Sandvine Incorporated is a networking equipment company based in Fremont, California, United States. Sandvine network policy control products are designed to implement broad network policies, ranging from censorship, service creation, billing, congestion management, and security. Sandvine targets its products at consumer Tier 1 and Tier 2 networks including cable, DSL, and mobile.
Company history
Sandvine was formed in August 2001 in Waterloo, Ontario, Canada, by a team of approximately 30 people from a recently closed Cisco acquisition, PixStream. An initial round of VC funding launched the company with $20 million. A subsequent round of financing of $19 million was completed in May 2005. In March 2006 Sandvine completed an initial public offering on the London AIM exchange under the ticker 'SAND'. In October 2006 Sandvine completed an initial public offering on the Toronto Stock Exchange under the ticker 'SVC'. Initial product sales focused at congestion management as operators struggled with the high growth of broadband. Many operators have shifted focus to revenue generating services and reducing operational expenditure. In June 2007 Sandvine acquired CableMatrix Technologies for its PacketCable Multimedia -based PCRF that enable broadband operators to increase subscriber satisfaction while delivering media-rich IP applications and services such as SIP telephony, video streaming, on-line gaming, and videoconferencing. In August 2015 Sandvine acquired Momac B.V. for its customer engagement technologies such that subscribers are presented with the most relevant message, offer or alert at the right time, on any screen, such that they can take immediate action. In February 2016 Sandvine acquired the assets of Teclo Networks AG for its TCP Optimization technology. In July 2017 Sandvine shareholders accepted a $562 million takeover bid from PNI Acquireco Corp., an affiliate of Francisco Partners and Procera Networks. The acquisition was completed on September 2017 when Sandvine shares ceased to be listed in the Toronto Stock Exchange. The acquisition was completed despite concerns raised by Ronald Deibert, the director of the Citizen Lab at the Munk School of Global Affairs at the University of Toronto who argued that the takeover required “closer scrutiny” by the federal government, largely in light of some of the activities done by two of Francisco’s portfolio companies. Most notably Procera Networks was part of a controversy where its technology is alleged to have been used to spy on Turkish citizens. In March 2018 the Citizen lab published a report showing strong evidence that PacketLogic devices from Sandvine could have been used to deploy government spyware in Turkey and redirect Egyptian users to affiliate ads. The Citizen Lab performed a number of tests contrasting the behaviour of network data traffic in these countries with a PacketLogic device procured independently.
Technology
Sandvine's technology focuses on policy management, including the control of spam, usage-based billing, quality of service, and P2P throttling. They use FreeBSD as the basis for their appliances. Rather than identifying individual messages, spam control is based on identifying sources of spam from behaviors such as using multiple SMTP servers and using multiple source domains and large address books. Quality of service control is provided for a range of media applications including video conferencing, VoIP, and gaming. The P2P throttling focuses on Gnutella, and uses a path cost algorithm to reduce speeds while still delivering the same content. Stateful Policy Management uses stateful deep-packet inspection and packet spoofing to allow the networking device to determine the details of the P2P conversation, including the hash requested. The device can then determine the optimal peer to use, and substitute it for the one selected by the P2P algorithm by " in the middle, imitating both ends of the connection, and sending reset packets to both client and server." The usage-based-billing includes pre-paid and post-paid 3G and 4G mobile access, as well as all fixed access. According to research by Citizen Lab, products sold by Sandvine are being used to facilitate censorship of the Internet in Egypt, an allegation the company denies.
Sandvine products were used by Comcast in the United States to limit number of sessions of Internet traffic generated by peer-to-peer file sharing software. Sandvine's current traffic discrimination product, Fairshare, is described in detail in an RFC. According to independent testing, Comcast injected reset packets into peer-to-peer connections, which effectively caused a certain limited number of outbound connections to immediately terminate. This method of network management was described in the IEEE Communications, May 2000 article "Nonintrusive TCP Connection Admission Control for Bandwidth Management of an Internet Access Link". A product whitepaper published by Sandvine confirms that its products are configurable to use "Session Management" capability to prevent customers using BitTorrent from providing uploads to peers who are not close to them on the network. This affects all uses of BitTorrent.
In cases where a subscriber is a “seeder” and uploads content to an off net “leecher”, session management is an effective strategy... the subscriber may be session managed without negative impact. This is the default behaviour for Sandvine’s session management policy and limits external leechers from connecting to internal seeds.
