Author: Honest Joe

Newsgroups: alt.satellite.direcpc

Subject: Class starts today - Direcpc 101 Date: Sunday, July 1, 1999:
To begin:
This information was obtained by observation.. Some parts are speculation (educated guess's, if you will) as I don't have access to Hughes internal information..
If someone *does* and would like to follow up with *facts*, please feel free..

I'm not going to concentrate on the "downstream" aspect of this system as every (most?? <g>..) of the people here know that the data is delivered via satellite.. By the way, for you newcomers, <g> means <grin>..

Here's what happens when you invoke your direcpc communication
program, navigator..

1starf.gif (881 bytes)

1:

 Navigator dials into you your ISP with the number you provide.. When connected, via your modem, it does a standard PPP negotiation, and logs you in to your ISP with the user name/password you, also, have provided.. The ISP provides you <direcpc navigator> with an IP number to allow you to send/receive messages <packets> over the Internet..

2starf.gif (927 bytes)

2:

  

After navigator detects a successful ISP login, it sends an identification packet to your assigned Hughes gateway machine, or, possibly, another machine setup for this purpose.. This information would include your Hughes assigned IP number for the
direcpc card, possibly your site ID, and other, unknown and possibly intrusive information.. Remember, navigator has complete access to your machine.. (It is on my "to do" list to find *exactly* what information navigator sends to Hughes)..

Let's pause here, and examine step 2.. This step is *very* important, as it informs the gateway machine that packets coming in from IP# such and such are, actually, the direcpc subscriber <put your name here>.. This step is also *very* important for Hughes accounting purposes.. They now can start recording your traffic volume, note your login time, and so forth..

3starf.gif (964 bytes)

3:

 This is out of chronological order, but while it's fresh in mind let's look at log out.. Navigator sends a packet to the gateway machine, informing it that your session is ending..
The gateway sends an acknowledgement, then disassociates you, the subscriber, from your ISP assigned, modem IP#.. It also "closes the books" on this session, noting your log out time, recording *total* traffic volume, and any other piece(s) of information Hughes chooses to record about your session..

Yes folks, Hughes knows *exactly* where you go, and what you do while you are using the system.. To be fair, so does *any* ISP.. Whether they choose to record it, or not record it, is the only variable..

4star.gif (1007 bytes)

4:

 

 Now that we have logged in, let's send a packet to a web site.. You fire up Netscape, click on a page, and wait..

Here's what happens:

Your OS (operating system) constructs, in this case, a TCP packet.. It "sees" your direcpc system is active, so it uses your direcpc information for construction of this packet.. I.E, it uses your direcpc IP number, and so forth.. It also "sees" that in the
TCP/IP properties sheet, you have a "gateway" assigned..
This is *very* significant, as it informs the OS that *all* packets sent via this interface (direcpc) are to be sent to *this* machine for delivery to the Internet.. So the packet is modified accordingly (actually encapsulated) and addressed to the gateway,
rather than the desired, final destination.. The packet is then handed off to the direcpc software driver(s)..
Upon receipt of the packet, navigator sends it to the gateway, via the your modem/ISP..

->    This is key, folks.. The packets from your machine are *never* sent directly to your desired destination (there is an exception, to be noted later), they are sent to your gateway.. *This* machine (the gateway) sends the packet to it's desired, final
destination.. <-

For this reason, Hughes was able to *easily*, without modification of any type to the end user, incorporate the use of non-routable, LAN (local area network) IP's.. These are the IP numbers beginning with 10.X.X.X..
After all, when the OS forms the packet to send to your gateway, and navigator modifies it, they *always* have a valid destination (the gateway) and a valid source IP (the number assigned to you modem by your ISP).. So the "encapsulated" IP assigned to you by Hughes could be a valid IP or LAN IP.. It matters not..
Upon receipt of packet, the gateway notes where it came from..
It checks, and finds it came from the IP number assigned to your modem by your ISP.. Looking in a table, it "sees" that this, modem assigned, IP number is really <put your name here>.. It makes a note of it (records the transaction), and sends it off to it's    final, desired, destination..
When the response arrives from the desired server, more book work is done, then it is uplinked to the satellite, and received via your dish..
The exception to the above is when your use "terrestrial" mode.. In this mode, your direcpc setup behaves just like your DUN (Dial Up Networking).. All packets are sent directly to the desired destination, and returned via your ISP/modem.. The dish,   satellite, etc, are out of the picture..

5star.gif (1031 bytes)

*Let us discuss the use of LAN IP's*..

What is a LAN IP??
The powers that be, (NIC) have assigned certain IP numbers for
private, Local Area Network use..

They are:
10.x.x.x
172.16.x.x - 172.32.x.x (If memory serves me.. <g>..)
192.168.x.x

    This was a very wise decision, as many, many local area networks could use/reuse the same IP numbers, thus conserving the ever shrinking pool of available, valid IP numbers..
    There is a drawback, however, to using these numbers.. These numbers *MAY NEVER* appear on the Internet.. Because their use on the Internet is forbidden, (they can not be routed) *any* Internet access,
by a machine using a LAN IP, must be done by a _proxy_, with a valid IP number.. So you people who have been assigned these numbers, your "gateway" is, in fact, a proxy server..

    This word, "proxy", is important.. So look it up in the dictionary before reading further, if its meaning is unclear to you..

    All the work pertaining to the use of LAN IP's are done by the gateway.. When the packet arrives from your ISP assigned IP, (I.E from your modem) the gateway checks your Hughes assigned IP number (which was encapsulated in the original packet)..
    If it is one of the 10.X.X.X (LAN) numbers, the gateway substitutes *it's own* IP number, makes note of it, and sends it off to the desired destination.. Upon receipt of the response, the gateway "sees" this packet was mean for you, modifies it accordingly with your LAN IP, and sends it on to be uplinked and returned to you, via satellite..

    The act of the gateway substituting it's *own* IP for your LAN IP, is the act of a "proxy".. And is important..

    Of late we have seen many posts concerning FTP problems, most relate to new people who have been assigned these LAN IP's..
    This is, I feel anyway, a flaw in the Hughes proxy software on their gateways.. Whether this "flaw" is by design, or an oversight, is unknown.. Hughes claims not to support FTP, one of the most fundamental and important protocols used on the Internet..
    Because of Hughes use of LAN IP's, all people who have been assigned one of these *have* to (probably) use the proxy/firewall settings of their FTP clients.. That is until Hughes makes this
proxy operation *completely* transparent to end users..
    Some FTP Clients also have a PASV setting.. PASV is an FTP server command, telling the Host that you want a server to server file transfer.. This simply means that the server (gateway) is suppose to
get the file (packet at a time) from the desired source, then send it on to you.. Again, a third party, proxy, transaction..

    Before we conclude, let us also touch on the difference between a gateway and a proxy server..

    In the standard Unix sense of the term, a "gateway" is a routing computer.. It's function is to play Internet mailman.. It's job, is to receive packets from 2 or more separate networks, then send them to their proper destination network.. If it can not send the packet to the correct, final network, it sends it on to another gateway who can.. All packets arriving/leaving are valid packets..
It does not check content, etc.. It simply delivers them..

    A proxy server is a machine that does the transaction for you.. The network may have valid, or LAN IP's..
    First, it checks to see what you want it to do.. Depending upon the administrator, it may, or may not, allow you to do certain things/go to certain places.. It can also restrict time of day for transactions, etc..
    A proxy is, usually, but not always, what is called a "firewall".. A machine (software) designated to protect the network it serves from "bad guys" on the outside trying to gain access, and protect the owners/administators from shenanigans pulled by people on the inside.. I.E. employees looking a porn all day, kids playing their bandwidth hogging games, and so on..

    Hughes "gateways" have *always*, even before the use of LAN IP's, fallen somewhere in between.. A good example of this is FAP..
The gateway/proxy limits your speed after you have accumulated a certain, as yet undefined, amount of traffic..
    They have also "filtered" destinations/TCP ports.. Most of the destinations/ports they have locked out were users who FTP 'ed a large volume of files from private sites.. This "filtering" was proven beyond a shadow of a doubt, but denied by Hughes.. (Per Usual)..

    I hope this info was of use, folks, and any comments/facts/etc are certainly welcome..

    back