Introducing Basic Access and Best-Effort Delivery

The majority of subscribers for broadband services today are apt to request nothing more than
basic high-speed access. Such access will afford them a connection via the broadband wireless
network to an Internet point of presence that will then take them onto the public Internet.
Wireless broadband operators either can serve as independent Internet service providers
(ISPs) and manage the connection to the point of presence or can off-load Internet traffic at a
tandem switch in a telco central office and allow a third-party ISP to manage the connection to
the Internet via a large router. They can also do both, offering ISP services to those subscribers
who want them and simply providing an Internet connection to others.
In offering ISP services, broadband wireless operators will, at the least, need to maintain a
server to cache e-mail and another to handle chat and instant messaging. They may also want
to offer various value adds such as news reporting services, financial reports, and discussion
groups. They may even want to sell advertising on the network’s home page.
Space does not permit any detailed discussion of the logistics of launching and operating
an ISP, and, in the case of wireless broadband service providers, any offerings in this area will
be secondary to the speed of the connection in attracting subscribers. Generally, for the kind of
business customer who will be the target market for broadband wireless service, consumeroriented
Web content pushed to the home page will not be much of an attraction.
The broadband wireless operator may also choose to function as a specialized ISP, offering
such services as Web hosting and expedited content delivery, but this is a distinctly different
business than simply providing access and is likely to involve investments and time commitments
that are fully equal to those associated with establishing a metro area wireless access
network. Since the focus of this book is on the latter, nothing more will be said concerning
this option.
Here an extended definition of best effort and basic access is perhaps in order: Basic
access provides use of the public Internet as a pipe for connecting to the Web and coincidentally
to any remote office or business partners who are accessible through it—and little more.
The main parameter in such basic access services is sheer throughput.  Throughput may be stated in terms of either maximum or burstable bandwidth or a guaranteed
minimum. Unless a stated minimum rate is quoted, the service must be considered
best effort with no guarantees regarding any performance metric.
It should be understood that in an IP network, without QoS provisions throughput will
vary according to the numbers of users occupying a channel, and the perceived speed of the
network will depend on the degree to which it is oversubscribed. Therefore, a stated maximum
will not be meaningful in terms of the user experience. Nevertheless, stated maximums are frequently
advertised by broadband service providers rather than guaranteed minimums, with
cable data services sinning the most grievously in this regard.
In any case, the speed of the local access technology, whether it is wireless or wireline, is
but one factor in the speed with which transmissions or transactions execute over the Internet.
Regardless of the capacity of the access pipe, the user will experience delay and congestion if
the routing paths by which Web sites are accessed are themselves congested or ill chosen, and
the slowest segment of the network end to end will determine the speed of the transmission.
Thus, if a user were to enjoy a 700Mbps connection to a central office and that in turn connected
to an Internet point of presence via a DS3 SONET connection operating at a mere
45Mbps, then the maximum throughput to the user would be 45Mbps and no more. The actual
throughput from a remote site over the public Internet would almost certainly be much slower
and would ultimately set the speed of the transmission end to end.
In most cases, providers of local high-speed access specify only the speed of the link back
to the central office, not to the Internet point of presence and not to some remote location that
would involve a route across the public Internet. In the case of small businesses, a specified
rate to the central office is often all that is demanded, but large enterprise users frequently
want a good deal more out of their high-speed data services. At the least they are likely to want
secure virtual private networks (VPNs), affording them reliable links to remote offices and
often to business partners as well, and in many cases they are likely to require a good deal of
determinacy in the network to enable them to do videoconferencing and/or the transmission
of multimedia instructional materials in real time or near real time. Some will even want to
perform such bandwidth-intensive functions as collaborative scientific computing. For timesensitive
applications such as videoconferencing, best effort will not suffice, and the subscriber
will want guarantees regarding minimum throughput rates, latency, jitter, packet loss, and so
forth—topics I discuss in a succeeding section.
To provide best-effort services over an 802.16 network, the network operator needs to
assign the user only an IP address, whether dynamically or permanently, and allow the subscriber
terminal to poll the network in the usual manner to gain access. All of this will normally
occur transparently for the subscriber, and the polling process should occur more or less
instantaneously except in cases of severe network congestion. Broadband wireless, like cable
data, is essentially an always-on access technology with no logon procedure required, and thus
the subscriber may expect nearly immediate response to keyboard prompts for online
information.
In respect to network administration, the only real concerns for the network operator
regarding basic access services are protecting customer privacy and guarding against attacks
and unauthorized entry and utilization of network resources. The 802.16 standard contains
security specifications within the standard pertaining to encryption, so subscriber traffic can
be quite well secured with 802.16-compliant equipment if the standard encryption is utilized.
Preventing unauthorized access to network resources is somewhat more involved, however,
and may entail a number of different approaches. As indicated previously, user access is generally regulated through an authentication
server utilizing secret information stored in the subscriber terminal. Such information will
involve layers of encryption such that eavesdropping alone will not permit intruders to
uncover authentication codes. As 802.16 equipment proliferates and 802.16 radio modem
cards come to be offered as accessories or even standard equipment for laptop computers,
the importance of proper authentication procedures will grow. Already authentication has
assumed major importance in 802.11 wireless LANs (WLANs), many of which are pathetically
easy to breach, and it may be assumed that 802.16 service providers will learn from experiences
of WLAN operators and build strict security into their networks from the onset.
The other aspect of controlling access and protecting subscribers involves the firewall
that authenticates on the packet rather than the session level and that continually monitors
and filters traffic coming into the network. In many cases subscribers will want to maintain and
administer their own firewalls, particularly if they are business customers. However, in broadband
services aimed at residential customers, particularly in the cable data business, the
service provider may well assume responsibility for firewall functionality in the central office.
Some edge routers such as the Redback Networks products have built-in firewall functionality,
but in other cases a separate device will be required. Incidentally, software firewalls installed in
servers devoted to other uses are generally unsatisfactory in a public network setting because
of the claims on computing resources and their tendency to slow the entire network. Chapter 8
covers firewalls and other security considerations at greater length.