1 Requirements of Carrier Grade NAT (CGN) draft-nishitani-cgn-00.txt draft-shirasaki-isp-shared-addr-00.txt NTT Communications Corporation Shin Miyakawa.

Slides:



Advertisements
Similar presentations
CST Computer Networks NAT CST 415 4/10/2017 CST Computer Networks.
Advertisements

CPSC Network Layer4-1 IP addresses: how to get one? Q: How does a host get IP address? r hard-coded by system admin in a file m Windows: control-panel->network->configuration-
Transitioning to IPv6 April 15,2005 Presented By: Richard Moore PBS Enterprise Technology.
1 Ports and IPv6. 2 Ports Transmission Control Protocol (TCP) or the User Datagram Protocol (UDP), used for communication Generally speaking, a computer.
Halifax, 31 Oct – 3 Nov 2011 ICT Accessibility For All 4over6 technology for IPv6 transition Yong CUI CCSA (Tsinghua University) Document No: GSC16-PLEN-71.
© 2008 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 W. Schulte Chapter 5: Network Address Translation for IPv4  Connecting.
1 Teredo - Tunneling IPv6 through NATs Date: Speaker: Quincy Wu National Chiao Tung University.
Addressing the Network IPv4
Enabling IPv6 in Corporate Intranet Networks
CS 4700 / CS 5700 Network Fundamentals Lecture 15: NAT (You Better Forward Those Ports) Revised 3/9/2013.
Securing Remote PC Access to UNIX/Linux Hosts with VPN or SSH Charles T. Moetului WRQ, Inc. (206)
SIP Traversal over NAT Problems and Solutions Mr. Ting-Yun Chi May 2,2006 (Taiwan,NICI IPv6 R&D Division)
ISP SP Network Egress Points Ingress Point Protocol-Specific Egress Decision IP Header Payload Transit Header IP Header Payload IP Header Payload.
NAT TRAVERSAL FOR IPSEC Research Seminar on Datacommunications Software HIIT
Computer Networks An Overview. A Computer Network!
1 Internet Networking Spring 2004 Tutorial 13 LSNAT - Load Sharing NAT (RFC 2391)
K. Salah 1 Chapter 31 Security in the Internet. K. Salah 2 Figure 31.5 Position of TLS Transport Layer Security (TLS) was designed to provide security.
COS 420 Day 18. Agenda Assignment 4 Posted Chap Due April 6 Group project program requirements Submitted but Needs lots of work Individual Project.
NAT: Network Address Translation local network (e.g., home network) /24 rest of Internet Datagrams.
Understanding Networks. Objectives Compare client and network operating systems Learn about local area network technologies, including Ethernet, Token.
Introduction To Networking
1 Spring Semester 2007, Dept. of Computer Science, Technion Internet Networking recitation #12 LSNAT - Load Sharing NAT (RFC 2391)
Andrew Smith 1 NAT and DHCP ( Network Address Translation and Dynamic Host Configuration Protocol )
Chapter Overview TCP/IP Protocols IP Addressing.
A Model of IPv6 Internet Access Service via L2TPv2 Shin Miyakawa NTT Communications 2006/7/10 IETF66th.
Middleboxes & Network Appliances EE122 TAs Past and Present.
Support Protocols and Technologies. Topics Filling in the gaps we need to make for IP forwarding work in practice – Getting IP addresses (DHCP) – Mapping.
1 26-Aug-15 Addressing the network using IPv4 Lecture # 2 Engr. Orland G. Basas Prepared by: Engr. Orland G. Basas IT Lecturer.
1 26-Aug-15 S Ward Abingdon and Witney College CCNA Exploration Semester 1 Addressing the network IPv4 CCNA Exploration Semester 1 Chapter 6.
Network Layer4-1 NAT: Network Address Translation local network (e.g., home network) /24 rest of.
CS 5565 Network Architecture and Protocols
Network Protocols. Why Protocols?  Rules and procedures to govern communication Some for transferring data Some for transferring data Some for route.
CS 3214 Computer Systems Godmar Back Lecture 24 Supplementary Material.
© MMII JW RyderCS 428 Computer Networking1 Private Network Interconnection  VPN - Virtual Private Networks  NAT - Network Address Translation  Describe.
Introduction to Network Address Translation
CS 540 Computer Networks II Sandy Wang
Module 4: Designing Routing and Switching Requirements.
TCP/IP Protocols Contains Five Layers
From IPv4 only To v4/v6 Dual Stack - IETF IAB Technical Plenary - Shin Miyakawa, Ph.D. NTT Communications Corporation
ISP Edge NAT 10/8 “Home” Network Upstreams and Peers /32
1 Network Layer Lecture 16 Imran Ahmed University of Management & Technology.
1 Chapter 8 – TCP/IP Fundamentals TCP/IP Protocols IP Addressing.
Data Communications and Networks
6to4 Provider Managed Tunnels draft-kuarsingh-v6ops-6to4-provider-managed-tunnel-02 Victor Kuarsingh, Rogers Communications Inc.
Chapter 13 The Internet.
© 2008 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 Chapter 11: Network Address Translation for IPv4 Routing And Switching.
1 Requirements for IPv6 prefix delegation for IETF-55 th at Atlanta, Nov.2002 Shin Miyakawa NTT Communications / WIDE Project
Deploying IPv6, Now Christian Huitema Architect Windows Networking & Communications Microsoft Corporation.
IPSec VPN Chapter 13 of Malik. 2 Outline Types of IPsec VPNs IKE (or Internet Key Exchange) protocol.
NAT/Firewall Behavioral Requirements draft-audet-nat-behave-00 François Audet - Cullen Jennings -
NAT/PAT by S K SATAPATHY
Post IPv4 “completion” Making IPv6 incrementally deployable by making it backward compatible with IPv4. Alain Durand.
IETF 72 - RD1 IPv4-IPv6 Interworking without using NATs in ISP infrastructures The Global Address Protocol (GAP) Rémi Després draft-despres-v6ops-apbp-01.
© 2006 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Addressing the network IPv4 CCNA Exploration Semester 1 – Chapter 6.
CCNA4-1 Chapter 7-1 IP Addressing Services Scaling Networks With Network Address Translation (NAT)
CCNA4-1 Chapter 7-1 NAT Chapter 11 Routing and Switching (CCNA2)
HIP-Based NAT Traversal in P2P-Environments
Planning the Addressing Structure
Supplementary Material
Supplementary Material
Computer Communication and Networking
Requirements for IPv6 prefix delegation for IETF-55th at Atlanta, Nov.2002 Shin Miyakawa NTT Communications.
Introducing To Networking
New Solutions For Scaling The Internet Address Space
CS 3700 Networks and Distributed Systems
Firewalls Routers, Switches, Hubs VPNs
Planning the Addressing Structure
Chapter 11: Network Address Translation for IPv4
DHCP: Dynamic Host Configuration Protocol
Transport Protocols Relates to Lab 5. An overview of the transport protocols of the TCP/IP protocol suite. Also, a short discussion of UDP.
Presentation transcript:

1 Requirements of Carrier Grade NAT (CGN) draft-nishitani-cgn-00.txt draft-shirasaki-isp-shared-addr-00.txt NTT Communications Corporation Shin Miyakawa Tomohiro Nishitani

2 Agenda Background Concepts of CGN Network design of CGN Requirements for CGN Impact of service using CGN Conclusion

3 Background Because of IPv4 address “completion”, to allocate global IP address for CPEs is going to be difficult within few years. Basic strategy  Building NAT by ISP and allocating (newly defined) private IP addresses for CPEs  We call this as “Carrier Grade NAT (CGN)”.

Most conservative access model changes - introducing “Carrier-Grade NAT” - Access Concentrator Internet Global v4 address CPE With NAT Global v4 address End Host Private v4 address FTTH ADSL Access Concentrator With NAT Internet Global v4 address CPE With NAT (newly defined) Private v4 address End Host Private v4 address

We need new private space for CGN other than 240/4 Because we’d like to keep CPE router as is, we can not use /4 as CGN’s new private space.  Simply today’s IPv4 implementation does not work well on /4  If CPE router firmware can be upgraded, it means that it can be upgraded to IPv6 compatible. Way better. “dual stack lite” does not need this but it requires CPE router replacement. This is the pros-and- cons. We are discussing this issues in  draft-shirasaki-isp-shared-addr-00.txt

It looks v6 is not needed ? Please do not feel safe. CGN (and any other carrier-grade NAT scheme) has serious restrictions anyway. This draft is compiled to make CGN useful as much as possible but please note well that IPv6 will be needed eventually.  Discussion will be presented at IAB Technical Plenary on Wednesday.

7 Concepts of CGN Basic scheme  Sharing global IP addresses for CPEs High transparency  No checking and altering application layer data  Dropping as no data as possible High connectivity  Hairpining  Using UDP/TCP hole punching Fairness of communication for CPEs  Limiting ports and TCP sessions per CPE High availability High scalability Targets of I.D-nishitani-cgn

8 Network design of CGN Private IP addresses WAN 1 Private IP addresses LAN 1 CPE 1 Private IP addresses WAN2 Private IP addresses LAN 2 CPE 2 CGN 1 CGN 2 Global IP addresses NW STUN/TURN server UDP/TCP hole punching Hairpining CGN external IP address and port

9 Basic scheme Sharing global IP address for CPEs  REQ-1: A CGN MUST allocate one external IP address to each CPE. a) CGN external IP address of the UDP, TCP and ICMP MUST be same.

10 High transparency and high connectivity To comply with RFC and drafts which describe NAT behavior  REQ-7: A CGN SHOULD comply with [RFC4787] for unicast UDP.  REQ-8: A CGN SHOULD comply with [I-D.ietf-behave-tcp] for TCP.  REQ-9:A CGN SHOULD comply with [I-D.ietf-behave-nat-icmp] for ICMP. To support DCCP, SCTP and IPsec ESP

11 Fairness to communicate for CPEs (1/2) Limiting the number of the CGN external ports of UDP and TCP,TCP sessions and ICMP identifiers  REQ-2 c)  REQ-3 c)  REQ-3 e)  REQ-4 c) Allocating dynamic ports for CGN external UDP and TCP ports (from through 65535)

12 Fairness to communicate for CPEs (2/2) Exceptions of limiting ports and TCP sessions REQ-5  Reserving UDP and TCP ports for always-available services  Example of available services: POP3, SMTP, NTP …. REQ-6  To pass-through the communication between CPEs and specific hosts  Examples of specific hosts: POP3 server, DNS server, WEB server ….

13 Impact of service using CGN 1. Effects of NAT functions  VPN, P2P, VoIP  No using UPnP 2. Limiting the number of ports, TCP sessions and ICMP identifiers  Using many TCP sessions simultaneously AJAX, Web site including rich content, P2P  Using many TCP sessions in short time RSS reader 3. Sharing global IP addresses for CPEs  API which checks only IP address during authentication

14 Conclusion Concepts of CGN  High transparency  High connectivity  Fairness of communication for CPEs  High availability  High scalability Impact of service using CGN  Effects of NAT functions  Limiting the number of ports and ICMP identifiers  Sharing global IP addresses for CPEs

15 ( Fairness to communicate for CPEs ) REQ-9 a) When a CGN can't establish new session of TCP/UDP by limiting of TCP/UDP ports per user, the CGN sends an ICMP destination unreachable message, with code of 13 (Communication administratively prohibited) to the sender.