Network Management Practices
MACCENTRAL ARKANSAS TELEPHONE COOPERATIVE NETWORK MANAGEMENT PRACTICES
INTRODUCTION
This disclosure applies solely to the broadband services offered by Central Arkansas Telephone Cooperative (CATC). CATC may revise this disclosure from time to time without notice by posting a new version to the CATC website at https://catc.net. In the event of a conflict between any subscriber agreement or the Acceptable Use Policy and this disclosure, the terms of the subscriber agreement or Acceptable Use Policy shall govern. This disclosure does not create enforceable rights in the subscriber or any third party edge provider.
Central Arkansas Telephone Cooperative Coop (CATC) operates a robust and modern IP network, which serves two exchanges in Arkansas. Over this IP network we provide a variety of services including Voice, Video and Broadband Internet. CATC operates two network edge connections to the outside world for Internet access. All monitoring activities are performed by CATC personnel.
Core Network Overview
CATC utilizes a 100Gig core network to transport all services. Traffic is segmented into separate virtual routing and forwarding implementations based on service category (network management, voice, video, data, etc) however no prioritization or discrimination of forwarding traffic is performed, either within a service type or between service categories.
Distribution Network Overview
CATC utilizes 10 and 1Gig distribution rings to transport all services. Traffic is segmented into separate virtual routing and forwarding implementations based on service category (network management, voice, video, data, etc) however no prioritization or discrimination of forwarding traffic is performed, either within a service type or between service categories.
Access Network Overview
CATC operates 2 separate access networks with 2 service types:
A unified access network supporting Voice, Streaming Video and Broadband Internet.
- This access network supports Fiber to the Home deployments.
- Bandwidth packages available range from 150Mbit to 1000Mbit.
- The access network, “last mile” does prioritize certain Non-BIAS data services (specialized services) above Broadband Internet.
Specifically; - IP Voice
Network Edge Overview
Currently CATC utilizes 2 network connections, which are diversely routed.
CATC, through its upstream provider, has contracted sufficient capacity so that losing either link would not cause congestion under normal peak load conditions.
CATC does not discriminate, prioritize or block any legitimate forwarding traffic at our network edge locations.
General Network Principles
CATC, as much as reasonably possible, designs and operates its network based off of the following guiding principles:
- Where at all feasible, sufficient external bandwidth must be secured to allow the largest edge location to fail or the largest inter-site link to fail and still not suffer congestion during normal peak load utilization.
- The core and distribution networks should focus on forwarding traffic at the highest possible rates with no prioritization or traffic discrimination. For security purposes network traffic should be categorized into discreet service types and segmented via separate VRF and VLAN segments. Specifically, these references segmenting management traffic, ILEC voice traffic, and Broadband Internet traffic.
- The access network is directly facing the customer. The last mile loop is a dedicated resource to a specific customer, however because of last mile technology constraints it has the highest potential for congestion. CATC does prioritize certain Non-BIAS data services (specialized services) above Broadband Internet.
Specifically; - IP Voice
- Maintaining the security of the network is a top priority as such we will operate with commonly accepted security best practices.
NETWORK PRACTICES
Non-Discrimination Practices
With the exceptions listed under security practices, CATC does not apply any prioritization, rate limiting or blocking based on source, destination, protocol or port. CATC reserves the right (but does not undertake the responsibility) to block or degrade content, applications and services that are unlawful, that may violate the rights of third parties (e.g., copyright infringement) or that may pose a harm to our network or other customers.
Device Attachment Rules
CATC does not restrict what types of devices are eligible to connect to our network, however we can only provide direct end user support for devices for which we are familiar. In addition, all attached devices must be capable of making a valid access request (DHCP or PPPoE depending on network segment). At each demarcation we provide a single ethernet port for Broadband
Security Practices
In an effort to maintain the security of the CATC network and our subscribers as well as to abide by good Internet Citizenship, CATC utilizes the following listed security practices, which affect forwarded traffic delivered to our subscribers. In addition to this list, CATC utilizes multiple other mechanisms to sustain the Confidentiality, Integrity and Availability of the CATC network, however only those having a direct bearing on customer forwarded traffic are listed here.
Access Network
- Subscriber MAC addresses are tied to a validated DHCP request (utilizing option 82 tracking). IP addresses that are not properly requested / authenticated are not permitted to pass any traffic.
- Only traffic destined for a valid IP/MAC address pairing is terminated to a subscriber, broadcast flooded traffic is not delivered to the end user.
- All ARP requests within the access network are handled via proxy.
- An end subscriber that sustains more than 5 pps of ARP request for a 15 second period is automatically shut down for 30 seconds. After the 30-second blacklist period the port is automatically re-enabled, and the counters reset.
- An end subscriber that sustains more than 30 pps of IGMP traffic on the Broadband Internet service for a 15 second period is automatically shut down for 30 seconds. After the 30-second blacklist period the port is automatically re-enabled, and the counters reset.
- An end subscriber that sustains more than 5 pps of DHCP traffic on the Broadband Internet service for a 15 second period is automatically shut down for 30 seconds. After the 30-second blacklist period the port is automatically re-enabled, and the counters reset.
- DHCP broadcast requests destined to UDP port 67 (attempting to connect to a DHCP server) is not permitted to terminate to a subscriber end point.
- In the event of malicious activity, CATC may implement a temporary block at this network level restricting traffic, which may be harmful to the network as a whole. If such activity is necessary, the affected customer(s) would be contacted and worked with to remove the underlying threat.
- CATC collects performance characteristics in the aggregate at this level (link level utilization), which allows us to proactively plan in advance proper network scaling.
- If needed, when working with a subscriber to troubleshoot a problem, properly trained staff within CATC may perform real-time traffic analysis of subscriber traffic.
Distribution Network
- In the event of malicious activity, CATC may implement a temporary block at this network level restricting traffic, which may be harmful to the network as a whole. If such activity is necessary, the affected customer(s) would be contacted and worked with to remove the underlying threat.
- CATC collects performance characteristics in the aggregate at this level (link level utilization), which allows us to proactively plan in advance proper network scaling.
- If needed, when working with a subscriber to troubleshoot a problem, properly trained staff within CATC may perform real-time traffic analysis of subscriber traffic.
Core Network
- In the event of malicious activity, CATC may implement a temporary block at this network level restricting traffic, which may be harmful to the network as a whole. If such activity is necessary, the affected customer(s) would be contacted and worked with to remove the underlying threat.
- CATC collects performance characteristics in the aggregate at this level (link level utilization), which allows us to proactively plan in advance proper network scaling.
- If needed, when working with a subscriber to troubleshoot a problem, properly trained staff within CATC may perform real-time traffic analysis of subscriber traffic.
Network Edge
- In the event of malicious activity, CATC may implement a temporary block at this network level restricting traffic, which may be harmful to the network as a whole. If such activity is necessary, the affected customer(s) would be contacted and worked with to remove the underlying threat.
- CATC collects performance characteristics in the aggregate at this level (link level utilization), which allows us to proactively plan in advance proper network scaling.
- CATC collects netflow data on all external traffic flows to better understand network attacks.
- If needed, when working with a subscriber to troubleshoot a problem, properly trained staff within CATC may perform real-time traffic analysis of subscriber traffic.
- Traffic entering our network edge from the external side, sourced from an IP address within one of our network ranges is denied.
- Traffic traversing our network edge sourced from RFC1918 address space is denied.
- Traffic traversing our network edge sourced from loopback, link local or ‘this’ address (as defined in RFC 3330) is denied.
Service Controls
In an effort to maintain the security of the CATC network and our subscribers as well as to abide by good Internet Citizenship, CATC utilizes the following listed security practices, which affect Broadband Internet subscribers’ use of CATC provided Internet Services. In addition to this list, CATC utilizes multiple other mechanisms to sustain the Confidentiality, Integrity and Availability of the CATC network, however only those having a direct bearing on customer services are listed here.
- Recursive DNS queries are limited to those sourced from valid CATC IP address ranges. Authoritative DNS queries are answered regardless of source.
- Email relaying is only permitted if sourced from a valid CATC IP address range or from external source IPs that successfully authenticate.
- Authentication requests for email relaying are denied from some remote locations based on IP address reputation and previous malicious behavior.
- Email messages may not exceed 35 MB in size.
- Our edge spam filtering processes all emails passing through our servers, both inbound and outbound.
- All email accounts have a quota of 1GB of mail storage.
PERFORMANCE CHARACTERISTICS
System Performance
CATC has an ongoing performance-monitoring program, which tracks very closely link utilization, errors, and latency between key nodes on our system. Customers are encouraged to utilize external speed test sites and to report any inconstancies they notice.
Our service is based on a “best effort” technology, which means that all advertised speeds are an “up to” rating and not a committed information rate. The actual speed a customer will experience while using the Internet depends upon a variety of conditions, many of which are beyond the control of an ISP such as CATC.
CATC is required to perform testing on a random number of locations on a quarterly basis. This testing includes analyzing the download speed and the upload speed as well as testing the latency time. Once tested the results are compared to FCC required metrics. CATC continues to engineer their delivery speed in a manner that will ensure the location receives their purchased package speed and to maintain a latency standard of under 100ms.
Performance Data collected
CATC collects and analysis the following performance data:
- Netflow data for all external traffic.
- Per Interface counters for all Core links, Distribution links and Access uplink ports which include:
- Bits Per Second / Transmit
- Bits Per Second / Receive
- Packets Per Second / Transmit
- Packets Per Second / Receive
- Errors Per Second / Transmit
- Discards Per Second / Transmit
- Errors Per Second / Receive
- Discards Per Second / Receive
- Per node counters for all Core and Distribution nodes which include:
- CPU utilization
- Memory utilization
- Buffer misses
- Latency statistics between the core network and all distribution and edge nodes.
TERMS AND CONDITIONS OF SERVICE
Pricing
Pricing is available on our website at http://www.catc.net
Terms and Conditions
All subscribers are required to abide by our AUP, which is available at http://www.catc.net
To qualify for discounted rates, new customers are required to sign a contract for services which is available for review from our business office, at 501.865.3333.
Privacy Policies
- CATC reserves the right to inspect and analyze network traffic to assist in troubleshooting or service recovery as needed.
- CATC agrees to treat broadband customer’s confidential data with the same level of protection as required under CPNI.
Redress Options
End User:
All service concerns should initially be addressed to the business office at 501.865.3333. Our customer support staff will take ownership of the issue and work with internal resources to resolve any problems.
Edge Provider:
All complaints should be addressed to 501.865.3333. Customers found to be acting in violation of the AUP will receive two warnings and service may be disrupted upon the third complaint. Customer information will only be released upon receipt of a bona fide subpoena.
Click HERE to see the CUSTOMER PROPRIETARY NETWORK INFORMATION (CPNI)