1 / 15

NTT Communications Corporation Shin Miyakawa miyakawa@nttv6.jp Tomohiro Nishitani

Requirements of Carrier Grade NAT (CGN) draft-nishitani-cgn-00.txt draft-shirasaki-isp-shared-addr-00.txt. NTT Communications Corporation Shin Miyakawa miyakawa@nttv6.jp Tomohiro Nishitani tomohiro.nishitani@ntt.com. Agenda. Background Concepts of CGN Network design of CGN

leann
Download Presentation

NTT Communications Corporation Shin Miyakawa miyakawa@nttv6.jp Tomohiro Nishitani

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Requirements of Carrier Grade NAT(CGN)draft-nishitani-cgn-00.txtdraft-shirasaki-isp-shared-addr-00.txt NTT Communications Corporation Shin Miyakawa miyakawa@nttv6.jp Tomohiro Nishitani tomohiro.nishitani@ntt.com

  2. Agenda • Background • Concepts of CGN • Network design of CGN • Requirements for CGN • Impact of service using CGN • Conclusion

  3. Background • Because of IPv4 address “completion”, to allocate global IP address for CPEs is going to be difficult within few years. • Basic strategy • Building NAT by ISP and allocating (newly defined) private IP addresses for CPEs • We call this as “Carrier Grade NAT (CGN)”.

  4. Most conservative access model changes- introducing “Carrier-Grade NAT” - Internet Internet Global v4 address Global v4 address Access Concentrator Access Concentrator With NAT FTTH ADSL (newly defined) Private v4 address Global v4 address CPE With NAT CPE With NAT Private v4 address Private v4 address End Host End Host

  5. We need new private space for CGN other than 240/4 • Because we’d like to keep CPE router as is, we can not use 240.0.0.0/4 as CGN’s new private space. • Simply today’s IPv4 implementation does not work well on 240.0.0.0/4 • If CPE router firmware can be upgraded, it means that it can be upgraded to IPv6 compatible. Way better. • “dual stack lite” does not need this but it requires CPE router replacement. This is the pros-and-cons. • We are discussing this issues in • draft-shirasaki-isp-shared-addr-00.txt

  6. It looks v6 is not needed ? • Please do not feel safe. CGN (and any other carrier-grade NAT scheme) has serious restrictions anyway. • This draft is compiled to make CGN useful as much as possible but please note well that IPv6 will be needed eventually. • Discussion will be presented at IAB Technical Plenary on Wednesday.

  7. Concepts of CGN • Basic scheme • Sharing global IP addresses for CPEs • High transparency • No checking and altering application layer data • Dropping as no data as possible • High connectivity • Hairpining • Using UDP/TCP hole punching • Fairness of communication for CPEs • Limiting ports and TCP sessions per CPE • High availability • High scalability Targets of I.D-nishitani-cgn

  8. Network design of CGN STUN/TURN server UDP/TCP hole punching Global IP addresses NW CGN external IP address and port CGN1 CGN2 Hairpining Private IP addresses WAN2 PrivateIP addresses WAN1 CPE2 CPE1 Private IP addresses LAN1 Private IP addresses LAN2

  9. Basic scheme • Sharing global IP address for CPEs • REQ-1: A CGN MUST allocate one external IP address to each CPE. a) CGN external IP address of the UDP, TCP and ICMP MUST be same.

  10. High transparency and high connectivity • To comply with RFC and drafts which describe NAT behavior • REQ-7: A CGN SHOULD comply with [RFC4787] for unicast UDP. • REQ-8: A CGN SHOULD comply with [I-D.ietf-behave-tcp] for TCP. • REQ-9:A CGN SHOULD comply with [I-D.ietf-behave-nat-icmp] for ICMP. • To support DCCP, SCTP and IPsec ESP

  11. Fairness to communicate for CPEs (1/2) • Limiting the number of the CGN external ports of UDP and TCP,TCP sessions and ICMP identifiers • REQ-2 c) • REQ-3 c) • REQ-3 e) • REQ-4 c) • Allocating dynamic ports for CGN external UDP and TCP ports (from 49152 through 65535)

  12. Fairness to communicate for CPEs (2/2) Exceptions of limiting ports and TCP sessions • REQ-5 • Reserving UDP and TCP ports for always-available services • Example of available services: POP3, SMTP, NTP …. • REQ-6 • Topass-through the communication between CPEs and specific hosts • Examples of specific hosts: POP3 server, DNS server, WEB server ….

  13. Impact of service using CGN • Effects of NAT functions • VPN, P2P, VoIP • No using UPnP • Limiting the number of ports, TCP sessions and ICMP identifiers • Using many TCP sessions simultaneously • AJAX, Web site including rich content, P2P • Using many TCP sessions in short time • RSS reader • Sharing global IP addresses for CPEs • API which checks only IP address during authentication

  14. Conclusion • Concepts of CGN • High transparency • High connectivity • Fairness of communication for CPEs • High availability • High scalability • Impact of service using CGN • Effects of NAT functions • Limiting the number of ports and ICMP identifiers • Sharing global IP addresses for CPEs

  15. (Fairness to communicate for CPEs) • REQ-9 a) When a CGN can't establish new session of TCP/UDP by limiting of TCP/UDP ports per user, the CGN sends an ICMP destination unreachable message, with code of 13 (Communication administratively prohibited) to the sender.

More Related