In the UK the common practice seems to be to set up dual APNs on a phone, and tell the phone to use one for its own purposes and one for tethering.

If you bought your phone independently of the carrier and don't have their locked down firmware then you can usually just delete the bad APN and everything will go back to normal.

DPI is available, but I'm not sure how often it gets used. If you want to have a play with it on your own then try writing a bit of C code to hook up libpcap to libndpi.

They have long been able to in theory - but do we have confirmation that they actually do so, for the purpose to hand? (distinguishing tethering from on-device)

This type of behaviour is classified as a 'revenue leak' within carriers and is a known irritant in the wireless telecom industry. The nature of the irritant is naturally completely dependent on your point of view (end-user vs. carrier).

Deep Packet Inspection (DPI) has several purported benefits and use-cases, most entirely technical and usually driven by entailing cost-saving/traffic steering requirements, with a few key use-cases around which revenue generating business cases can be modeled.

Distinguishing tethering from on-device traffic via DPI is one way of accomplishing this; there are other, potentially more cost-effective ways to accomplish the same behaviour as already noted in this thread elsewhere (e.g. user-agent detection). As per the OP, another detection method is to have the OEM add a special route/flag when tethering is detected. The nature of the flag takes various forms (which in this case resulted in a new sourceIP from a different subnet be assigned to the device).

Anybody that operates a network (wireless or fixed) implements similar traffic steering/shaping/QoS techniques. Without them, one cannot optimally leverage their heavy network capital investments.

I understand that the pressure to drive down costs ends up driving traffic shaping. Such pressure comes from customers , competition, shareholders and managers inside the organization. You sell me a product for a price; if I want a different product, the price will be different. BUT I should know and be able to choose what I buy. Don't lie to the customers.

PS.: Plus Carriers operate in a heavily distorted market (in most places competition is not free, there is heavy governmental influence and the customer has no choice) so the whole "invisible hand" argument I opened with is debatable.

Isn't user agent detection a form of DPI? They're looking inside the packets being sent, instead of simply using the level 2 and 3 information to determine where and how to route the packets.

Yes, user-agent detection is a form of DPI. At least in the telecom space, DPI often refers to investigating layer-7 packet payloads versus only parsing the L7 HTTP headers as an example.

Arguably, due to the nested encapsulation of the ISO model which we all loosely base our understanding of the various network and application protocols, one could technically claim that parsing an IP (or TCP) payload counts as DPI, but that's not how the term is generally marketed or used by vendors nor network engineering or operating teams.

The wikipedia DPI entry[1] is vague; IMO perhaps deliberately. For the purpose of this discussion, perhaps it would help to distinguish between source IP filtering (as per the OP) and L7 DPI capability.

Sure, my T-Mobile plan has "unlimited" data usage on my phone, but only 5G/month tethering. I can track my usage separately through their website.

Tethering is a standard feature for them now, but they used to require an add on and would track down people tethering without it. (AFAIK it was as simple as searching for desktop user agents)

iOS, Blackberry OS, and Windows Phone all honor carrier tethering flags -- if your carrier says "don't tether", the device will not legitimately tether.

We know that. It has been the case for time eternal.

We also know that carriers have long been able to detect tethering through deep packet inspection : People have been forced into upgrades, or have discovered surprising bonuses on their bill, when they tethered in defiance of that flag (whether through Android, or one of the hack tethering apps available on the other OS').

There is nothing new about this.

That's why you use a VPN.

Yes, but how can you tether your tablet/PC to the VPN connection established on your phone?

Use tethering, with all traffic on the computer sent through the VPN.

Or just use SSHDroid with TCP forwarding to make your phone a proxy without having tethering enabled.

On Android, when you use the inbuilt VPN functionality: no tethered traffic goes through the VPN.

Or just pay for answering machine rental instead of hooking your unapproved device up to Ma Bell's wires.

Demarcation points were invented for a reason.

Good luck doing that without being massively price gouged.