Secure and reliable mobile internet
Being a provider of a public electronic communications network, Lebara is responsible for ensuring net neutrality for its users. As a user of the Lebara network, you are using the KPN network on a wholesale basis. As such, references to the “Network Provider” below are references to the Lebara network, which in turn uses the KPN network on a wholesale basis. Mobile Internet is becoming ever more important. That is why the Network Provider takes security measures to protect you and the network, and safeguards the service through measures to maintain and protect capacity.
Since 1 January 2013, the subject of net neutrality has been included in the Telecommunications Act. This means that, among other things, nothing is allowed to be blocked within the internet access service and that different traffic flows must be treated equally. There are three exceptions to this:
Later in this document we will explain how and why the Network Provider makes use of these exceptions and how it may affect you, the user.
The Network Provider uses a “firewall” for incoming traffic on mobile internet services. The firewall prevents third parties from sending unsolicited data to your mobile connection that could give rise to unwanted data volumes and costs for you. The firewall also repels other threats from the internet.
If a DDOS (Distributed Denial of Services) attack is made on the network via the internet, the Network Provider can take action to intercept malicious traffic selectively. For this purpose, the Network Provider looks at patterns so as to be able to distinguish between malicious traffic and legitimate traffic, and block malicious traffic. This enables the Network Provider to protect its network and to minimise the risk of causing an interruption of the service to you.
Globally, the majority (an estimated 90%+) of all e-mail traffic is unsolicited. It is very important for you and for the Network Provider that measures are taken to keep this spam out of the network to the greatest possible extent. Not only does this prevent e-mail boxes from getting full too quickly, but also if a lot of spam messages are distributed from a particular network, other network providers across the world will block e-mail traffic from that network (this is called “blacklisting”). Consequently, the Network Provider takes optimal measures to counteract spam.
Many internet service providers permanently block Port 25, and thereby e-mail traffic from the internet, so as to prevent spamming. Port 25 is used by e-mail programs such as Outlook to send mail via a mail server (SMTP). So that you, as a user of the network, may still send mail from your smartphone account, the Network Provider will ensure that spam is removed from mail to over 200 of these internet service provider mail servers. The Network Provider therefore does not block Port 25 for mail from your cell phone. The outgoing e-mail traffic to the Network Provider’s SMTP server is not blocked unless the Network Provider detects spam or abuse. As with the protection against DDOS attacks, the Network Provider may intercept spam traffic selectively. For this purpose, the Network Provider looks at patterns so as to be able to distinguish between malicious traffic and legitimate traffic, and block malicious traffic.
If there is a sharp peak in internet traffic, congestion may occur. Congestion may also occur in the event of a malfunction in (either the whole or part of) the network, because less capacity is available. Congestion can be experienced in different ways; signalling is necessary in addition to user traffic (data and voice). This is needed in order to make a connection and, in line with the standard, will take precedence where necessary so as to make communication possible on the voice and data flows. However, within the internet traffic the Network Provider makes no distinction between traffics flows. Because of the scarcity of IPv4 addresses that has arisen as a result of the growing demand for mobile internet access, and so as to ensure that the internet access capacity is as great as possible, the Network Provider uses “Carrier Grade NAT” on its mobile internet services.
The Network Provider endeavours to provide the best possible network service, and therefore invests in a mobile network that is designed in accordance with the prevailing international technical standards. Those standards provide that voice (traditional telephony) and “signalling” (essential exchange of data between network and peripheral to facilitate the service, including SMS) are treated differently from the data (internet) service. You can visit the following websites for more information on the international standards:
GSMA;http://www.gsma.com/technicalprojects/technical-programme ETSI and the 3G Partnering Program (3GPP); http://www.etsi.org/about/our-global-role/3gpp
In the GSM (2G) radio network this means that time slots are allocated to signalling, voice and data on the radio network. In the UMTS (3G) and LTE (4G) radio networks this means that voice is classified in a different Quality of Service (QoS) class from data (ETSI 3GPP TS 23.107). For mobile networks no special capacity is reserved in advance for customers in the (radio) network. The capacity is always distributed evenly among customers that use the network at the same time. The Network Provider decides the required mobile network capacity based on the anticipated usage. This is determined on the basis of the expected number of customers and the trend observed in the peak traffic. Expansions are launched in good time within the capacity and planning guidelines.
Finally, the Network Provider ensures that statutory measures are implemented. The Network Provider will never block access to particular sites unless this is stipulated by a court order or otherwise required by law.