Requirements of

Carrier Grade NAT (CGN)

draft-nishitani-cgn-00.txt
draft-shirasaki-isp-shared-addr-00.txt
NTT Communications Corporation
Shin Miyakawa
miyakawa@nttv6.jp
Tomohiro Nishitani
tomohiro.nishitani@ntt.com 1
Agenda

 Background
 Concepts of CGN
 Network design of CGN
 Requirements for CGN
 Impact of service using CGN
 Conclusion

2
Background

 Because of IPv4 address “completion”, to allocate

global IP address for CPEs is going to be difficult
within few years.
 Basic strategy
 Building NAT by ISP and allocating (newly defined)
private IP addresses for CPEs
 We call this as “Carrier Grade NAT (CGN)”.

3
Most conservative access model changes
- introducing “Carrier-Grade NAT” -
Internet Internet
Global v4 address Global v4 address
Access Access
Concentrator Concentrator
With NAT
FTTH
ADSL (newly defined)
Global v4 address Private v4 address

CPE CPE
With NAT With NAT
Private v4 address Private v4 address

End Host End Host

We need new private space for CGN
other than 240/4
 Because we’d like to keep CPE router as is, we
can not use 240.0.0.0/4 as CGN’s new private
space.
 Simply today’s IPv4 implementation does not work
well on 240.0.0.0/4
 If CPE router firmware can be upgraded, it means that
it can be upgraded to IPv6 compatible. Way better.
 “dual stack lite” does not need this but it requires
CPE router replacement. This is the pros-and-
cons.
 We are discussing this issues in
 draft-shirasaki-isp-shared-addr-00.txt
It looks v6 is not needed ?

 Please do not feel safe. CGN (and any other

carrier-grade NAT scheme) has serious
restrictions anyway.
 This draft is compiled to make CGN useful as
much as possible but please note well that
IPv6 will be needed eventually.
 Discussion will be presented at IAB Technical
Plenary on Wednesday.
 Concepts of CGN
 Basic scheme
 Sharing global IP addresses for CPEs
 High transparency
 No checking and altering application layer data
 Dropping as no data as possible
 High connectivity Targets of
 Hairpining
 Using UDP/TCP hole punching I.D-nishitani-cgn
 Fairness of communication for CPEs
 Limiting ports and TCP sessions per CPE

 High availability
 High scalability

7
 Network design of CGN
STUN/TURN
server

UDP/TCP
hole punching
Global IP addresses
CGN external NW
IP address
and port
CGN１ CGN２
Hairpining
Private IP addresses Private IP addresses
WAN１ WAN2

CPE１ CPE２

Private IP Private IP
addresses LAN１ addresses LAN２

8
Basic scheme

 Sharing global IP address for CPEs

 REQ-1: A CGN MUST allocate one external IP
address to each CPE.
a) CGN external IP address of the UDP, TCP and
ICMP MUST be same.

9
 High transparency and high connectivity
 To comply with RFC and drafts which describe
NAT behavior

 REQ-7: A CGN SHOULD comply with [RFC4787] for unicast

UDP.

 REQ-8: A CGN SHOULD comply with

[I-D.ietf-behave-tcp] for TCP.

 REQ-9:A CGN SHOULD comply with

[I-D.ietf-behave-nat-icmp] for ICMP.

 To support DCCP, SCTP and IPsec ESP

10
Fairness to communicate for CPEs (1/2)
 Limiting the number of the CGN external ports
of UDP and TCP,TCP sessions and ICMP
identifiers
 REQ-2 c)
 REQ-3 c)
 REQ-3 e)
 REQ-4 c)
 Allocating dynamic ports for CGN external
UDP and TCP ports
(from 49152 through 65535)

11
Fairness to communicate for CPEs (2/2)
Exceptions of limiting ports and TCP sessions
 REQ-5
 Reserving UDP and TCP ports for always-available
services
 Example of available services:
POP3, SMTP, NTP ….

 REQ-6
 To pass-through the communication between CPEs and
specific hosts
 Examples of specific hosts:
POP3 server, DNS server, WEB server ….

12
 Impact of service using CGN
1. Effects of NAT functions
 VPN, P2P, VoIP
 No using UPnP
2. Limiting the number of ports, TCP sessions and ICMP
identifiers
 Using many TCP sessions simultaneously
 AJAX, Web site including rich content, P2P
 Using many TCP sessions in short time
 RSS reader
3. Sharing global IP addresses for CPEs
 API which checks only IP address during authentication

13
Conclusion
 Concepts of CGN
 High transparency
 High connectivity
 Fairness of communication for CPEs
 High availability
 High scalability

 Impact of service using CGN

 Effects of NAT functions
 Limiting the number of ports and ICMP identifiers
 Sharing global IP addresses for CPEs

14
（Fairness to communicate for CPEs）

 REQ-9 a)
When a CGN can't establish new session of
TCP/UDP by limiting of TCP/UDP ports per
user, the CGN sends an ICMP destination
unreachable message, with code of 13
(Communication administratively prohibited)
to the sender.

15