150 likes | 346 Views
Requirements of Carrier Grade NAT (CGN) draft-nishitani-cgn-00.txt draft-shirasaki-isp-shared-addr-00.txt. NTT Communications Corporation Shin Miyakawa miyakawa@nttv6.jp Tomohiro Nishitani tomohiro.nishitani@ntt.com. Agenda. Background Concepts of CGN Network design of CGN
E N D
Requirements of Carrier Grade NAT(CGN)draft-nishitani-cgn-00.txtdraft-shirasaki-isp-shared-addr-00.txt NTT Communications Corporation Shin Miyakawa miyakawa@nttv6.jp Tomohiro Nishitani tomohiro.nishitani@ntt.com
Agenda • Background • Concepts of CGN • Network design of CGN • Requirements for CGN • Impact of service using CGN • Conclusion
Background • Because of IPv4 address “completion”, to allocate global IP address for CPEs is going to be difficult within few years. • Basic strategy • Building NAT by ISP and allocating (newly defined) private IP addresses for CPEs • We call this as “Carrier Grade NAT (CGN)”.
Most conservative access model changes- introducing “Carrier-Grade NAT” - Internet Internet Global v4 address Global v4 address Access Concentrator Access Concentrator With NAT FTTH ADSL (newly defined) Private v4 address Global v4 address CPE With NAT CPE With NAT Private v4 address Private v4 address End Host End Host
We need new private space for CGN other than 240/4 • Because we’d like to keep CPE router as is, we can not use 240.0.0.0/4 as CGN’s new private space. • Simply today’s IPv4 implementation does not work well on 240.0.0.0/4 • If CPE router firmware can be upgraded, it means that it can be upgraded to IPv6 compatible. Way better. • “dual stack lite” does not need this but it requires CPE router replacement. This is the pros-and-cons. • We are discussing this issues in • draft-shirasaki-isp-shared-addr-00.txt
It looks v6 is not needed ? • Please do not feel safe. CGN (and any other carrier-grade NAT scheme) has serious restrictions anyway. • This draft is compiled to make CGN useful as much as possible but please note well that IPv6 will be needed eventually. • Discussion will be presented at IAB Technical Plenary on Wednesday.
Concepts of CGN • Basic scheme • Sharing global IP addresses for CPEs • High transparency • No checking and altering application layer data • Dropping as no data as possible • High connectivity • Hairpining • Using UDP/TCP hole punching • Fairness of communication for CPEs • Limiting ports and TCP sessions per CPE • High availability • High scalability Targets of I.D-nishitani-cgn
Network design of CGN STUN/TURN server UDP/TCP hole punching Global IP addresses NW CGN external IP address and port CGN1 CGN2 Hairpining Private IP addresses WAN2 PrivateIP addresses WAN1 CPE2 CPE1 Private IP addresses LAN1 Private IP addresses LAN2
Basic scheme • Sharing global IP address for CPEs • REQ-1: A CGN MUST allocate one external IP address to each CPE. a) CGN external IP address of the UDP, TCP and ICMP MUST be same.
High transparency and high connectivity • To comply with RFC and drafts which describe NAT behavior • REQ-7: A CGN SHOULD comply with [RFC4787] for unicast UDP. • REQ-8: A CGN SHOULD comply with [I-D.ietf-behave-tcp] for TCP. • REQ-9:A CGN SHOULD comply with [I-D.ietf-behave-nat-icmp] for ICMP. • To support DCCP, SCTP and IPsec ESP
Fairness to communicate for CPEs (1/2) • Limiting the number of the CGN external ports of UDP and TCP,TCP sessions and ICMP identifiers • REQ-2 c) • REQ-3 c) • REQ-3 e) • REQ-4 c) • Allocating dynamic ports for CGN external UDP and TCP ports (from 49152 through 65535)
Fairness to communicate for CPEs (2/2) Exceptions of limiting ports and TCP sessions • REQ-5 • Reserving UDP and TCP ports for always-available services • Example of available services: POP3, SMTP, NTP …. • REQ-6 • Topass-through the communication between CPEs and specific hosts • Examples of specific hosts: POP3 server, DNS server, WEB server ….
Impact of service using CGN • Effects of NAT functions • VPN, P2P, VoIP • No using UPnP • Limiting the number of ports, TCP sessions and ICMP identifiers • Using many TCP sessions simultaneously • AJAX, Web site including rich content, P2P • Using many TCP sessions in short time • RSS reader • Sharing global IP addresses for CPEs • API which checks only IP address during authentication
Conclusion • Concepts of CGN • High transparency • High connectivity • Fairness of communication for CPEs • High availability • High scalability • Impact of service using CGN • Effects of NAT functions • Limiting the number of ports and ICMP identifiers • Sharing global IP addresses for CPEs
(Fairness to communicate for CPEs) • REQ-9 a) When a CGN can't establish new session of TCP/UDP by limiting of TCP/UDP ports per user, the CGN sends an ICMP destination unreachable message, with code of 13 (Communication administratively prohibited) to the sender.