Presentation is loading. Please wait.

Presentation is loading. Please wait.

Carrier Grade NATs Geoff Huston APNIC. What’s the Problem While hard numbers are hard to come by, its likely that more than 90% of the Internet clients.

Published byAlfred Chivington Modified over 10 years ago

Similar presentations

Presentation on theme: "Carrier Grade NATs Geoff Huston APNIC. What’s the Problem While hard numbers are hard to come by, its likely that more than 90% of the Internet clients."— Presentation transcript:

1 Carrier Grade NATs Geoff Huston APNIC

2 What’s the Problem While hard numbers are hard to come by, its likely that more than 90% of the Internet clients using the IPv4 Internet do so from behind a NAT. 5% sit behind CGNs that morph the end user IP address within 10 seconds Nats have been prevalent for the past decade, so it’s a little late to try and say “stop!” at this point in time So in some sense criticizing NATs and saying that they’re bad is like criticizing reality, and the pragmatic approach is to get over it and move on But…

3 Why NATs are a problem There is a mindset and a regulatory approach to communications that does not mesh with this form of NAT use on the Internet Lets look at the phone network: – Every handset has a phone number – This association is stable and long lived – Telephone numbers identify endpoints to conversations that occur on the network

4 Why are NATs a Problem We used to run the Internet this way But we started running out of addresses, so we started sharing them So we divided the Internet into clients and servers – Servers have stable IP addresses – Clients do not Clients borrow an address for a conversation Different conversations use different addresses The same IP address can be used by many clients at the same time Clients are not identifiable by the network And we said its just TCP and UDP and no more

5 The NATted Internet Addresses are not end point identification tokens They are ephemeral conversation tokens that have no lasting significance So what?

6 Implications Network level Data Retention is an exercise in futility when NATs are present – Implications for LEAs, security agencies and similar – There are opaque communications environments, and certainly environments that use header address transforms aid in this opacity Viewed from the perspective of the application designer, the Network is increasingly untrustable – Applications are forced to use different approaches for persistent end point identity And hide them from the network – Applications hide their true behaviour and masquerade into NAT-friendly behaviours TCP Muxing, payload encryption Application behaviour is moderated by gateways, helpers and middleware fragility barriers to entry no longer an open and accessible marketplace for new approaches and technologies

7 Where and How does this stop In Theory the universal adoption of IPv6 would allow NATs to be dismantled But we have no idea when or how we get to that point And each day the network grows, and that growth can only be absorbed by even further deployment of NATs

Download ppt "Carrier Grade NATs Geoff Huston APNIC. What’s the Problem While hard numbers are hard to come by, its likely that more than 90% of the Internet clients."

Similar presentations

Policy Aspects of the Transition to IPv6 Geoff Huston Chief Scientist, APNIC.

Policy Aspects of the Transition to IPv6 Geoff Huston Chief Scientist, APNIC.
Secure Internet Solutions Geoff Huston Chief Scientist, Internet Telstra.

Secure Internet Solutions Geoff Huston Chief Scientist, Internet Telstra.
Where are we with IPv6? Geoff Huston APNIC. The minister for communications and information technology does not believe that regulatory intervention is.

Where are we with IPv6? Geoff Huston APNIC. The minister for communications and information technology does not believe that regulatory intervention is.
1 Ports and IPv6. 2 Ports Transmission Control Protocol (TCP) or the User Datagram Protocol (UDP), used for communication Generally speaking, a computer.

1 Ports and IPv6. 2 Ports Transmission Control Protocol (TCP) or the User Datagram Protocol (UDP), used for communication Generally speaking, a computer.
Enabling IPv6 in Corporate Intranet Networks

Enabling IPv6 in Corporate Intranet Networks
1 Internet Evolution and IPv6 Paul Wilson APNIC. 2 Overview Where is IPv6 today? –In deployment –In the industry Do we actually need it? –If so, why and.

1 Internet Evolution and IPv6 Paul Wilson APNIC. 2 Overview Where is IPv6 today? –In deployment –In the industry Do we actually need it? –If so, why and.
Comparing IPv4 and IPv6 from the perspective of BGP dynamic activity Geoff Huston APNIC February 2012.

Comparing IPv4 and IPv6 from the perspective of BGP dynamic activity Geoff Huston APNIC February 2012.
Some Observations on CGNs Geoff Huston Chief Scientist APNIC.

Some Observations on CGNs Geoff Huston Chief Scientist APNIC.
1 Internet Evolution and IPv6 Paul Wilson APNIC. 2 Overview Where is IPv6 today? –Address space deployment –Compared with IPv4 Do we actually need IPv6?

1 Internet Evolution and IPv6 Paul Wilson APNIC. 2 Overview Where is IPv6 today? –Address space deployment –Compared with IPv4 Do we actually need IPv6?
1 © 2004 Cisco Systems, Inc. All rights reserved. Making NATs work for Online Gaming and VoIP Dr. Cullen Jennings

1 © 2004 Cisco Systems, Inc. All rights reserved. Making NATs work for Online Gaming and VoIP Dr. Cullen Jennings
H. 323 and firewalls: Problem Statement and Solution Framework Author: Melinda Shore, Nokia Presenter: Shannon McCracken.

H. 323 and firewalls: Problem Statement and Solution Framework Author: Melinda Shore, Nokia Presenter: Shannon McCracken.
NAT TRAVERSAL FOR IPSEC Research Seminar on Datacommunications Software HIIT 09.11.2005.

NAT TRAVERSAL FOR IPSEC Research Seminar on Datacommunications Software HIIT
A Question of Protocol Geoff Huston APNIC. Originally there was RFC791:

A Question of Protocol Geoff Huston APNIC. Originally there was RFC791:
Public Policy Issues in the Communications and Infrastructure Services Policy area Geoff Huston APNIC June 2011.

Public Policy Issues in the Communications and Infrastructure Services Policy area Geoff Huston APNIC June 2011.
Skills: Concepts: layered protocols, transport layer functions, TCP and UDP protocols, isochronous applications This work is licensed under a Creative.

Skills: Concepts: layered protocols, transport layer functions, TCP and UDP protocols, isochronous applications This work is licensed under a Creative.
Geoff Huston Chief Scientist, Asia Pacific Network Information Centre IPv6 Workshop European Digital Agenda Assembly June 2011.

Geoff Huston Chief Scientist, Asia Pacific Network Information Centre IPv6 Workshop European Digital Agenda Assembly June 2011.
NAT (Network Address Translator) Atif Karamat In the name of God the most merciful and the most compassionate.

NAT (Network Address Translator) Atif Karamat In the name of God the most merciful and the most compassionate.
Security Forum 2001John Kristoff - DePaul University1 Network Firewalls John Kristoff +1 312 362-5878 DePaul University Chicago, IL 60604.

Security Forum 2001John Kristoff - DePaul University1 Network Firewalls John Kristoff DePaul University Chicago, IL
Circuit & Application Level Gateways CS-431 Dick Steflik.

Circuit & Application Level Gateways CS-431 Dick Steflik.
Section 461.  ARP  Ghostbusters  Grew up in Lexington, KY  Enjoy stargazing, cycling, and mushroom hunting  Met Mario once (long time ago)

Section 461.  ARP  Ghostbusters  Grew up in Lexington, KY  Enjoy stargazing, cycling, and mushroom hunting  Met Mario once (long time ago)

Similar presentations

Ads by Google