You are here: Home > Participate > Join a Discussion > RIPE Forum > Connect Working Group > [connect-wg] BEREC consultation: Identification of the network termination point
RIPE Forum v1.4.1

Connect Working Group

Threaded
Collapse

[connect-wg] BEREC consultation: Identification of the network termination point

Marco Hogewoning

2019-10-10 18:52:21 CET

RIPE NCC staff member

Dear colleagues,

Earlier this week, BEREC (Body of European Regulators for Electronic Communications) announced a public consultation on their draft guidelines for interpreting the “network termination point (NTP)”. These guidelines have been designed in accordance with Article 61(7) of the European Electronic Communications Code to provide national regulatory authorities (NRAs) with guidance on how to interpret the EU directives and implement them in their national legislation.

This consultation is open to the public. While the RIPE NCC has no particular position on this topic, we think it is important for the community to consider the impact of these guidelines. They could impact not only our members’ operations, but the RIPE NCC’s engagement strategy on a number of topics such as IPv6 and IoT security.

We invite the Connect Working Group to discuss the proposed guidelines and, should it reach a rough consensus as determined by the chairs, the RIPE NCC is willing to submit that opinion as a response on behalf of the RIPE community. As we see pros and cons to either alternative, failure to reach consensus will mean we will not respond to this consultation on behalf of the RIPE community, but would instead encourage individual members to provide their own responses.

I’ll provide a brief description of the problem space and the potential impact below, but I recommend reading the draft guidelines as they are posted on the BEREC website:
https://berec.europa.eu/eng/document_register/subject_matter/berec/regulatory_best_practices/guidelines/8821-berec-guidelines-on-common-approaches-to-the-identification-of-the-network-termination-point-in-different-network-topologies

Please note that while BEREC’s deadline is 21 November, we would need a few days to process and file the formal response and we kindly request the working group to respect close of business on 15 November as its internal deadline to reach consensus.

Key Issues

One of the key questions laid out in the document is whether or not the CPE or modem is part of the NTP. EU Regulation 2015/2120 states with regard to Internet access services in article 3(1):

> “End-users shall have the right to access and distribute information and content, use and provide applications and services, and use terminal equipment of their choice […]”

The 2016 BEREC Guidelines on net neutrality rules (paragraphs 26 and 27) provide further guidance on the implementation and state:

> “In considering whether end-users may use the terminal equipment of their choice, NRAs should assess whether an ISP provides equipment for its subscribers and restricts the end-users’ ability to replace that equipment with their own equipment, i.e. whether it provides ‘obligatory equipment’.
> 
> Moreover, NRAs should consider whether there is an objective technological necessity for the obligatory equipment to be considered as part of the ISP network. If there is not, and if the choice of terminal equipment is limited, the practice would be in conflict with the Regulation.”

Not only is this subject to national definitions and implementations, it also allows for exceptions under “objective technological necessity”. Among other things, the draft guidelines go into a lot of detail with regards to the consequence of the different options that exist.

As explained above, the RIPE NCC has no immediate position on which option is the better alternative. However, it could impact our engagement strategy in the longer term.

There are roughly two alternative options: the modem or CPE is “obligatory” and as such will be supplied and maintained by the access provider as part of their network, or the end-user is allowed or even required to source their own equipment, which needs to be compatible with the network.

The two different options would impact, for example, the RIPE NCC’s focus when it comes to IPv6 adoption. Although we have seen successful deployments under both scenarios, it is either the ISP that is in control and has to make the choice (which of course often means our members are deciding), or we need to somehow create awareness among end-users and engage more with manufacturers, importers and retailers to adopt equipment that supports IPv6.

We also imagine that such a choice would impact the scale and, more importantly, the speed of IPv6 adoption.

We also expect that if the prevailing choice would be to allow the end-user to select their own equipment, there will be an increased demand for strict standards and profiles to ensure interoperability. While the draft guidelines recognise that the CPE market is both competitive and innovative, we expect these discussions to lean towards additional certification requirements to ensure interoperability.

In light of the current discussions about IoT security, especially in household appliances, we also see a big focus on the CPE as providing some security-related services. Several of these systems, such as SPIN and MUD/FUD, have been presented to the community. Again, a more scattered landscape where users select their own devices might make it challenging for these technologies to reach a sustainable level of adoption.

More generally, we can expect that greater freedom of choice in selecting devices would come with some additional security challenges, where the increased variety could also lead to an increase in the variety of attack vectors and vulnerabilities. Also, as the CPE would no longer be in the ISP’s domain, we would lose the ability to quickly roll out patches and would instead have to trust the end-user or manufacturer to install updates in a timely fashion.

Again, this is something where we would expect further discussion with regards to regulatory measures and (mandatory) certification to ensure minimum requirements are met and to protect the consumer.

In either case, we trust the NRAs and the market to make an informed decision on the most appropriate approach and are happy to bring the RIPE community’s opinion forward to this consultation. Regardless of the outcome, we will continue to monitor these discussions and adjust our engagement strategy accordingly, both towards policymakers as well as the various market participants and, where necessary, the end-users.

Regards,

Marco Hogewoning
External Relations, RIPE NCC


Gordon Lennox

2019-10-15 12:27:25 CET

A big thanks to Marco for bringing this up. And not only exposing the issue but also indicating a possible process going forward.

I checked my mail archives though and found that I was asked about this particular matter over a year ago. But it is just the latest round of a long story - a long war? - about where is the edge of the network. Sometimes the users - with the help of regulation - win and sometimes network operators pushback.

The arguments from operators over the years still seem remarkably similar. It is our network. There are security - or safety? -  implications. It will affect QoS.

For those interested in the very early days I would suggest looking up Hush-a-phone and Carterfone and such. More recently, but still a bit more than generation back, in this part of the world your telephone came from the network operator. Most people had phones in exciting colours like black or grey or beige - depending on the country.

Then the European Commission in 1988 pushed the terminal equipment directive. Their counter arguments included competition and user empowerment. Type approval by independent organisations were part of the package. And the rest is history? Including nice cordless phones.

A lot of people got online after that. It was "OK" to buy a modem and just plug it in. Mine was a little grey market box.

Then along came mobile and we could choose our phone and operator independently. Except operators also push contracts that bundle in a phone. Nostalgia? Maintaining stickiness? Money!

However operators always push back. Every time there is a shift - copper to fibre? - they push back. One big example of this was their shift to IP - NGN (Next Generation Networks). There was an interesting ITU workshop back in 2003 where they laid out their vision.

https://www.itu.int/ITU-T/worksem/ngn/program.html

The presentations are still interesting! Strange though that Scott Bradner's presentation is missing, the only one missing. Of course Scott was there as the IETF representative.

But one of the ideas from back then from the incumbents was to give the consumer a "box" that would bundle all the services their operator was ready to supply. But including telephony and television.  And again bundling means overall stickiness. And users may have to compromise on one or other service because of the bundle. They may have to pay for services they never intend to use. And they may be inhibited from adopting new technologies or  services.

And now here we go again.

So who owns/manages the "terminals" in somebody's home?

And who owns/manages the "networks" in somebody's home?

And where is the edge? In a Homenet - https://datatracker.ietf.org/wg/homenet/about/ - environment? Or where users are using VPNs?

Gordon


> On 10 Oct 2019, at 18:52, Marco Hogewoning <marcoh _at_ ripe _dot_ net> wrote:
> 
> Dear colleagues,
> 
> Earlier this week, BEREC (Body of European Regulators for Electronic Communications) announced a public consultation on their draft guidelines for interpreting the “network termination point (NTP)”. These guidelines have been designed in accordance with Article 61(7) of the European Electronic Communications Code to provide national regulatory authorities (NRAs) with guidance on how to interpret the EU directives and implement them in their national legislation.
> 
> This consultation is open to the public. While the RIPE NCC has no particular position on this topic, we think it is important for the community to consider the impact of these guidelines. They could impact not only our members’ operations, but the RIPE NCC’s engagement strategy on a number of topics such as IPv6 and IoT security.
> 
> We invite the Connect Working Group to discuss the proposed guidelines and, should it reach a rough consensus as determined by the chairs, the RIPE NCC is willing to submit that opinion as a response on behalf of the RIPE community. As we see pros and cons to either alternative, failure to reach consensus will mean we will not respond to this consultation on behalf of the RIPE community, but would instead encourage individual members to provide their own responses.
> 
> I’ll provide a brief description of the problem space and the potential impact below, but I recommend reading the draft guidelines as they are posted on the BEREC website:
> https://berec.europa.eu/eng/document_register/subject_matter/berec/regulatory_best_practices/guidelines/8821-berec-guidelines-on-common-approaches-to-the-identification-of-the-network-termination-point-in-different-network-topologies
> 
> Please note that while BEREC’s deadline is 21 November, we would need a few days to process and file the formal response and we kindly request the working group to respect close of business on 15 November as its internal deadline to reach consensus.
> 
> Key Issues
> 
> One of the key questions laid out in the document is whether or not the CPE or modem is part of the NTP. EU Regulation 2015/2120 states with regard to Internet access services in article 3(1):
> 
>> “End-users shall have the right to access and distribute information and content, use and provide applications and services, and use terminal equipment of their choice […]”
> 
> The 2016 BEREC Guidelines on net neutrality rules (paragraphs 26 and 27) provide further guidance on the implementation and state:
> 
>> “In considering whether end-users may use the terminal equipment of their choice, NRAs should assess whether an ISP provides equipment for its subscribers and restricts the end-users’ ability to replace that equipment with their own equipment, i.e. whether it provides ‘obligatory equipment’.
>> 
>> Moreover, NRAs should consider whether there is an objective technological necessity for the obligatory equipment to be considered as part of the ISP network. If there is not, and if the choice of terminal equipment is limited, the practice would be in conflict with the Regulation.”
> 
> Not only is this subject to national definitions and implementations, it also allows for exceptions under “objective technological necessity”. Among other things, the draft guidelines go into a lot of detail with regards to the consequence of the different options that exist.
> 
> As explained above, the RIPE NCC has no immediate position on which option is the better alternative. However, it could impact our engagement strategy in the longer term.
> 
> There are roughly two alternative options: the modem or CPE is “obligatory” and as such will be supplied and maintained by the access provider as part of their network, or the end-user is allowed or even required to source their own equipment, which needs to be compatible with the network.
> 
> The two different options would impact, for example, the RIPE NCC’s focus when it comes to IPv6 adoption. Although we have seen successful deployments under both scenarios, it is either the ISP that is in control and has to make the choice (which of course often means our members are deciding), or we need to somehow create awareness among end-users and engage more with manufacturers, importers and retailers to adopt equipment that supports IPv6.
> 
> We also imagine that such a choice would impact the scale and, more importantly, the speed of IPv6 adoption.
> 
> We also expect that if the prevailing choice would be to allow the end-user to select their own equipment, there will be an increased demand for strict standards and profiles to ensure interoperability. While the draft guidelines recognise that the CPE market is both competitive and innovative, we expect these discussions to lean towards additional certification requirements to ensure interoperability.
> 
> In light of the current discussions about IoT security, especially in household appliances, we also see a big focus on the CPE as providing some security-related services. Several of these systems, such as SPIN and MUD/FUD, have been presented to the community. Again, a more scattered landscape where users select their own devices might make it challenging for these technologies to reach a sustainable level of adoption.
> 
> More generally, we can expect that greater freedom of choice in selecting devices would come with some additional security challenges, where the increased variety could also lead to an increase in the variety of attack vectors and vulnerabilities. Also, as the CPE would no longer be in the ISP’s domain, we would lose the ability to quickly roll out patches and would instead have to trust the end-user or manufacturer to install updates in a timely fashion.
> 
> Again, this is something where we would expect further discussion with regards to regulatory measures and (mandatory) certification to ensure minimum requirements are met and to protect the consumer.
> 
> In either case, we trust the NRAs and the market to make an informed decision on the most appropriate approach and are happy to bring the RIPE community’s opinion forward to this consultation. Regardless of the outcome, we will continue to monitor these discussions and adjust our engagement strategy accordingly, both towards policymakers as well as the various market participants and, where necessary, the end-users.
> 
> Regards,
> 
> Marco Hogewoning
> External Relations, RIPE NCC
> 
> 
> _______________________________________________
> connect-wg mailing list
> connect-wg _at_ ripe _dot_ net
> https://lists.ripe.net/mailman/listinfo/connect-wg


Stefan Wahl

2019-10-16 13:24:53 CET

Dear all,

I support Marco in his plan to sent an answer on behalf of the ripe community. As mentioned in his presentation there are topics where feedback from the community will be helpful.  Also the definition of a ntp could be misleading and be used for other purposes too. 

Best

 Stefan Wahl