a multi perspective analysis of carrier grade nat
play

A Multi-Perspective Analysis of Carrier-Grade NAT Deployment @RIPE - PowerPoint PPT Presentation

Aug 25, 2022 •345 likes •775 views

A Multi-Perspective Analysis of Carrier-Grade NAT Deployment @RIPE 73, Madrid, 2016. Philipp Richter, Florian Wohlfart, Narseo Vallina-Rodriguez, Mark Allman, Randy Bush, Anja Feldmann, Christian Kreibich, Nicholas Weaver, and Vern Paxson. to

  1. A Multi-Perspective Analysis of Carrier-Grade NAT Deployment @RIPE 73, Madrid, 2016. Philipp Richter, Florian Wohlfart, Narseo Vallina-Rodriguez, Mark Allman, Randy Bush, Anja Feldmann, Christian Kreibich, Nicholas Weaver, and Vern Paxson. to appear in ACM IMC 2016 . https://arxiv.org/abs/1605.05606 Philipp Richter | TU Berlin

  2. IPv4 Address Space Exhaustion 4 out of 5 RIRs exhausted. Less than ~2% of the IPv4 space is still unallocated. Philipp Richter | TU Berlin 1 https://arxiv.org/abs/1605.05606

  3. What happens now and what do we know? Transition to IPv6 → plenty of measurements and statistics available Buy IPv4 → transfer statistics available from the RIRs Use IPv4 Carrier-Grade NAT → no deployment statistics available → little is known about CGN configurations Philipp Richter | TU Berlin 2 https://arxiv.org/abs/1605.05606

  4. What happens now and what do we know? Transition to IPv6 → plenty of measurements and statistics available Buy IPv4 → transfer statistics available from the RIRs Use IPv4 Carrier-Grade NAT → no deployment statistics available → little is known about CGN configurations Philipp Richter | TU Berlin 2 https://arxiv.org/abs/1605.05606

  5. ISP Survey We asked ISPs about IPv4 Carrier-Grade NAT • More than 75 ISPs from all regions of the world replied • Range from small rural ISPs in Africa up to Fortune 50 companies Philipp Richter | TU Berlin 3 https://arxiv.org/abs/1605.05606

  6. ISP Survey We asked ISPs about IPv4 Carrier-Grade NAT • More than 75 ISPs from all regions of the world replied • Range from small rural ISPs in Africa up to Fortune 50 companies Did you or do you plan to deploy 
 IPv4 Carrier-Grade NAT? yes, already deployed considering 38% deployment 12% 50% no plans to deploy Philipp Richter | TU Berlin 3 https://arxiv.org/abs/1605.05606

  7. ISP Survey: CGN Specifics Do you have operational concerns about CGN? • Subscribers experience problems with application (e.g., gaming) • Traceability of users behind CGN • Issues with CGN IP addresses getting blacklisted Major challenges/caveats when configuring CGNs? • Troubleshooting connectivity issues • Resource allocation, quotas and port ranges per subscriber • Internal address space fragmentation and shortage (e.g., RFC1918) Philipp Richter | TU Berlin 4 https://arxiv.org/abs/1605.05606

  8. ISP Survey: CGN Specifics ISP Survey: Comments (Free Text Field) “well, NAT s*cks, but there's not much of an alternative” Do you have operational concerns about CGN? • Subscribers experience problems with application (e.g., gaming) • Traceability of users behind CGN • Issues with CGN IP addresses getting blacklisting “CGN is bad enough, but IPv6 is still an afterthought for most and usually quite problematic so it's not worth it yet” Major challenges/caveats when configuring CGNs? • Dimensioning CGNs: • Allocating IP addresses/ports to subscribers, quotas per subscriber • Distributed vs. Centralized CGN Infrastructure “In Russia, ISPs prefer to just add CGNs when they run out of space • Troubleshooting connectivity issues and charge a small subset of customers for a public IP address” • Hardware limitations (memory/CPU) Philipp Richter | INET / TU Berlin

  9. Motivation and Objectives Motivation • CGNs seems to be widely deployed • ISPs voiced concerns about CGN configuration/operation • No broad and systematic studies available Objectives • Develop methods to detect CGN presence “in the wild” • Develop methods to extract properties from detected CGNs • Illuminate the current status of CGN deployment in the Internet Philipp Richter | TU Berlin 6 https://arxiv.org/abs/1605.05606

  10. NATs between Subscribers and the Internet Subscriber ISP Internet NAT44 
 internal space e.g., 192.168.0.0/16 CPE (subscriber-side) NAT public IPv4 public IPv4 Philipp Richter | TU Berlin 7 https://arxiv.org/abs/1605.05606

  11. NATs between Subscribers and the Internet Subscriber ISP Internet NAT44 
 internal space e.g., 192.168.0.0/16 CPE (subscriber-side) NAT public IPv4 Carrier-Grade public IPv4 NAT NAT44 
 internal space (carrier-side) e.g., 10.0.0.0/8 NAT444 
 (subscriber-side 
 internal space e.g., 192.168.0.0/16 CPE and 
 carrier-side) NAT Philipp Richter | TU Berlin 7 https://arxiv.org/abs/1605.05606

  12. Agenda • ISP Survey • Detecting CGN Presence • From the Outside via BitTorrent • From the Inside via Netalyzr • CGN Deployment Statistics • CGN Properties • Conclusion Philipp Richter | TU Berlin https://arxiv.org/abs/1605.05606

  13. The BitTorrent DHT tracker 130.149.1.1:6881 130.149.1.2:6882 130.149.1.3:6883 give me peers for torrent XYZ classic BitTorrent Tracker stores peer contact information 
 (IP:port) Philipp Richter | TU Berlin 8 https://arxiv.org/abs/1605.05606

  14. The BitTorrent DHT give me peers tracker 130.149.1.1:6881 130.149.1.2:6882 130.149.1.3:6883 130.149.1.2:6882 130.149.1.3:6883 give me peers for … torrent XYZ classic BitTorrent BitTorrent DHT: Tracker stores peer Peers store each others’ contact information 
 contact information (IP:port) (IP:port, nodeid) Philipp Richter | TU Berlin 8 https://arxiv.org/abs/1605.05606

  15. The BitTorrent DHT give me peers tracker 130.149.1.1:6881 130.149.1.2:6882 130.149.1.3:6883 130.149.1.2:6882 130.149.1.3:6883 give me peers for … torrent XYZ classic BitTorrent BitTorrent DHT: Tracker stores peer Peers store each others’ contact information 
 contact information (IP:port) (IP:port, nodeid) We can use DHT peers as vantage points Philipp Richter | TU Berlin 8 https://arxiv.org/abs/1605.05606

  16. Crawling the BitTorrent DHT give me peers DHT crawler Philipp Richter | TU Berlin 9 https://arxiv.org/abs/1605.05606

  17. Crawling the BitTorrent DHT i can reach peer 25fc at 130.149.1.2:6881 peer 492c at 190.2.0.1:6881 … DHT crawler Philipp Richter | TU Berlin 9 https://arxiv.org/abs/1605.05606

  18. Crawling the BitTorrent DHT i can reach peer 25fc at 130.149.1.2:6881 peer 492c at 190.2.0.1:6881 … DHT NAT crawler a82d i can reach peer id a82d at 10.53.37.4:6881 … Some peers leak us internal IP addresses of other peers Philipp Richter | TU Berlin 9 https://arxiv.org/abs/1605.05606

  19. Crawling the BitTorrent DHT i can reach peer 25fc at 130.149.1.2:6881 peer 492c at 190.2.0.1:6881 … DHT NAT crawler a82d i can reach peer id a82d at 10.53.37.4:6881 … Some peers leak us internal IP addresses of other peers within 1 week: more than 700.000 peers in 5.000 ASes! Philipp Richter | TU Berlin 9 https://arxiv.org/abs/1605.05606

  20. Understanding Leakage Relationships A B 130.149.1.1:6881 a82d 10.53.37.4:6881 i can reach peer id a82d at 10.53.37.4:6881 DHT crawler … we construct a graph of leaking relationships a82d 130.149.1.1:6881 10.53.37.4:6881 B A …now we look these graphs on a per-AS basis Philipp Richter | TU Berlin 10 https://arxiv.org/abs/1605.05606

  21. BitTorrent Peer Leakage Graph CGN-negative AS CGN-positive AS Philipp Richter | TU Berlin 11 https://arxiv.org/abs/1605.05606

  22. Detecting CGNs with BitTorrent • We test more than 2700 ASes with this methodology • Conservative thresholds: We detect CGN in 250+ ASes Benefits Caveats • broad coverage • need BitTorrent activity • no probing devices needed • not all CGNs show up • cellular networks? Philipp Richter | TU Berlin 12 https://arxiv.org/abs/1605.05606

  23. Agenda • ISP Survey • Detecting CGN Presence • From the Outside via BitTorrent • From the Inside via Netalyzr • CGN Deployment Statistics • Dominant Characteristics of deployed CGNs • Conclusion Philipp Richter | TU Berlin https://arxiv.org/abs/1605.05606

  24. Netalyzr What is Netalyzr? • Network Troubleshooting Suite developed by ICSI Berkeley • Available as Android App, Java Applet, CL tool Netalyzr in this Study • More than 550K sessions in 1500+ ASes • Access to device/router/public IP address • Runs in cellular and non-cellular networks • Customized tests Philipp Richter | TU Berlin 13 https://arxiv.org/abs/1605.05606

  25. Detecting CGN in Cellular Networks Internet cellular ISP device IP: server-side IP: 10.53.23.10 192.0.2.58 Device IP address assigned directly by the ISP Device IP ≠ server-side IP → Carrier-Grade NAT Philipp Richter | TU Berlin 14 https://arxiv.org/abs/1605.05606

  26. Detecting CGN in Residential Networks home ISP Internet network device IP: ext. router IP: server-side IP: 192.168.1.2 10.32.30.1 192.0.2.58 ext. router IP ≠ server-side IP → Carrier-Grade NAT? Philipp Richter | TU Berlin 15 https://arxiv.org/abs/1605.05606

  27. Detecting CGN in Residential Networks (2) home ISP Internet network device IP: ext. router IP: server-side IP: 192.168.1.2 10.32.30.1 192.0.2.58 home (another) ISP Internet network home network device IP: ext. router IP: server-side IP: 192.168.1.2 10.32.30.1 192.0.2.58 Up to 7% of sessions with chained home NATs Philipp Richter | TU Berlin 15 https://arxiv.org/abs/1605.05606

  28. Detecting CGNs with Netalyzr • We test 1500+ ASes • We detect CGN in 194 non-cellular and 205 cellular ASes Benefits Caveats direct IP addressing data partial visibility, crowdsourced 
 cellular and non-cellular (need users to run Netalyzr) more customized tests Philipp Richter | TU Berlin 16 https://arxiv.org/abs/1605.05606

Recommend

A Multi-perspective Analysis of Carrier-Grade NAT Deployment Magdalena Prbstl May 18, 2017

A Multi-perspective Analysis of Carrier-Grade NAT Deployment Magdalena Prbstl May 18, 2017

A Multi-perspective Analysis of Carrier-Grade NAT Deployment Magdalena Prbstl May 18, 2017 Background Operators Perspectives on CGN Measurement Methodology Global CGN Presence CGN Behaviour Implications, Conclusion and Takeaway Background

289 views • 14 slides
Chris Price OPNFV TSC Chairperson 4/5/16 OPNFV is a carrier-grade, OPNFV is a

Chris Price OPNFV TSC Chairperson 4/5/16 OPNFV is a carrier-grade, OPNFV is a

Chris Price OPNFV TSC Chairperson 4/5/16 OPNFV is a carrier-grade, OPNFV is a carrier-grade, integrated, open source integrated, open source platform to accelerate the platform to introduction of new NFV products and services. ETSI

274 views • 9 slides
CARRIER PERSPECTIVE ON PHARMACEUTICAL LOGISTICS www.BoyleTransport.com REGULATORY GUIDANCE

CARRIER PERSPECTIVE ON PHARMACEUTICAL LOGISTICS www.BoyleTransport.com REGULATORY GUIDANCE

CARRIER PERSPECTIVE ON PHARMACEUTICAL LOGISTICS www.BoyleTransport.com REGULATORY GUIDANCE SUPPLY CHAIN PARTICIPANTS SHOULD ENSURE SUPPLY CHAIN INTEGRITY & GOOD DISTRIBUTION PRACTICES CARRIER OBLIGATIONS Quality

502 views • 13 slides
Design and Implementa/on of a Carrier Grade So6ware Defined

Design and Implementa/on of a Carrier Grade So6ware Defined

1ST IEEE / IFIP Interna/onal Workshop on SDN Management and Orchestra/on Design and Implementa/on of a Carrier Grade So6ware Defined Telecommunica/on

604 views • 21 slides
Multi-perspective analysis of D4D fine resolution data Movers Gennady & Natalia Andrienko,

Multi-perspective analysis of D4D fine resolution data Movers Gennady & Natalia Andrienko,

Multi-perspective analysis of D4D fine resolution data Movers Gennady & Natalia Andrienko, Georg Fuchs Trajectories M (T S) Fraunhofer Institute IAIS Spatial events Sankt Augustin Spatio-temporal positions E (T S) Germany

387 views • 15 slides
Synthesis and Exploration of Multi- Level, Multi-Perspective Architectures of Automotive

Synthesis and Exploration of Multi- Level, Multi-Perspective Architectures of Automotive

Synthesis and Exploration of Multi- Level, Multi-Perspective Architectures of Automotive Embedded Systems Jordan Ross , Alexandr Murashkin, Jia Hui Liang, Micha Antkiewicz, Krzysztof Czarnecki September 20 th , 2017 1 Background &

379 views • 27 slides
Bringing flexibility provided by multi-energy carrier integration to a new MAGNITUDE Project

Bringing flexibility provided by multi-energy carrier integration to a new MAGNITUDE Project

Bringing flexibility provided by multi-energy carrier integration to a new MAGNITUDE Project public presentation Last update: October 2018 This project has received funding from the European Communitys H2020 Framework Programme under grant

578 views • 46 slides
Mandatory Access Control for Carrier-Grade Linux Clusters (as part of the DSI project)

Mandatory Access Control for Carrier-Grade Linux Clusters (as part of the DSI project)

Mandatory Access Control for Carrier-Grade Linux Clusters (as part of the DSI project) Miroslaw.Zakrzewski@Ericsson.ca Ericsson Research Canada Open System Lab Montral Canada http://www.risq.ericsson.ca Rev PA1 2002-05-22 1 Ericsson

841 views • 42 slides
A critical analysis of intercultural communicative competence development in 11th grade English

A critical analysis of intercultural communicative competence development in 11th grade English

A critical analysis of intercultural communicative competence development in 11th grade English textbook from the English as international language (EIL) perspective Thao Luong Thuy Nguyen ULIS - VNU Background: Kachrus three

407 views • 12 slides
AHI AHI Car Carrier rier Fz Fzc A CARRIER JOINT VENTURE COMPANY Product Presentation CARRIER

AHI AHI Car Carrier rier Fz Fzc A CARRIER JOINT VENTURE COMPANY Product Presentation CARRIER

AHI AHI Car Carrier rier Fz Fzc A CARRIER JOINT VENTURE COMPANY Product Presentation CARRIER 30AWH Air To Water Heat Pump 2 overview europe, middle east & asia # 8 # 8 factories & design centers # 1 17 factories 07 design

951 views • 51 slides
Rainwater Harvesting and Reuse system CARRIER DOME MELISSA CADWELL Carrier Dome Carrier Dome

Rainwater Harvesting and Reuse system CARRIER DOME MELISSA CADWELL Carrier Dome Carrier Dome

Rainwater Harvesting and Reuse system CARRIER DOME MELISSA CADWELL Carrier Dome Carrier Dome Located in the City of Syracuse Seats approximately 49,262 Host a variety of events Air supported roof 6.5 acre 6.5 million gallons

447 views • 5 slides
Oracle Buys Pre-Paid Software Assets from eServGlobal Oracle to Deliver Scalable Carrier-grade

Oracle Buys Pre-Paid Software Assets from eServGlobal Oracle to Deliver Scalable Carrier-grade

Oracle Buys Pre-Paid Software Assets from eServGlobal Oracle to Deliver Scalable Carrier-grade Pre-paid Solution Based on Open, Flexible IT-based Platform August 3, 2010 Oracle is currently reviewing the existing eServGlobal USP (Universal D

370 views • 12 slides
Multi- -gas Model Analysis on gas Model Analysis on Multi stabilization scenarios

Multi- -gas Model Analysis on gas Model Analysis on Multi stabilization scenarios

Multi- -gas Model Analysis on gas Model Analysis on Multi stabilization scenarios stabilization scenarios Junichi Fujino NIES, Japan The 9th AIM International Workshop; 12-13, March 2004 National Institute for Environmental Studies,

547 views • 20 slides
Multi-Vendor Carrier Ethernet Interoperability Test 2008 Carsten Rossenhvel, Managing Director

Multi-Vendor Carrier Ethernet Interoperability Test 2008 Carsten Rossenhvel, Managing Director

Multi-Vendor Carrier Ethernet Interoperability Test 2008 Carsten Rossenhvel, Managing Director European Advanced Networking Test Center (EANTC AG) Agenda Participants and Testing Goals Growth Areas Interoperability Achieved

337 views • 21 slides
Corporate Presentation Who s who, and who is doing what ? A little bit of history 1950 :

Corporate Presentation Who s who, and who is doing what ? A little bit of history 1950 :

Corporate Presentation Who s who, and who is doing what ? A little bit of history 1950 : Carrier Conveyor Corporation 1983 : Carrier Vibrating Equipment 1995 : Carrier Europe ( Nivelles-Sud ) 1998 : Carrier Workshop Shangha

287 views • 16 slides
Motivation Artists often deviate from perspective projection Artists often deviate from

Motivation Artists often deviate from perspective projection Artists often deviate from

10/25/16 Multi-Perspective Images Multi-Perspective Images M. C. Escher, 1956 Rademacher and Bishop,1998 Images that depict more than can be seen from any single viewpoint, yet remain interpretable -- J. Yu Motivation Motivation Artists

319 views • 9 slides
100 Gbit/s Carrier Grade Ethernet Transport Introduction EuroView 2008 Wrzburg, July 21st,

100 Gbit/s Carrier Grade Ethernet Transport Introduction EuroView 2008 Wrzburg, July 21st,

100 Gbit/s Carrier Grade Ethernet Transport Introduction EuroView 2008 Wrzburg, July 21st, 2008 Kurt Lsch , Bell Labs, Germany Alcatel-Lucent (Kurt.Loesch@alcatel-lucent.de) Overall Goal: Ethernet Evolution into the Core LAN Metro Core

66 views • 4 slides
Third to Fifth Grade Third to Fifth Grade Task & T ask & Teacher Analy eacher Analysis

Third to Fifth Grade Third to Fifth Grade Task & T ask & Teacher Analy eacher Analysis

Third to Fifth Grade Third to Fifth Grade Task & T ask & Teacher Analy eacher Analysis sis Chocolate Chip Task: C ask: Cookie Dough ookie Dough Cookie Dough Grade L Grade Level: 3 el: 3 $5 a tub

539 views • 16 slides
Third to Fifth Grade Third to Fifth Grade Task & T ask & Teacher Analy eacher Analysis

Third to Fifth Grade Third to Fifth Grade Task & T ask & Teacher Analy eacher Analysis

Third to Fifth Grade Third to Fifth Grade Task & T ask & Teacher Analy eacher Analysis sis Chocolate Chip Task: C ask: Cookie Dough ookie Dough Cookie Dough Grade L Grade Level: 3 el: 3 $5 a tub

396 views • 5 slides
Drafting Motor Carrier Agreements: Anticipating and Addressing Cargo Claims, Carrier Indemnity

Drafting Motor Carrier Agreements: Anticipating and Addressing Cargo Claims, Carrier Indemnity

Presenting a live 90-minute webinar with interactive Q&A Drafting Motor Carrier Agreements: Anticipating and Addressing Cargo Claims, Carrier Indemnity Obligations and More Navigating MAP-21 Legislation, Carrier Safety Performance and

912 views • 64 slides
Aberdeen SMER SC006 20 th August 2013 Overview Background Error Description Analysis

Aberdeen SMER SC006 20 th August 2013 Overview Background Error Description Analysis

Aberdeen SMER SC006 20 th August 2013 Overview Background Error Description Analysis of flow data Initial Tests Carrier Checks Carrier Data Plates Orifice Plate Photographs On-site Testing CFD Analysis

501 views • 47 slides
Congratulations October Buc of the Month Recipients! 12 th Grade 9 th Grade 10 th Grade 11 th

Congratulations October Buc of the Month Recipients! 12 th Grade 9 th Grade 10 th Grade 11 th

Congratulations October Buc of the Month Recipients! 12 th Grade 9 th Grade 10 th Grade 11 th Grade 7 th Grade 8 th Grade Alaina Holguin Simaranjeet Kaur Ashley Garcia Jael Jacobo Julina Rodriguez John Kinchen Yitzel Castellanos Sana

304 views • 3 slides
AVIATION COLOUR VISION STANDARDS A CVD Pilots Perspective Capt. John OBrien CVDPA

AVIATION COLOUR VISION STANDARDS A CVD Pilots Perspective Capt. John OBrien CVDPA

AVIATION COLOUR VISION STANDARDS A CVD Pilots Perspective Capt. John OBrien CVDPA Director Youre colour blind. Youll never be a commercial pilot. MY CAREER JOURNEY Grade 1 Flight Instructor (Multi Engine IFR + Night)

678 views • 40 slides
Kindergarten to Sec Kindergarten to Second Grade ond Grade Task & T ask & Teacher Analy

Kindergarten to Sec Kindergarten to Second Grade ond Grade Task & T ask & Teacher Analy

Kindergarten to Sec Kindergarten to Second Grade ond Grade Task & T ask & Teacher Analy eacher Analysis sis Task: C ask: Constructiv onstructive c e con onversations about ersations about Grade L Grade Level: 1 el: 1

224 views • 19 slides

More recommend