CGNs in IP What are you going to do about it? Mark Kosters, ARIN Geoff Huston, APNIC.

Slides:



Advertisements
Similar presentations
Stacking it Up Experimental Observations on the operation of Dual Stack Services in todays Network Geoff Huston APNIC R&D February
Advertisements

Measuring IPv6 Deployment Geoff Huston George Michaelson
IPv4 Unallocated Address Space Exhaustion Geoff Huston Chief Scientist APNIC APNIC 24, September 2007.
IPv4 Unallocated Address Space Exhaustion Geoff Huston Chief Scientist APNIC APNIC 24, September 2007.
Ch. 23, 25 Q and A (NAT and UDP) Victor Norman IS333 Spring 2014.
Open Life in a Post IPocalyptic Network Scribblings by Geoff Huston. APNIC.
Measuring IPv6 Geoff Huston APNIC Labs, February 2014.
NAT, firewalls and IPv6 Christian Huitema Architect, Windows Networking Microsoft Corporation.
IPv4 - IPv6 Integration and Coexistence Strategies Warakorn Sae-Tang Network Specialist Professional Service Department A Subsidiary.
CPSC Network Layer4-1 IP addresses: how to get one? Q: How does a host get IP address? r hard-coded by system admin in a file m Windows: control-panel->network->configuration-
Transitioning to IPv6 April 15,2005 Presented By: Richard Moore PBS Enterprise Technology.
PRIVATE NETWORK INTERCONNECTION (NAT AND VPN) & IPv6
Sofía Silva Berenguer lacnic.net Paramaribo - Surinam IPv4 Exhaustion And IPv6 Deployment.
Project by: Palak Baid (pb2358) Gaurav Pandey (gip2103) Guided by: Jong Yul Kim.
1 Teredo - Tunneling IPv6 through NATs Date: Speaker: Quincy Wu National Chiao Tung University.
IPv4 Run Out and Transitioning to IPv6 Marco Hogewoning Trainer, RIPE NCC.
Enabling IPv6 in Corporate Intranet Networks
17/10/031 Summary Peer to peer applications and IPv6 Microsoft Three-Degrees IPv6 transition mechanisms used by Three- Degrees: 6to4 Teredo.
Running Out of Space: IPv4 Exhaustion Brian Nisbet Network Operations, HEAnet.
IPv4 Addresses. Internet Protocol: Which version? There are currently two versions of the Internet Protocol in use for the Internet IPv4 (IP Version 4)
Some Observations on CGNs Geoff Huston Chief Scientist APNIC.
Copyright © 1999 Telcordia Technologies All Rights Reserved Christian Huitema An SAIC Company IPv6: Connecting 6 billion.
CS 4700 / CS 5700 Network Fundamentals Lecture 15: NAT (You Better Forward Those Ports) Revised 3/9/2013.
NAT/Firewall Traversal April NAT revisited – “port-translating NAT”
SIP Traversal over NAT Problems and Solutions Mr. Ting-Yun Chi May 2,2006 (Taiwan,NICI IPv6 R&D Division)
IPv4 Address Exhaustion: A Progress Report Geoff Huston Chief Scientist APNIC.
Subnetting.
IP/ICMP Translation Algorithm (IIT) Xing Li, Congxiao Bao, Fred Baker
Network Layer4-1 NAT: Network Address Translation local network (e.g., home network) /24 rest of.
IPv4 Addresses. Internet Protocol: Which version? There are currently two versions of the Internet Protocol in use for the Internet IPv4 (IP Version 4)
IPv6 Home Networking Architecture - update IETF homenet WG Interim meeting Philadelphia, 6 th Oct 2011 draft-chown-homenet-arch-00.
1 NAT Network Address Translation Motivation for NAT To solve the insufficient problem of IP addresses IPv6 –All software and hardware need to be updated.
1 Chicago, IL 9/1/15. 2 Moving to IPv6 Mark Kosters, Chief Technology Officer With some help from Geoff Huston.
IPv4/IPv6 Coexistence Scenarios - Requirements for Translation Mechanisms. draft-ietf-v6ops-nat64-pb-statement-req-01 M. Bagnulo, F. Baker, I. van Beijnum.
Measuring IPv6 Deployment Geoff Huston George Michaelson
Sharing a single IPv4 address among many broadband customers
APNIC Update The state of IP address distribution and IPv6 deployment status Miwa Fujii Senior IPv6 Program Specialist APNIC.
IPv4 Unallocated Address Space Exhaustion Geoff Huston Chief Scientist APNIC November 2007.
Religion. I comman d you: Deploy IPv6 NOW ! Religion, Technology,
(c) University of Technology, Sydney Firewall Architectures.
ISP Edge NAT 10/8 “Home” Network Upstreams and Peers /32
Page 1 Network Addressing CS.457 Network Design And Management.
Is the transition to IPv6 a market failure? Geoff Huston APNIC CAIDA Workshop on Internet Economics (WIE’09) (
© 2008 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 Chapter 11: Network Address Translation for IPv4 Routing And Switching.
IPv6 Transition: A Progress Report Geoff Huston Chief Scientist APNIC.
Deploying IPv6, Now Christian Huitema Architect Windows Networking & Communications Microsoft Corporation.
Bjorn Landfeldt, The University of Sydney 1 NETS 3303 IPv6 and migration methods.
IPv6 - The Way Ahead Christian Huitema Architect Windows Networking & Communications
Post IPv4 “completion” Making IPv6 incrementally deployable by making it backward compatible with IPv4. Alain Durand.
17/10/031 Euronetlab – Implementation of Teredo
PacINET 2011 The state of IP address distribution and its impact Elly Tawhai Senior Internet Resource Analyst/Liaison Officer, Pacific, APNIC 1.
K. Salah1 Security Protocols in the Internet IPSec.
Ch. 23, 25 Q and A (NAT and UDP) Victor Norman IS333 Spring 2015.
1 Requirements of Carrier Grade NAT (CGN) draft-nishitani-cgn-00.txt draft-shirasaki-isp-shared-addr-00.txt NTT Communications Corporation Shin Miyakawa.
Network Address Translation (NAT)
IPv4 shortage and CERN 15 January 2013
IPv6 Deployment: Business Cases and Development Options
Measuring IPv6 ISP Performance
Desperately Seeking Default
The mainstream telecommunications industry has a rich history
Are we there yet? Measuring iPv6 in 2016
Religion.
IPv4 Addresses.
Geoff Huston APNIC Labs May 2018
The IPv4 Consumption Model
An Update on Multihoming in IPv6 Report on IETF Activity
Request for Comments(RFC) 3489
IPv6 Reliability Measurements
Computer Networks Protocols
Presentation transcript:

CGNs in IP What are you going to do about it? Mark Kosters, ARIN Geoff Huston, APNIC

The mainstream telecommunications industry has a rich history

The mainstream telecommunications industry has a rich history …of making very poor technology choices

The mainstream telecommunications industry has a rich history …of making very poor technology guesses and regularly being taken by surprise!

So, how are we going with the IPv4 to IPv6 transition?

The Amazing Success of the Internet 2.3 billion users! 4 online hours per day per user! 4% of the world GDP

The Amazing Success of the Internet 2.3 billion users! 4 online hours per day per user! 4% of the world GDP Time Just about anything about the Internet

Success-Disaster

Fractions of a percent!

The Original IPv6 Plan c IPv6 Deployment Time IPv6 Transition – Dual Stack IPv4 Pool Size Size of the Internet

The Revised IPv6 Plan c IPv6 Deployment 2004 IPv6 Transition – Dual Stack IPv4 Pool Size Size of the Internet Date

Oops! We were meant to have completed the transition to IPv6 BEFORE we completely exhausted the supply channels of IPv4 addresses!

Today’s Plan IPv6 Deployment IPv4 Pool Size Size of the Internet IPv6 Transition Today Time ? 0.8 %

Transition... The downside of an end-to-end architecture:

Transition... The downside of an end-to-end architecture: There is no backwards compatibility across protocol families A V6-only host cannot communicate with a V4-only host

Transition... We have been forced to undertake a “Dual Stack” transition:

Transition... We have been forced to undertake a “Dual Stack” transition: Provision the entire network with both IPv4 AND IPv6

Transition... We have been forced to undertake a “Dual Stack” transition: Provision the entire network with both IPv4 AND IPv6 In Dual Stack hosts configure the hosts’ applications to prefer IPv6 to Ipv4

Transition... We have been forced to undertake a “Dual Stack” transition: Provision the entire network with both IPv4 AND IPv6 In Dual Stack hosts configure the hosts’ applications to prefer IPv6 to Ipv4 When the traffic volumes of IPv4 dwindle to insignificant levels, then its possible to shut down support for IPv4

Dual Stack Transition...

We did not appreciate the operational problems with this dual stack plan while it was just a paper exercise

Dual Stack Transition... We did not appreciate the operational problems with this dual stack plan while it was just a paper exercise The combination of an end host preference for IPv6 and a disconnected set of IPv6 “islands” created operational problems –Protocol “failover” from IPv6 to IPv4 takes between 19 and 108 seconds (depending on the operating system configuration) –This is unacceptably slow Attempting to “bridge” the islands with IPv6-in-IPv4 tunnels created a new collection of IPv6 path MTU Discovery operational problems –There are too many deployed network paths contain firewall filters that block all forms of IMCP, including ICMP6 Packet Too Big Attempts to use end-host IPv6 tunneling also presents operational problems –Widespread use of protocol 41 (IP-in-IP) firewall filters –Path MTU problems

Dual Stack Transition Signal to the ISPs: –Deploy IPv6 and expose your users to operational problems in IPv6 connectivity Or –Delay IPv6 deployment and wait for these operational issues to be solved by someone else So we wait...

And while we wait... The Internet continues its growth And without an abundant supply of IPv4 addresses to support this level of growth then the industry is increasingly reliant on NATs: –Edge NATs are now the defacto choice for residential broadband services at the CPE –ISP NATs are now the defacto choice for 3G and 4G mobile IP services

NATTing the Net In 2012: –The RIRs made 8,547 allocations to LIRs, allocating a total of 114M IPv4 addresses –The routing table grew by 120M addresses –The ISC host survey* indicates a growth of ~60M visible hosts –BUT In 2012 Apple sold ~110M iPhones and ~60M iPads and they have ~30% market share globally This implies that some ~560M mobile devices were sold in the last 12 months –It appears that the NATTed Internet grew by ~550M devices in the last 12 months! *

The Anatomy of NATs NAT “Interior” “Exterior” Public Address Space Private Address Space Translation Table Source address (private) Destination address Source port (private) Destination port Source address (public) Destination address Source port (public) Destination port Source address (private) Destination address Source port (private) Destination port Source address (public) Destination address Source port (public) Destination port

The Anatomy of NATs Translation Table: Interior Exterior Binding Time Protocol Address/Port/Address/Port TCP or UDP Timer Interior IP address and Port number Exterior IP address and Port number

Design Parameters TCP Open NAT Binding: –Interior SYN Access NAT Binding –Symmetric (same exterior IP address, same exterior port) Release NAT Binding: –Interior RST –Interior FIN? –Exterior FIN? –Exterior RST? –Timer? UDP Open NAT Binding –Interior packet Access NAT Binding –Symmetric (same exterior IP address, same exterior port) –Full cone (any exterior IP address, any exterior port)? –Restricted cone (same exterior IP address, any exterior port)? –Port-restricted code (any exterior IP address, same exterior port)? Release NAT Binding: –Timer? Port Control Protocols STUN/TURN PCP relay of UPnP and NAT-PMP

Design Parameters TCP Open NAT Binding: – Interior SYN Access NAT Binding – Symmetric (same exterior IP address, same exterior port) Release NAT Binding: – Interior RST – Interior FIN? – Exterior FIN? – Exterior RST? – Timer? UDP Open NAT Binding – Interior packet Access NAT Binding – Symmetric (same exterior IP address, same exterior port) – Full cone (any exterior IP address, any exterior port)? – Restricted cone (same exterior IP address, any exterior port)? – Port-restricted code (any exterior IP address, same exterior port)? Release NAT Binding: – Timer? Port Control Protocols STUN/TURN PCP relay of UPnP and NAT-PMP Different NATs make different choices in these design parameters Applications then have to “discover” the particular behavioral type in order to perform non-trivial operations This adds delay, complexity and fragility to the service model of the network

Relieved pressure for IPv4 space Is nearly everywhere 2 Party NATs AKA Subscriber-Based NATs Home Network Middl e Box Internet IPv /24 IPv4 Globally Unique Address

Adds a new non-unique realm in the Carrier Adds more complexity but “slows” runout 3 Party NATs AKA Carrier Grade NAT Home Network Edge NAT Internet IPv4 Private Space /24 IPv4 Globally Unique Address Carrier CGN IPv4 Private Space /8

Some Multi-NAT Issues What is the aggregate NAT binding behavior as seen by an application? How can an application “discover” this aggregate binding behaviour? Can an application determine how many NATs (and of what type) are in its data path? Does the carrier need a new private address space that is distinct from RFC1918 address space? How does home-to-home work in this model? Does this model become more complex with 3 NATs in series? Home Network Edge NAT Internet Carrier CGN

How Good Are NATs? 3-party rendezvous: A knows about B and C A tells B to contact C Teredo is a good example here:

NAT Failure How well do NATs perform in supporting an application performing a 3-party rendezvous? –One way to measure this is to test a common 3-party rendezvous application across a large number of clients –So we measured it –And we were pretty surprised

Teredo Failure Rate ICMP Exchange fails to complete ICMP completed, but SYN Exchange fails to complete

It’s NAT Traversal Failure Teredo failure is around 35% of all connection attempts –Obviously, this is unacceptably high! –This is unlikely to be local filtering effects given that Teredo presents to the local NAT as conventional IPv4 UDP packets –More likely is the failure of the Teredo protocol to correctly identify the behaviour mode of the local NAT device –The ICMP failure rate comes from the limited number of UDP NAT traversal models used by the Teredo handshake protocol vs the variance of UDP NAT traversal models used in networks –The SYN failure rate is a result of the Teredo protocol making incorrect assumptions about the NAT’s behaviour

Working with Failure A 35% connection failure is unworkable is almost all circumstances But one particular application can thrive in this environment – Bit Torrent: –The massive redundancy of the data set across multiple sources reduces the sensitivity of individual session failures All other protocols fail under such adverse conditions

CGN Deployment What’s the likely outcome of widespread CGN deployment on today’s Internet? –It’s TCP, UDP or failure! –It’s simple client-server 2-party rendezvous or failure! –It’s network path symmetry, or failure! Really simple transactions in a restricted application environment will still function, but not much else can be assumed to work

What’s the New New Plan? If NATs make the network complex and fragile, And the IPv6 deployment program continued to proceed at a geological pace, Then what are we going to do to make the Internet work for the next 5 years of growth? And don’t say “SDN” Or “OpenFlow”

What’s the New New Plan? How can we pull the Internet though a middleware dense environment for the next 5 years? –What application models are robust in a CGN-dense world –How do CGNs break? –How variable are CGNs? –What will applications need to cope with?

What would help Can we perform wide scale measurements of NAT robustness? Is there improvements that can be learned from testing? How?

And what would not Inaction

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.