Detecting CGN In The ISP - CAIDA PDF Free Download

1y ago

25 Views

1 Downloads

896.94 KB

28 Pages

Report/dmca

Download PDF

Transcription

Detecting CGN in the ISPAndra Lutu, Marcelo Bagnulo,Amogh Dhamdhere, kc claffy

Network Address Translation(NAT) We are out of IPv4 address space IPv6 adoption is slow, though accelerating inrecent times Network Address Translation prolongs thelife of IPv4 by enabling address sharing NATs can be performance bottlenecks, breakcertain applications, or inhibit IPv6 adoptionin the near termNAT Revelio2

NAT444 /Carrier Grade NAT/ Large Scale NATRFC7021: Assessing the Impactof Carrier-Grade NAT onNetwork Applications On-line gamingVideo streamingBitTorrentVPN & EncryptionVoIP NAT Revelio3

Traditional NAT (NAT44)DSL Access Network mapped to the LMAP Reference PathLMAP ReferenceSubsc.Path:deviceServiceDemarc.Intra tra IP AccessPointDSL Access:CPEDSLAMBRASDSL Networkno NAT444Home NetworkAddressing: Private Address SpaceCRPublic Address SpaceNAT Revelio4

Large Scale NAT(NAT444)DSL Access Network with NAT444 deploymentLMAP ReferenceSubsc.Path:deviceServiceDemarc.Intra IPAccessGRAGWTransitGRAGWIntra IP AccessPointServiceDemarcationPointDSL Access:CPEDSLAMBRASHome NetworkAddressing: Private Address SpaceCRCGNDSL Networkwith NAT444Private/Shared/Public Address SpaceNAT Revelio5

NAT lly Routable Addresses(GRA)Intra IP AccessPointInternet Detect the usage of private/shared address spacebeyond the CPE, in the ISP access network Detect the location (home network or ISP accessnetwork) of the device doing the translation to the GRANAT Revelio6

Client-side detection Two approaches to CGN detection: usingmeasurements from the client or from“outside” NAT Revelio is a client-side approach Specific use scenario: from the user CPE(e.g., SamKnows or Bismark router) Pro: more control over measurements Con: coverage limited to networks with VPsNAT Revelio7

NAT Revelio: Design Challenges Diverse home network configurations, e.g. in-homecascaded NAT, with probe NOT connected directly to theCPE, misconfiguration in setting up SamKnows box Diverse ISP configurations and deployments, e.g. use ofprivate IP addresses internally even if they don’t do NAT444Incorrect Mapping with the LMAP Reference marc.CPE 1Intra IPAccessCPE 2Home Network withCascaded CPEsPrivateAddress SpaceGRAGW BRASDSL NetworknoNAT444PrivateAddress SpaceNAT RevelioPublicAddress Space8

NAT Revelio: Design Challenges Need to detect the access link to delimit theaccess network and the home network Eliminates some false positivesCorrect Mapping with the LMAP Reference PathSubsc.deviceRevelioClientPrivate Net#1Private Net#2CPE 1ServiceDemarc.CPE 2Home Network withCascaded CPEsIntra IPAccessGRAGW BRASDSL NetworknoNAT444Private Address SpacePublic Address SpaceNAT Revelio9

NAT Revelio The NAT Revelio test suite includes 2 phases Environmental Characterization– Understand the environment hosting the devicerunning the Revelio Client NAT444 Discovery– Detection of signals that the ISP might deploy aNAT444 solution in the ISP access networkNAT Revelio10

1. STUN BindingRequestnoyes2. Home NATdeviceTest 3.Test 1.SubscriberGRANoNAT444Test 1.ServiceDemarc.LocationTest 2.2. Invoke UPnPActions1. IP Addressesin the ISPAccess NetworkPrivateAddressesin AccessNetworkyesNAT444Test 3.yesnoSharedAddressesin iveinconclusiveyesRevelioclientconnectedto ServiceDemarc.device3. Traceroute to GRAReplies fromhops beyondthe homenetworknoyesNAT444noPhase 1) EnvironmentCharacterization3. Path AnalysisTest 2.GRA repliestotracerouteinconclusivePhase 2) . PointIP AddressServiceDemarc. IPAddress GRAnoNAT444Action performed (e.g., send STUN request to retrieve thesubscriber GRA)Data retrieved (e.g., the subscriber GRA)Test performed (e.g., is the GRA configured on the ServiceDemarcation point)Conclusion stop block (i.e., NAT444 in the ISP, no NAT444in the ISP or inconclusive)

Environment Characterization1. STUN BindingRequestno2. Home NATdeviceTest 1.yes3. Path AnalysisTest 3.SubscriberGRANo NAT444Test 2.ServiceDemarc.Location Test 1: The GRA of the subscriber running the Revelio client Test 2: Whether the subscriber is behind at least one level of NAT(i.e., the CPE performs the NAT function) Test 3: Position of the Revelio client related to the Service Demarc.Device (i.e., the position of the access link relative to the Revelioclient)12

NAT444 DiscoveryTest 1.yes1. IP Addressesin the ISPAccess NetworkPrivateAddressesin AccessNetworkNAT444nono2. Invoke UPnPActionsSharedAddressesin AccessNetworkyesinconclusiveUPnPsupportedno3. Traceroute to GRAReplies fromhops beyondthe Serv.Demarc. PointinconclusiveyesRevelioclientconnectedto ServiceDemarc.deviceyesServiceDemarc. PointIP AddressnoNAT444nonoNAT444inconclusiveTest 3.yesTest 2.GRA repliesto tracerouteyesNoNAT444yesNoNAT444ServiceDemarc. IPAddress GRAnoNAT444

Experimental Results NAT Revelio deployment on a large scale 1,954 SamKnows Whiteboxes in 26 ISPsacross the UK We found that 10 end-users are connectedbehind a NAT444 deployment– 5 different ISPs Repeated test 6 months later, with consistent resultsNAT Revelio14

Current status Working with the FCC to deploy on the FCC/SamKnows infrastructure in the US Estimated deployment soon (ish). maybeNAT Revelio15

NAT Revelio16

NAT Revelio Other tests– Hairpin test– Port preservation test– Multi-client testNAT Revelio17

NAT Hairpin TestSTUN clientNAT hairpinsupportedNAT hairpinsupportedSTUNServerPublic MappedAddressSTUN Binding RequestReturns mapped address STUN Binding Requestto the mapped address from a differentportIf the Client receivesthe STUN BindingRequest, then theNAT hairpinsconnectionsSTUN Binding RequestNAT Revelio18

NAT Hairpin TestSTUN clientNAT hairpinsupportedNAT hairpinsupportedSTUNServerPublic MappedAddress If the NAT hairpins connections, the clientverifies the received STUN Binding Requestreceived to check the TTL value– E.g., if TTL 254, the mapped IP is not theexternal IP of the CPE CGN detectedNAT Revelio19

Port Preservation testIPint: pint STUNServerIPext: pintSome NATs implement the port assignment behaviour known as portpreservation– Attempt to preserve the port number used internally when assigning amapping to an external IP address and port Send a Binding Request to the STUN Server from port pint Learn the mapped address Create a new mapping for port p’int in the CPE (send packet fromport p’int with TTL 2) Send a packet from the MS to IPmapped: p’int If the host does not receive the packet CGN detectedNAT Revelio20

Port Preservation testIPint: pintSTUNServerIPext: pintSTUN Binding Request on portpintReturns mapped address IPmappedSend packet from port p’int with TTL 2Send packet to IP mapped:p’int Does the hostreceive the packetfrom the server?NAT Revelio21

Multi-client test Retrieve the Mapped Public Address for each probe If any two probes have the same mapped public address CGN detected Cannot detect all the clients that are behind the same CGN, butit can tell if the ISP is using a CGNNAT Revelio22

Multi-client testSend STUN Binding RequestSend STUN Binding RequestSend STUN Binding RequestNAT RevelioWhich is theSource Addressseen by theServer for eachpacket?23

pathchar to detect the access link Run UDP traceroute to a fixed target (routerinside Level3 network with no rate limiting)– Used the well-known traceroute port range– 21 different packet sizes (from 120 to 1400 bytes)– One traceroute probe per TTL, max TTL of 30 Run every hour, over 4 days collected 96RTT samples per TTL and for each packetsizeNAT Revelio24

pathchar to detect the access link For each TTL:1) Minimum Filtering: For each packet size, choose the minimum value of theRTT– Capture only the transmission delay and the propagationdelay RTT packet size/BW LAT– 2) Line fitting Using the 21 different points, fit a regression line for theRTT and determine the slope [1/BW] and the intercept[LAT]NAT Revelio25

pathchar to detect the access linkNAT Revelio26

pathchar to detect the access link3) Differencing Given the estimated cumulative parameters above,pathchar determines the per-link parameters (slope andintercept, i.e., 1/BW and LAT) by subtracting theconsecutive fitted lines parametersNAT Revelio27

in the ISP Access Network Private Addresses in Access Network NAT4 44 yes Shared Addresses in Access Network no no yes NAT4 44 inconclu sive Phase 2) NAT444 Discovery Action performed (e.g., send STUN request to retrieve the subscriber GRA) Data retrieved (e.g., the subscriber GRA) Test performed (e.g., is the GRA configured on the Service .