrand & Partners, and article is published that was written Yngve Zetterstrom. Yngve's been the rapporteur of the Maketing and Planning (MP) group of the MoU (Memorandum of Understanding group, later to become the GSM Association (GSMA)) in 1989, the year in which the logo was created. The article contains intersting background information on how the logo was created but it did not contain any details on the 4 dots. After some further digging I found Yngve on Linkedin and contacted him. And here's what he had to say to solve the mystery:

"[The dots symbolize] three [clients] in the home network and one roaming client."

There you go, an answer from the prime source!

It might be a surprising answer but from a 1980's point of view it makes perfect sense to put an abstract representation for the GSM roaming capabilities into the logo. In the 1980's, Europe's telecommunication systems were well protected national monopolies and there was no interoperability of wireless systems beyond country borders, save for an exception in the Nordic countries, who had deployed the analogue NMT system and who's subscribers could roam to neighboring countries. But international roaming on a European and later global level was a novel and breakthrough technical feature and idea in the heads of the people who created GSM at the time. It radically ended an era in which people had to remove the telephone equipment installed in their car's trunks (few could afford it obviously) if they wanted to go abroad, or to alternatively seal the system or to sign a declaration that they would not use their wireless equipment after crossing a border. Taking a mobile phone in your pocket over a border and use it hundreds or thousands of kilometers away from one's one home country was a concept few could have imagined then. And that was only 30 years ago…

P.S.: The phone in the image with the GSM logo on it is one of the very first GSM phones from back in 1992.

Over the years I've come up wit a number of ways to trace the network traffic from and two a smartphone for various purposes. So far they all had in common that the setup took some time, effort and in some cases bulk hardware. So in quite a number of cases I shied away from taking a trace as the setup just took to long. But now I've come up with a hardware solution for Wi-Fi tracing that isn't bulky and set-up in 60 seconds.

Earlier this year I bought an Edimax USB powered Wi-Fi mini access point that I have since used many times to distribute hotel and office Wi-Fi networks to my devices. Apart from being small it's easy to configure and ready in less than a minute after being plugged into the USB port for power. To trace the exchange of data with a smartphone it only needs to be connected via Ethernet to the Ethernet port of my notebook that is connected to the Internet via another network interface, e.g. its own Wi-Fi card. In addition, the Internet sharing has to be activated for the Ethernet port of the PC. This is supported in Windows and also in Ubuntu in the network configuration settings.

Once done, Wireshark can be used to monitor all traffic over the Ethernet interface. If the smartphone is the only device served by the mini access point, only its traffic traverses the Ethernet interface and from there the Wi-Fi while the notebook's traffic goes directly to the notebook's Wi-Fi adapter. That means no special filtering of any sort is required to isolate data flowing to and from the smartphone. The figure on the left shows the setup. Super easy and super quick to setup.

While in Europe there are few network operators if any at this point in time thinking openly about shutting down their 2G GSM networks, network operators in other parts of the world are seriously contemplating it or have already done it.

One of the very first operators that shut down its 2G network was NTTDoCoMo in Japan. Agreed, it was a special case, it wasn't GSM it was a local proprietary solution, but still. Last year, AT&T has announced that they will shut down their GSM network in 2017. That's not so far away anymore and from what I can tell they are serious about it. And the latest example is a network operator in Macau according to this post on Telegeography. O.k. that's a special case again but still the number of 2G network shutdowns is growing.

It makes me wonder how much longer it will take in Europe before first operators seriously contemplate a move. Two or three years ago I still saw a meaning of having 2G EDGE networks in the countryside. Web pages were smaller than today, smartphone penetration was nowhere near today's level and web browsing over EDGE was still working, especially with network side compression. But today it has almost become impossible. As soon as there's only 2G network coverage in an area, all smartphones drop on that EDGE signal that completely becomes overburdened. And then there's the size of web pages that keeps growing and even smartphone optimized version of web pages come with lots of JavaScript and other niceties. It has come to the point that I have switched off 2G in my smartphone not only because there's no Wideband AMR but also because falling back to EDGE for data is just useless anyway.

Sure there are perhaps quite a number of 2G-only embedded modules in machines today (including the block heater of my car and my GSM controllable power socket) and 2G only mobiles in the hands of people. But I guess their number will not dwindle before an announcement is made. Sure, there will be lots of complaints especially from the embedded side.This makes me wonder how the story will look like in Europe!? With multi-RAT base stations it might not be very costly to keep GSM running in the future. As traffic goes down on GSM one could re-farm the spectrum and put LTE in the freed space or extend the bandwidth of existing LTE carriers. That inevitably means LTE will be deployed in many different bands simultaneously which will require efficient load balancing algorithms between the different carriers. But compared to other features such as SON, HetNet, etc. that should be rather simple to accomplish.

5 years ago I already speculated about the conditions for GSM phaseout and potential exit scenarios on this blog. Have a look here. The reasons for keeping a GSM network I listed 5 years ago are pretty much no longer here due to the emergence of LTE on high and low frequency bands and 3G devices now including the 900 band for Europe and at least two or three roaming bands. Good to see how technology has advanced. So let's see which of the exit scenarios I described in that five year old blog post will be used.

When I recently flew over a big city in the very early hours of the morning I was amazed how many lights I could see despite most people being sound asleep. Tiny dots of light everywhere. What struck me then is that in our society, electrical power is so important and cheaply available that wires are dragged everywhere. There's a light bulb every couple of meters, obviously far more than than there are cellular base stations in the city. While cellular networks as we know them today have mobilized the Internet and brought it to many places there are still many many places even in well covered cities inside buildings and also outside with inadequate coverage. But even in these places there's electricity for lighting and many other purposes. As the importance of the Internet continues to rise it made me wonder if at some point we'll see a shift towards networks that are built in a similar way our electrical grid works today: There's a wire with a small transciever at the end dragged basically everywhere.

Light does not come from a central place. Instead, individual small light bulbs cover a small area. So perhaps we'll see a similar evolution in mobile networks!? Obviously, that's easier said than done as there are significant differences between the power grid and wireless networks:

First, there's usually no unwanted interference between two light bulbs compared to two radio transmitters that are close together. Also, transporting electrical power through a cable is much simpler than a multi megabit stream of data. But then we've transported electrical power through cables for a century and more now and technology has evolved. Another big difference is while wireless networks serve the public, wires for electrical power are usually put in place because the owner of a building requires power at a location for his own purpose and not for the public. Even lighting in public places follows a different rationale compared to wireless networks. In this scenario someone is interested in iluminating a place, e.g. for security reasons. What interest would someone have to install Internet connectivity in the same manner? And another challenge that comes to mind is that while the light bulb doesn't really care who delivers the power, wireless Internet connectivity is supplied by a number of different network operators, so installing little devices that distribute Internet connectivity would either require installing different boxes of different carriers or a new sort of device that could redistribute the connectivity of different providers.

But coming back to the basics, extending electrical power to the last corner is what we do in our society and it is done at an affordable price for the individual. It makes me wonder if something similar can be done in the Internet domain, how it will look like and how long it will take to realize it.

When I was in Seoul a year ago for the first time I was suffering a bit as Korea is one of the few countries I traveled to that didn't have prepaid SIMs for mobile Internet access. But the world keeps changing, I thought, so before going to Seoul again recently I did a quick search on the Internet if the situation had changed. And indeed it had, there's now a KT Telecom MVNO called Evergreen offering prepaid voice and data services with SIM cards that can be bought in convenience stores at the airport. Eureka!

Of course I tried it out and the basic steps described here are quite simple. Following the instructions it took me only a few minutes to buy the SIM card for 30.000 Won (€21) with a balance of the same amount on it at Incheon airport. After a couple of minutes and one or two device reboots, again as per the instructions, the phone registered with the network. Fortunately the phone configured the APN on its own as there was no mention of it in the instructions. So far so good. In the default configuration, the 30.000 Won are good for around 590 MB of data (55.8 Won per MB) which is quite a lot already.

To get a higher data volume from the credit on the SIM it is possible to activate a data package, e.g. the 1GB package for 16.500 Won. This is were things get a bit tricky. The first step is to download the “Evergreen Mobile Services” App from the app store (Evergreen is the name of the MVNO on the KT Olleh network). The app can then be used to activate the data package. Unfortunately once that is done, Internet connectivity is cut because the service expects the user to top up this amount or to move the amount from the 30.000 Won from the voice bucket to the data bucket. The later operation can be done with the App but only if you find an alternative Internet access over Wi-Fi, as the connection was cut due to the activation of the bundle. No, that does not make sense and it's very inconvenient, but that's how it worked for me. After finding an open Wi-Fi access point I could then transfer the credit from the voice bucket to data bucket with the mobile app and Internet connectivity was restored instantly. A nice side benefit of activating the data option is that the remaining balance of the SIM card can be used for voice calls without cutting into the available data volume. So instead of 3 Euros a minute to Europe I only paid around 46 cents.

Apart from this slight activation hickup, the service worked well and I always got throughput rates of several megabits per second when I tired. So if the 590 MB are sufficient for your trip, don't bother with the activation of the data option. If you want more, make sure you have a Wi-Fi hotspot available before you attempt to activate a data bundle.

Pretty much whenever quarterly reports are presented by telecommunication operators these days there is the usual note about the difficult situation they are facing due to the investment required to keep networks up to the rising data demand. But is this really the case? The 2012 report of the German telecom regulator (in English) has some interesting numbers on that.

In 2012, invest in fixed and wireless telecommunication networks in Germany was around 6 billion Euros. That's the combined sum of invest of all market players. Hast it risen in recent years? Not according to the report. In reality, invest has remained pretty much stable over several years and compared to the overall revenue in 2012 of around 58 billion Euros that seems a quite reasonable number, at least to me (see page 81 of the report).

Let's have a look at some more related numbers: While invest has remained stable, the number of employees in the telecom sector went down from 184.200 to 176.000 in Germany and the pressure can be felt. End customer prices might also have shrunken but I would argue that this was mostly compensated with higher use. This is reflected in a slight revenue decline from around 60 billion Euros in 2009 to 58 billion Euros in 2012. But when looking at the EBIDTA of Vodafone Germany which for 2012 was 3.359 billion Euros out of a revenue of 9.641 billion Euros then I don't really see big suffering.