Quoting the article, the cause is identified "The Calix 716GE-I ONT device is working as designed by activating Denial of Service (DOS) attack prevention when too many connections are established, which includes jumbo or small packets". Sounds like a reasonable feature for residental devices, even if it isn't compatible with the niche usecase of running a Tor relay.
Probably the expected market for advanced users who would need this particular feature is tiny. Like, for the Tor relay usecase, there are something like 6000 relays worldwide, most of them probably provided by various organizations (where a single operator runs many relays) instead of hobbyists, most of them outside USA, and the vast majority of them using some entirely different network connection not affected by this particular device model in any way. The described scenario ("10000s of concurrent TCP sessions") is literally an edge case for residental use; the article does follow up with "What about BitTorrent or cryptocurrency and Web 3.0 apps?" but none of those have network behavior like that.
Like, perhaps this problem is also affecting other kinds of usage, but the original article does not attempt to claim that, and purely from their example it would be generous to assume that literally dozens of individuals would need this feature and, well, it's not worth to make and test features (even if they're just a configuration option) in this case.
Honestly, for various structural reasons, hobbyists are sort of actively discouraged from running Tor relays. It's less of an issue with middle relays than guard or exit but in practice Tor has a strong reliance on trust in relay operators, so small-bandwidth relays popping up onesy-twosy is much less desirable than institutional operators with significant resources.
Which is all just one reason that, of the set of people running Tor relays on residential internet connections, I'd wager a solid 99% shouldn't be.
A symmetric gigabit with unlimited transit isn't terribly small though. And the super-awesome side tail of residential service continues to march forward. My own home connection is symmetric 10 gbps.
The problem with this logic is that ordinary users don't become the target of a denial of service attack either. If it should exist at all, the default should be off. And if then no one would turn it on, it could just as well not exist.
Ordinary users become a target of DDoS way more often than you would think. These days it tends to be related to competitive multiplayer video games, but I'm sure there's still some IRC drama and small-time Minecraft hosting driving it.
In general it's extremely unlikely unless you are engaging in "high risk behavior," but at the scale of an ISP there are enough users doing that kind of thing (Twitch streaming, etc) that it becomes an appreciable frustration for your network operations.
> These days it tends to be related to competitive multiplayer video games, but I'm sure there's still some IRC drama and small-time Minecraft hosting driving it.
This sounds like the sort of thing with similar prevalence to things like running a Tor node. This might even be an example the other way, when your game server or what have you has thousands of peer connections and this thing breaks it by misinterprets that as a denial of service too.
I might be misunderstanding but doesn't the feature also help prevent home users' devices becoming part of a DDOS effort (high number of outbound connections)? There's stories here on HN about IoT devices and infected PCs/phones participating in DDOS on command. So I can see an argument that a home gateway device should try and help prevent participation by devices behind it.
In cases like that the correct answer is to detect weird behavior and call the customer on the phone to ask what's going on. If they say they know what it is because they're running Tor or hosting Ubuntu ISOs or playing P2P games or whatever, you don't have to do anything.
If they say they have no idea what you're talking about, you get to tell them they're infected, so they actually fix it instead of typing their bank password into the infected box the next week because you automatically removed the "huh, internet's slow" that might have led them to investigate it otherwise.
I like your idea and agree that implementing it would improve outcomes for customers. However, the ISP would be on the hook for additional customer support; it's a lot more involved to outfit your call center staff with playbooks for explaining exploited devices to an average customer than it is to toss in a semi-autonomous blocker. This does make things worse for "power users", but ISPs may have also found that said users are more willing to pay for special service agreements (a small business account for example).
It isn't at all clear to me that Centurylink sells a separate business-class service to residential addresses. I put in my home address at https://www.centurylink.com/small-business/business-fiber/ and was quoted the ordinary residential price.
Furthermore, you need some kind of ONT for fiber termination and it isn't clear that Centurylink uses a different ONT without this feature for business class customers.
