Skip to content

Top Best Ask Show New Jobs

Ask HN: How do carriers throttle streaming to 480p resolution?

97 pointsakouri4y ago119 comments

I have seen that most carriers, by default, have a "stream saver" turned on, which, I am assuming detects when you're on YouTube or Netflix and automatically throttles your bandwidth to these sites. Assuming these connections are happening over SSL, how are the carriers able to modify the sites to disable users from selecting HD or 4k resolutions?

119 comments

73 comments · 23 top-level

jrrrr4y ago· 14 in thread

I assume carriers limit only the _bandwidth_, and count on streaming apps to react by automatically degrading the resolution.

I don't use Apple TV much, but one of the things I like about it is how it lets me download the video file locally. The quality is so, so crisp. I pay for the more expensive version of Netflix, but it's not quite the same start to finish.

Yeah, I hate watching 15 minutes of something at low quality because one TCP packet was dropped. Paranoia leads to the most user satisfaction ("at least the show didn't freeze") but I would rather buffer the thing locally and watch in uninterrupted 4k @ 50Mbps or whatever. (Also, what's the point of gigabit internet if I can't watch a measly 50Mbps stream?)

Piracy is also great for this

drclau4y ago

Netflix mobile apps allow you to download most content, too, so you can compare the quality to streamed content. However, then you are limited to phone/tablet screen size for comparison.

I want to opt out Adaptive Streaming entirely from all services. It's better to have buffering time (actually rarely happen) than seeing fucking 480p video.

closewith4y ago

I only wish their Apple TV hardware allowed you to do this.

Does it download it in Blu Ray quality? (~10GB per movie)?

This; "adaptive streaming" is the keyword. A video on the web is actually a series of mp4 files which are a few seconds length each. They are generally assembled at runtime via JavaScript or native technology into continuous playback. The browser/app monitors whether chunks are downloaded fast enough to assure continuous playback. That's also why often streams start in low quality (to minimize buffering time) and once the app knows it can go to higher resolution, it switches at the next boundary between the chunks.

HLS automatically will download a smaller res chunk if it can’t keep up. Video players (and some formats) react to strangled bandwidth

Not likely as a common workaround was streaming over a VPN service or SSH tunnel.

No, that still makes sense. They limit the bandwidth to/from a particular domain. The VPN hides that. SSL doesn't.

franga20004y ago

That actually makes it more likely. They're limiting speed to certain IP ranges, corresponding to streaming provider servers. If you connect via a tunnel, the destination address is different and therefore your traffic isn't throtteled.

rahimnathwani4y ago

They could throttle bandwidth selectively, based on destination IP address range.

asow924y ago

HLS handles this well.

Bedon2924y ago· 12 in thread

The urls that are used for the streams are pretty well known, and can limit all traffic on those URLS to specific speeds. Here are a few for example:

Twitch: *.ttvnw.net

Netflix: *.nflxvideo.net

Hulu: *.hulustream.com

YouTube: *.googlevideo.com

Amazon Prime: *.aiv-cdn.net

Edit: This is by no means the only way to do it, just a potential way to do it.

joecool10294y ago

This is mostly the correct answer, some creative Plex users with shitty cable ISP's (lookin at you Optimum) will run their connections through Cloudflare to avoid upstream throttling of video. It all looks like TLS traffic at the end of the day and since Cloudflare is probably the most common CDN, they can't apply rules to this range.

For mobile ISP's like T-Mobile, they cannot tell that video content is streamed through a VPN protocol like wireguard (but they could add large public providers to the list).

As a good rule of thumb I tell people to run speedtests from both speedtest.net (which is usually whitelisted by every provider) and fast.com (which usually shows up as Netflix video traffic) to see if 'video shaping' rules are in effect.

watermelon04y ago

FYI Cloudflare terms of service (at least for free accounts) doesn't allow using it for video streaming purposes such as Plex:

https://community.cloudflare.com/t/is-plex-allowed/172158/5

Don't forget that Netflix has it's own CDN, so you could just throttle anything from that peering connection knowing that only video content is coming from it.

Oh, wait, they've already been doing that for <insert Gary Oldman> EVERYONE!</insert>

But isn't this over HTTPS? I know the DNS lookup may leak the domain, but that's heavily cached.

I think its just network analysis or possibly even those caching servers that are run by ISPs which hold onto content network's most heavily used files.

desdiv4y ago

I see two possible ways:

1. during the TLS handshake, the domain name itself might be sent in the clear if the SNI extension is used, and if the SNI extension isn't encrypted[1]

2. if the carrier knows the IP, then they can do a reverse DNS lookup to find the domain name

[1] https://stackoverflow.com/questions/499591/are-https-urls-en...

nitwit0054y ago

They likely have a peering setup with each of these companies, so they know the IP address ranges they're using for this video traffic. They can tag the traffic and shape it (drop packets in excess of some rate).

But the provider knows where you are connecting, no matter if https is used or not. Https will encrypt the payload/data (layer 7) not where you are connecting (layers 3/4)

brewmarche4y ago

SNI leaks the host name over HTTPS. Also, if the IP addresses are distinct enough they could be used to detect the destination as well.

sumtechguy4y ago

The packet header would leak that info too with src/dst IP addresses.

Would a vpn work around this?

rwc4y ago

Yes, the challenge is some of those sites don’t allow streaming on a VPN.

betterunix24y ago

Yes in my experience.

frankjr4y ago· 10 in thread

How do mobile carriers know video resolution over HTTPS connections?

https://security.stackexchange.com/questions/172212/how-do-m...

betterunix24y ago

They do not know, but they also do not need to know. Technically they are not limiting resolution, they are limiting throughput on their network; the streaming service will reduce the resolution to avoid long lag/loading times for users.

> Verizon doesn't LITERALLY recognize and block encrypted HD video... but it has agreements with services like Netflix and Youtube that require THEM to recognize Verizon IP address ranges & respect any limits imposed by Verizon.

This is an interesting 'answer', but how would 'tiered' unlimited plans work if it was handled by the streaming service and not the ISP? Some allow unlimited 480 while the higher priced plans allow unlimited HD.

I can only echo the sole comment under that answer:

> Do you have a reference/proof for the first paragraph about agreements?

---

IMHO, I find this hard to believe myself. The team(s) in charge of implementing this functionality likely don't have the requisite high level of lateral coordination necessary to facilitate agreements with all the major streaming services.

Practically speaking, I see this sort of thing as balancing

1) total network saturation/hard capacity limits

2) encouraging user base to use more data up to thresholds in (1)

3) customer experience (wrt data overages)

likely in that order.

This functionality isn't a first-class user-facing "generate piles of money"-center; it describes limitations and conservatism and risk balance. It isn't a "pedal to the floor" sort of subject, but more of a continuous optimization concern.

I don't really see telcos going to all the streaming services and working out agreements given this sort of status quo/sentiment. It's more the sort of thing that is kept internal.

And then of course there's the fact that this would be playing out for every telco relative to every streaming service.

At that point everyone would just throw their hands up in the air and make a global standard for cooperative ratelimiting, and we'd all know about it. For the first few years it would be obscure and you'd have to google the terms a few times to correctly identify it, and then someone would put a 43% quality JPEG screenshot of the documentation on facebook and it would go viral and get linked to 5G causing cancer or whatnot.

It's just IP ratelimiting.

The ISP could use different IP ranges for the different tiers, and just communicate those ranges to the streaming providers they have agreements with.

missedthecue4y ago

Why would netflix and youtube agree to that? What's in it for them? The way it's described seems like Verizon has no recourse if they just refuse to sign such an agreement with Verizon.

If there is net neutrality Verizon has no way to force streaming companies into this kind of contract, except perhaps by paying them to provide worse service.

Tl;dr streaming video protocols often have unique traffic shapes, and you can also make reasonable guesses as to the resolution of the served video. After that, the provider simply throttles bandwidth of the connection.

What a great post.

unfocussed_mike4y ago

You learn something new every day... ace.

The top-rated answer there is IMHO an excellent response to OP's question.

akouriOP4y ago

Yes, it is

deepsun4y ago· 5 in thread

But I have another question -- are ISPs allowed to do that, considering net neutrality? At least in countries/states where it's still alive?

I think some of it is optional, they pitch it as a data saver so you don't run out of data. Or tell you can get unlimited streaming data as long as its low resolution. And for QoS reasons, to keep bandwidth available for everyone. I think they are attempting to do it across the board for all video, so its not prioritizing one specific service over another. And remains semi neutral, I guess.

HWR_144y ago

What's really interesting about TMobiles plan is(was) that they would zero rate any video service that allowed them to set the steam to 480p. I don't know if small players ever made it through the process, but that universal option may have been legally required to avoid that same question.

scarface744y ago

Someone posted on HN that they just submitted an application to T-mobile to have their non profit video stream zero rated

ars4y ago

At least with T-Mobile it's a checkbox, you can turn it on or off as you choose, and they give you data benefits (such as zero rating or extra data) if you turn it on.

AtNightWeCode4y ago

Yes, in some countries there is even free traffic for some services. Carriers have free Spotify traffic and so on.

PaulHoule4y ago· 4 in thread

Even if they can't look into an SSL connection they can measure the amount of data going through it and rate limit it.

jerf4y ago

A streaming video connection will also have a fairly characteristic bandwidth usage pattern. Tracking the requisite state is a bit tricky, but doable. This would allow them to throttle anything that looks like video streaming.

Whether or not they do this, I don't know. But it is technically feasible.

Now, technically, it is probably pretty obvious that what they ought to do is just limit bandwidth or not, regardless of what it is used for. But the rest of the business, and for that matter the rest of the world, conceives of video streaming as something different than "just using bandwidth", so they'll sign contracts about how video streaming will be treated better or worse depending on this or that condition ("Free netflix as long as we can throttle it", "we'll prioritize Disney+ because they paid us and everyone else gets degraded", etc.), so even if it makes no "logical" sense, network hardware will just have to figure out what "video streaming" is to fulfill the contracts whether the engineers like it or not.

PaulHoule4y ago

Most of the common protocols for streaming video involve making a series of http requests to fetch short segments of video from a server. If there wasn't pipelining or QUIC requests going on it would be pretty obvious what was going on, but maybe less so if the requests were spread out across a number of servers.

With pipelining or some other protocols the signature is going to be a sustained download that runs at a rate less than the maximum possible.

If the servers are being found through DNS that's another tool to figure out what is going on. If not, the carrier is going to want a list of IP blocks associated with video streaming.

What I don't get is customers caring a lot about whether they are getting 480p vs better. The old NTSC video was outright awful, and the difference between that and 480p is greater than that between a clean 480p and 720p, 1080p or even 4k. In the best circumstances the returns are diminishing but if you are viewing on a little phone screen in bright light what's the point?

And they can look at the IP address and see if that matches their list of streaming servers.

unfocussed_mike4y ago

I guess this is the $5 hammer.

AtNightWeCode4y ago· 2 in thread

I think the most honest reply is that the open Internet does not exist in the western world. Read that again. All major traffic from MS, Netflix and so on is already very segregated. There are several locations were any provider can do QoS in layer 7.

And do not underestimate the power of carriers. They are the reason why you can not use mobiles on a plane.

>They are the reason why you can not use mobiles on a plane.

The reason you can't [reliably] use mobiles on a plane is the network is designed for terrestrial use with slow handoffs from tower to tower

The signal is shaped to keep it aimed more-or-less downward, and is intended to hand-off from tower to tower at "normal" travel speeds (say, up to ~100mph)

Could handoffs be designed to work at 500kts? Sure

Could towers be designed to aim a notable chunk of signal upwards into the emptiness of sky and space? Sure

But why? The overwhelmingly-typical use case is that of billions of people on the ground moving slowly

The number of airplanes in the air at any given time is minuscule in comparison

AtNightWeCode4y ago

Yes, but the point was. The carriers asks the aviation companies to tell their customers to not have the mobile phones on cause all the fast moving phones causes problems with the mobile networks.

flerchin4y ago· 2 in thread

I don't think we can assume that the video is transferred over SSL.

These days it is nearly 100% of the time because browsers will put up lots of scary warnings for non-HTTPS requests (and most video these days is delivered in chunks over HTTPS instead of custom or lower-level protocols).

On native apps, there's no scary warnings, and https isn't free. Especially at scale.

fumar4y ago· 1 in thread

I assume its domain based. When I use a VPN for video on T-mobile there is no resolution or speed decrease. I've tested this several times with 4g and 5g areas and browser vs. apps like YouTube.

s8004y ago

I don't think this can be the case across the board. I control the reverse DNS for my cable modem IPs and still see the downgrades during peak-neighborhood hours.

It is somewhat rare but not entirely unheard of for carriers to have agreements with the major streaming providers, and so in some cases the streaming provider will actually aid in the process. Most of the time, however, this isn't needed because what's actually happening is limiting bandwidth, not resolution, but there is a very strong correlation between the two, so by limiting bandwidth you end up with the desired effect of limiting resolution.

These days most streaming providers use some form of adaptive streaming in which client-side logic decides to get bigger or smaller "chunks" of video based on how quickly prior chunks downloaded. A rudimentary solution for a carrier would be to simply implement logic like, "if throughput to device X > someLimit, add a delay in delivering packets to device X". From the client's perspective, getting the bigger (and higher quality) video chunks will take too long, so it will naturally shift to the smaller (and lower quality) chunks.

Denatonium4y ago

I know from experience that T-Mobile uses TLS-SNI (and possibly DNS) to determine the hostname of the HTTPS site being visited. If it is a known streaming service, the connection is throttled.

In T-Mobile's case, this throttling can be avoided by using a tool such as GreenTunnel which can run in Termux (on Android) and works by spliting the SNI portion of the ClientHello into two TCP segments. Their DPI appliances are too dumb to reassemble the fragments and correctly categorize them as going to a streaming service.

The best part about GreenTunnel on Android is that it runs a local HTTP proxy, which you can adb forward to a PC so that you can watch 4k Netflix on your computer using your unlimited T-Mobile plan (this doesn't count as tethering, as the IP packets originate on the phone).

Most large ISPs are running CDN nodes for the streaming providers out of their own NOCs. Those nodes are provided by the streamers and work with the ISP’s QoS policies.

Sometimes my Amazon firestick/prime video goes to crap as if my network connection was really bad. I hop on my google wifi gizmo and run a speed test and get 100-200mbps down. Then sometimes the movie starts playing just fine. It's like they want to throttle my connection unless I'm looking.

MNOs really don't need to know the traffic source address to apply throttling.

As per the throttling algorithm, most of the times it's a Leaky Bucket variant (https://en.wikipedia.org/wiki/Leaky_bucket). The variant usually allows short bursts of packets, then throttles down the downstream traffic for long connections to match the configured rate.

A trick to know if the operator is using DPI to extract the SNI in HTTPS/encrypted traffic: play a YouTube video, then do a speed test (e.g. iperf) while it is playing. Two things could happen: either both apps are throttled (no DPI) or only Youtube is (there's some level of DPI).

znpy4y ago

I'd try two things:

1. try and see if accessing youtube through a vpn improves the bandwidth (in that case, your ISP is probably looking at both dns requests and connection endpoint ownership)

2. preload and buffer whole videos (es: https://www.technorms.com/35122/preload-buffer-entire-youtub...) this aims to get your traffic usage pattern not having the "usual" shape of a typical youtube session (that is: brief burst of full-speed downloads)

sgt1014y ago

Contention happens in many places in the pipe, it can happen because of the path or because of a fault. It can happen inside the streaming providers infrastructure or in the egress. The delivery system adapts to the bandwidth that is available and chooses all sorts of ways to deal with this.

tgsovlerkhgsel4y ago

I thought at least some of the services offered a DNS-based approach (similar to Google's "forcedsafesearch" cname - https://support.google.com/websearch/answer/186669?hl=en), but I couldn't find any documentation.

Possible otheroptions:

- agreements with the service providers to throttle users from certain netblocks (the carriers partner with the service providers to some extent e.g. to deploy CDN nodes, so such agreements would be plausible)

- throttling bandwidth (potentially selectively to/from streaming providers) and letting the service figure it out

- separate host names for high res content that can be DNS-blocked

evanreichard4y ago

A good way to check this is with fast.com - which uses Netflix's infrastructure to perform a speed test.

My provider limits me to ~1.5Mbps, but the second I connect to a VPN (WireGuard - hosted on my homes 1Gbps/1Gbps connection), it goes up to ~50Mbps.

Two clarifying questions:

1) What does the feature look like, screenshot-wise?

2) Can you confirm the HD/4K option actually disappears or is disabled, or if the site(s) in question just trend toward autoselecting 480p/720p over time?

Like most other comments here I suspect IP-based bandwidth limiting. Given the unbounded complexity scale of keeping the internet actually working :) I can totally see infrastructure being able to single out the activity of a single connection and track what it's doing over time. The chances are the implementation is eyebrow-raisingly impressive but still compact and approachable at the end of the day.

DigitallyFidget4y ago

I can't really comment on how they do it. I can speculate, but there's already endless comments of speculation.

What I can add is that it's to do with IP or DNS monitoring from the carrier or server. My SO who uses Verizon noticed it, and so I setup a home VPN for him, and when connected to it, all throttling disappears and everything is accessible at full 5G speeds. We have gigabit internet, so it's trivial for our network to handle the VPN traffic of streaming.

kjellsbells4y ago

The standard way is to restrict bandwidth using traffic shaping at the EPC, the software that the telco operator uses to connect devices on the cellular network to upstream networks like cloud and internet. The magic phrases to google are video optimization and GiLan services.

zokier4y ago

They could be just cooperating with the major streaming services.

I use Visible and noticed this.

As soon as I enable a VPN (I use PIA), speeds go back to normal.

qwerty4561274y ago

I hope this doesn't happen to videos in which people teach to code or teach to use particular apps - 480p can be insufficient to read display text reliably if recorded at full HD.

j / k navigate · click thread line to collapse