Presentation is loading. Please wait.

Presentation is loading. Please wait.

1 Requirements of Carrier Grade NAT (CGN) draft-nishitani-cgn-00.txt draft-shirasaki-isp-shared-addr-00.txt NTT Communications Corporation Shin Miyakawa.

Published byGeoffrey Flynn Modified over 8 years ago

Similar presentations

Presentation on theme: "1 Requirements of Carrier Grade NAT (CGN) draft-nishitani-cgn-00.txt draft-shirasaki-isp-shared-addr-00.txt NTT Communications Corporation Shin Miyakawa."— Presentation transcript:

1 1 Requirements of Carrier Grade NAT (CGN) draft-nishitani-cgn-00.txt draft-shirasaki-isp-shared-addr-00.txt NTT Communications Corporation Shin Miyakawa miyakawa@nttv6.jp Tomohiro Nishitani tomohiro.nishitani@ntt.com

2 2 Agenda Background Concepts of CGN Network design of CGN Requirements for CGN Impact of service using CGN Conclusion

3 3 Background Because of IPv4 address “completion”, to allocate global IP address for CPEs is going to be difficult within few years. Basic strategy  Building NAT by ISP and allocating (newly defined) private IP addresses for CPEs  We call this as “Carrier Grade NAT (CGN)”.

4 Most conservative access model changes - introducing “Carrier-Grade NAT” - Access Concentrator Internet Global v4 address CPE With NAT Global v4 address End Host Private v4 address FTTH ADSL Access Concentrator With NAT Internet Global v4 address CPE With NAT (newly defined) Private v4 address End Host Private v4 address

5 We need new private space for CGN other than 240/4 Because we’d like to keep CPE router as is, we can not use 240.0.0.0/4 as CGN’s new private space.  Simply today’s IPv4 implementation does not work well on 240.0.0.0/4  If CPE router firmware can be upgraded, it means that it can be upgraded to IPv6 compatible. Way better. “dual stack lite” does not need this but it requires CPE router replacement. This is the pros-and- cons. We are discussing this issues in  draft-shirasaki-isp-shared-addr-00.txt

6 It looks v6 is not needed ? Please do not feel safe. CGN (and any other carrier-grade NAT scheme) has serious restrictions anyway. This draft is compiled to make CGN useful as much as possible but please note well that IPv6 will be needed eventually.  Discussion will be presented at IAB Technical Plenary on Wednesday.

7 7 Concepts of CGN Basic scheme  Sharing global IP addresses for CPEs High transparency  No checking and altering application layer data  Dropping as no data as possible High connectivity  Hairpining  Using UDP/TCP hole punching Fairness of communication for CPEs  Limiting ports and TCP sessions per CPE High availability High scalability Targets of I.D-nishitani-cgn

8 8 Network design of CGN Private IP addresses WAN 1 Private IP addresses LAN 1 CPE 1 Private IP addresses WAN2 Private IP addresses LAN 2 CPE 2 CGN 1 CGN 2 Global IP addresses NW STUN/TURN server UDP/TCP hole punching Hairpining CGN external IP address and port

9 9 Basic scheme Sharing global IP address for CPEs  REQ-1: A CGN MUST allocate one external IP address to each CPE. a) CGN external IP address of the UDP, TCP and ICMP MUST be same.

10 10 High transparency and high connectivity To comply with RFC and drafts which describe NAT behavior  REQ-7: A CGN SHOULD comply with [RFC4787] for unicast UDP.  REQ-8: A CGN SHOULD comply with [I-D.ietf-behave-tcp] for TCP.  REQ-9:A CGN SHOULD comply with [I-D.ietf-behave-nat-icmp] for ICMP. To support DCCP, SCTP and IPsec ESP

11 11 Fairness to communicate for CPEs (1/2) Limiting the number of the CGN external ports of UDP and TCP,TCP sessions and ICMP identifiers  REQ-2 c)  REQ-3 c)  REQ-3 e)  REQ-4 c) Allocating dynamic ports for CGN external UDP and TCP ports (from 49152 through 65535)

12 12 Fairness to communicate for CPEs (2/2) Exceptions of limiting ports and TCP sessions REQ-5  Reserving UDP and TCP ports for always-available services  Example of available services: POP3, SMTP, NTP …. REQ-6  To pass-through the communication between CPEs and specific hosts  Examples of specific hosts: POP3 server, DNS server, WEB server ….

13 13 Impact of service using CGN 1. Effects of NAT functions  VPN, P2P, VoIP  No using UPnP 2. Limiting the number of ports, TCP sessions and ICMP identifiers  Using many TCP sessions simultaneously AJAX, Web site including rich content, P2P  Using many TCP sessions in short time RSS reader 3. Sharing global IP addresses for CPEs  API which checks only IP address during authentication

14 14 Conclusion Concepts of CGN  High transparency  High connectivity  Fairness of communication for CPEs  High availability  High scalability Impact of service using CGN  Effects of NAT functions  Limiting the number of ports and ICMP identifiers  Sharing global IP addresses for CPEs

15 15 ( Fairness to communicate for CPEs ) REQ-9 a) When a CGN can't establish new session of TCP/UDP by limiting of TCP/UDP ports per user, the CGN sends an ICMP destination unreachable message, with code of 13 (Communication administratively prohibited) to the sender.

Download ppt "1 Requirements of Carrier Grade NAT (CGN) draft-nishitani-cgn-00.txt draft-shirasaki-isp-shared-addr-00.txt NTT Communications Corporation Shin Miyakawa."

Similar presentations

CST 415 - Computer Networks NAT CST 415 4/10/2017 CST 415 - Computer Networks.

CST Computer Networks NAT CST 415 4/10/2017 CST Computer Networks.
CPSC 441 - Network Layer4-1 IP addresses: how to get one? Q: How does a host get IP address? r hard-coded by system admin in a file m Windows: control-panel->network->configuration-

CPSC Network Layer4-1 IP addresses: how to get one? Q: How does a host get IP address? r hard-coded by system admin in a file m Windows: control-panel->network->configuration-
Transitioning to IPv6 April 15,2005 Presented By: Richard Moore PBS Enterprise Technology.

Transitioning to IPv6 April 15,2005 Presented By: Richard Moore PBS Enterprise Technology.
1 Ports and IPv6. 2 Ports Transmission Control Protocol (TCP) or the User Datagram Protocol (UDP), used for communication Generally speaking, a computer.

1 Ports and IPv6. 2 Ports Transmission Control Protocol (TCP) or the User Datagram Protocol (UDP), used for communication Generally speaking, a computer.
Halifax, 31 Oct – 3 Nov 2011 ICT Accessibility For All 4over6 technology for IPv6 transition Yong CUI CCSA (Tsinghua University) Document No: GSC16-PLEN-71.

Halifax, 31 Oct – 3 Nov 2011 ICT Accessibility For All 4over6 technology for IPv6 transition Yong CUI CCSA (Tsinghua University) Document No: GSC16-PLEN-71.
© 2008 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 W. Schulte Chapter 5: Network Address Translation for IPv4  Connecting.

© 2008 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 W. Schulte Chapter 5: Network Address Translation for IPv4  Connecting.
1 Teredo - Tunneling IPv6 through NATs Date: 2003-10-31 Speaker: Quincy Wu National Chiao Tung University.

1 Teredo - Tunneling IPv6 through NATs Date: Speaker: Quincy Wu National Chiao Tung University.
Addressing the Network IPv4

Addressing the Network IPv4
Enabling IPv6 in Corporate Intranet Networks

Enabling IPv6 in Corporate Intranet Networks
CS 4700 / CS 5700 Network Fundamentals Lecture 15: NAT (You Better Forward Those Ports) Revised 3/9/2013.

CS 4700 / CS 5700 Network Fundamentals Lecture 15: NAT (You Better Forward Those Ports) Revised 3/9/2013.
Securing Remote PC Access to UNIX/Linux Hosts with VPN or SSH Charles T. Moetului WRQ, Inc. (206) 217-7048

Securing Remote PC Access to UNIX/Linux Hosts with VPN or SSH Charles T. Moetului WRQ, Inc. (206)
SIP Traversal over NAT Problems and Solutions Mr. Ting-Yun Chi May 2,2006 (Taiwan,NICI IPv6 R&D Division)

SIP Traversal over NAT Problems and Solutions Mr. Ting-Yun Chi May 2,2006 (Taiwan,NICI IPv6 R&D Division)
ISP SP Network Egress Points Ingress Point Protocol-Specific Egress Decision IP Header Payload Transit Header IP Header Payload IP Header Payload.

ISP SP Network Egress Points Ingress Point Protocol-Specific Egress Decision IP Header Payload Transit Header IP Header Payload IP Header Payload.
NAT TRAVERSAL FOR IPSEC Research Seminar on Datacommunications Software HIIT 09.11.2005.

NAT TRAVERSAL FOR IPSEC Research Seminar on Datacommunications Software HIIT
Computer Networks An Overview. A Computer Network!

Computer Networks An Overview. A Computer Network!
1 Internet Networking Spring 2004 Tutorial 13 LSNAT - Load Sharing NAT (RFC 2391)

1 Internet Networking Spring 2004 Tutorial 13 LSNAT - Load Sharing NAT (RFC 2391)
K. Salah 1 Chapter 31 Security in the Internet. K. Salah 2 Figure 31.5 Position of TLS Transport Layer Security (TLS) was designed to provide security.

K. Salah 1 Chapter 31 Security in the Internet. K. Salah 2 Figure 31.5 Position of TLS Transport Layer Security (TLS) was designed to provide security.
COS 420 Day 18. Agenda Assignment 4 Posted Chap 16-20 Due April 6 Group project program requirements Submitted but Needs lots of work Individual Project.

COS 420 Day 18. Agenda Assignment 4 Posted Chap Due April 6 Group project program requirements Submitted but Needs lots of work Individual Project.
NAT: Network Address Translation 10.0.0.1 10.0.0.2 10.0.0.3 10.0.0.4 138.76.29.7 local network (e.g., home network) 10.0.0/24 rest of Internet Datagrams.

NAT: Network Address Translation local network (e.g., home network) /24 rest of Internet Datagrams.
Understanding Networks. Objectives Compare client and network operating systems Learn about local area network technologies, including Ethernet, Token.

Understanding Networks. Objectives Compare client and network operating systems Learn about local area network technologies, including Ethernet, Token.

Similar presentations

Ads by Google