Presentation is loading. Please wait.

Presentation is loading. Please wait.

Impact of Carrier-Grade NAT on Web Browsing

Published byLydia Phillips Modified over 6 years ago

Similar presentations

Presentation on theme: "Impact of Carrier-Grade NAT on Web Browsing"— Presentation transcript:

1 Impact of Carrier-Grade NAT on Web Browsing
Ali Safari Khatouni Marco Mellia Enrico Bocchi Maurizio Munafò Stefano Traverso Dario Rossi Alessandro Finamore Valeria Di Gennaro Do we need the pictures?

2 NAT at a glance - Traditional NAT44
Internet Home NAT * Public IP address worldwide unique registered addresses Private IP addresses unregistered addresses

3 NAT at a glance - Traditional NAT44
Internet Home NAT * Public IP address worldwide unique registered addresses Private IP addresses unregistered addresses

4 …and Carrier Grade NAT – NAT444
Internet Carrier Grade NAT Home NAT ISP subnet becomes a large private network Home routers are assigned private IPs The amount of required public addresses is reduced as well as cost ISP Subnet

5 Carrier Grade NAT (CGN)
The deployment of CGN has some implications: Breaks the end-to-end IP connectivity Introduces reachability problems for NAT-ted devices Need of successful NAT traversal techniques Updates of non-NAT friendly applications Mandates the network keeps the state of the connections Impacts negatively lawful intercept May have performance implications Our investigation goals Does CGN impact users’ browsing experience? Are there any benefits in not having a public IP? Answer with measurements

6 Methodology Do we need the pictures?

7 Methodology roadmap Large scale passive measurement
A real ISP deployment Customers are offered public or private address Traffic monitored to extract performance metrics Leverage statistical tools Collect and compare empirical probability distributions Check and assess eventual differences Focus on Web traffic and performance

8 Monitoring Scenario Dataset
ISP Point of Presence Private Addresses Internet Carrier-Grade NAT Public Addresses Passive Probe Dataset 1 month of real traffic recorded, October 2014 17,000 household monitored, 40% with public IP address 1.7Billion TCP flows, 0.7Billion HTTP requests

9 Measurements Server Household Passive Probe TSYN SYN RTT SYN-ACK TWHT
TEstablish ACK TRequest HTTP GET TTFB ACK HTTP RESPONSE TResponse THROUGHPUT TLast Time

10 Assessing the Impact of CGN
Consider 9 performance metrics Measure distinct probability distributions for each metric Tied to private and public households Jensen-Shannon Divergence Quantify the difference between a pair of probability distributions Based on the Kullback-Leibler divergence Symmetric Bounded to finite value

11 Jensen-Shannon Calibration
Need of a threshold to discriminate between significant and negligible differences Calibration with: Negexp CDF λ0 = 1, fixed λ1 varies [1 ÷ 8]

12 Jensen-Shannon Calibration
Recommendations to avoid bias: Tool calibration to avoid measurement artifacts Adequate binning strategy Relevant population size Distribution samples are TCP flows Dataset 1.7B TCP flows 0.7B HTTP requests

13 Performance Metrics Analysis
Do we need the pictures?

14 Performance Metrics – TWHT
Service JS Div All 0.002 Phobos 0.016 Google.com 0.010 Three Way Handshake Time (TWHT) Any remote server (all) iTunes contents (phobos.apple.com - Akamai) Google Search (Google.com)

15 Performance Metrics – Throughput
Three Way Handshake Time (TWHT) Download Throughput Any remote server (all) iTunes contents (phobos.apple.com - Akamai) Tumblr Blogging Platform (Tumblr.com) Service JS Div All 0.001 Phobos 0.022 Tumblr 0.021

16 Performance Metrics – Number of Hops
Three Way Handshake Time (TWHT) Download Throughput Number of Hops Any remote server (all) iTunes contents (phobos.apple.com - Akamai) Google Search (Google.com) Service JS Div All 0.223 Phobos 0.689 Google.com 0.666 Only metric showing noteworthy differences 4 hops more for private customers Affecting any service being contacted

17 Jensen-Shannon Results
Three intervals identified Significant differences JSdiv ≥ 0.1 Noticeable differences 0.02 ≤ JSdiv < 0.1 Negligible differences JSdiv < 0.02 Metric Any Server Google.com Phobos.com Number of Hops 0.223 0.666 0.689 Latency (RTT) 0.001 0.006 0.007 Establish (TWHT) 0.002 0.010 0.016 HTTP 1st (TTFB) Throughput - 0.022 Number of SYN <0.001 Out of Sequence Duplicates Our investigation goals Does CGN impact users’ browsing experience? We observe no significant impact Are there any benefits in not having a public IP?

18 Benefits of having a Public / Private IP address
Do we need the pictures?

19 Only 0.6% of customers runs servers at home
Active Servers Does the customer need IPv4 reachability? Is there any ISP customer running a server at home? Detection technique Look for customers answering at least one incoming connection Protocols: HTTP(S), IMAP(S), POP(S), SMTP(S) No P2P Only 0.6% of customers runs servers at home

20 Saving in IP addresses using NAT
How many active IP are present? Assume an idle timer of 5min at the CGN Active: generated one connection in the last 5min Customer base: ~17000 Max concurrently active: ~7000 Saving due to CGN: ~60%

21 Possible saving (with 65k ports)
What about PAT? How many concurrent connection? Concurrent: active in the past 5 min 95% have less than 600 99% have less than 2400 Worst case have more than 20000 Possible saving (with 65k ports) 95% ok => 100x 99% ok => 27x Worst case => 1x

22 Conclusions Goal: assess the impact of CGN on users’ web browsing
Large scale passive measurements Multiple performance metrics considered Jensen Shannon to pinpoint relevant statistical differences CGN does not harm users’ web browsing Current investigations How to correctly dimension CGN and what is the saving in IPv4 address? Is there any implications on P2P traffic?

23 Questions? ali.safari@polito.it http://www.ict-mplane.eu
Do we need the pictures?

24 Unsolicited Traffic ? What about unsolicited traffic?
How many home routers are victims of port-/net- scans? ? Private Addresses Carrier-Grade NAT Public Addresses Compile a list of potential attackers Remote hosts sending TCP-SYN messages to more than 50 IPs in the PoP Focus on destination ports with well-known services or vulnerabilities

25 Percentage of victims in PoP
Unsolicited Traffic Destination Port Description Percentage of victims in PoP PRI PUB 80 HTTP 1.8 78.5 443 HTTP Secure (HTTPS) 0.1 78.9 143 Internet Message Access Protocol (IMAP) <0.1 79.3 995 Post Office Protocol (POP3 over SSL) 79.2 25 Simple Mail Transfer Protocol (SMTP) 79.0 22 Secure Shell (SSH) 135 MS Remote Procedure Call 3389 MS Windows Remote Desktop 1433 MS SQL Server 3306 MySQL Server 445 MS Active Directory Our investigation goals Does CGN impact users’ browsing experience? Are there any benefits in not having a public IP? 0.6% of customers needs IPv4 reachability Public IPs are 80x more likely to be victim of attacks

Download ppt "Impact of Carrier-Grade NAT on Web Browsing"

Similar presentations

Fred P. Baker CCIE, CCIP(security), CCSA, MCSE+I, MCSE(2000)

Fred P. Baker CCIE, CCIP(security), CCSA, MCSE+I, MCSE(2000)
CST 415 - Computer Networks NAT CST 415 4/10/2017 CST 415 - Computer Networks.

CST Computer Networks NAT CST 415 4/10/2017 CST Computer Networks.
Code-Red : a case study on the spread and victims of an Internet worm David Moore, Colleen Shannon, Jeffery Brown Jonghyun Kim.

Code-Red : a case study on the spread and victims of an Internet worm David Moore, Colleen Shannon, Jeffery Brown Jonghyun Kim.
Suneeta Chawla Web Security Presentation Topic : IP Spoofing Date : 03/24/04.

Suneeta Chawla Web Security Presentation Topic : IP Spoofing Date : 03/24/04.
Lesson 18-Internet Architecture. Overview Internet services. Develop a communications architecture. Design a demilitarized zone. Understand network address.

Lesson 18-Internet Architecture. Overview Internet services. Develop a communications architecture. Design a demilitarized zone. Understand network address.
Introduction to Management Information Systems Chapter 5 Data Communications and Internet Technology HTM 304 Fall 07.

Introduction to Management Information Systems Chapter 5 Data Communications and Internet Technology HTM 304 Fall 07.
FIREWALLS & NETWORK SECURITY with Intrusion Detection and VPNs, 2 nd ed. 6 Packet Filtering By Whitman, Mattord, & Austin© 2008 Course Technology.

FIREWALLS & NETWORK SECURITY with Intrusion Detection and VPNs, 2 nd ed. 6 Packet Filtering By Whitman, Mattord, & Austin© 2008 Course Technology.
Middleboxes & Network Appliances EE122 TAs Past and Present.

Middleboxes & Network Appliances EE122 TAs Past and Present.
CN2668 Routers and Switches Kemtis Kunanuraksapong MSIS with Distinction MCTS, MCDST, MCP, A+

CN2668 Routers and Switches Kemtis Kunanuraksapong MSIS with Distinction MCTS, MCDST, MCP, A+
Forensic and Investigative Accounting

Forensic and Investigative Accounting
Packet Filtering. 2 Objectives Describe packets and packet filtering Explain the approaches to packet filtering Recommend specific filtering rules.

Packet Filtering. 2 Objectives Describe packets and packet filtering Explain the approaches to packet filtering Recommend specific filtering rules.
Internet-Based Client Access

Internet-Based Client Access
Syllabus outcomes 5.2.1 Describes and applies problem-solving processes when creating solutions. 5.2.2 Designs, produces and evaluates appropriate solutions.

Syllabus outcomes Describes and applies problem-solving processes when creating solutions Designs, produces and evaluates appropriate solutions.
 TCP/IP is the communication protocol for the Internet  TCP/IP defines how electronic devices should be connected to the Internet, and how data should.

 TCP/IP is the communication protocol for the Internet  TCP/IP defines how electronic devices should be connected to the Internet, and how data should.
Network Protocols. Why Protocols?  Rules and procedures to govern communication Some for transferring data Some for transferring data Some for route.

Network Protocols. Why Protocols?  Rules and procedures to govern communication Some for transferring data Some for transferring data Some for route.
Chapter 6: Packet Filtering

Chapter 6: Packet Filtering
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.1 ISP Services Working at a Small-to-Medium Business or ISP – Chapter 7.

© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.1 ISP Services Working at a Small-to-Medium Business or ISP – Chapter 7.
1 Semester 2 Module 10 Intermediate TCP/IP Yuda college of business James Chen

1 Semester 2 Module 10 Intermediate TCP/IP Yuda college of business James Chen
CCNA1 v3 Module 11 v3 CCNA 1 Module 11 JEOPARDY S Dow.

CCNA1 v3 Module 11 v3 CCNA 1 Module 11 JEOPARDY S Dow.
Forensic and Investigative Accounting Chapter 14 Internet Forensics Analysis: Profiling the Cybercriminal © 2005, CCH INCORPORATED 4025 W. Peterson Ave.

Forensic and Investigative Accounting Chapter 14 Internet Forensics Analysis: Profiling the Cybercriminal © 2005, CCH INCORPORATED 4025 W. Peterson Ave.

Similar presentations

Ads by Google