Beruflich Dokumente
Kultur Dokumente
Background
Concepts of CGN
Network design of CGN
Requirements for CGN
Impact of service using CGN
Conclusion
2
Background
3
Most conservative access model changes
- introducing “Carrier-Grade NAT” -
Internet Internet
Global v4 address Global v4 address
Access Access
Concentrator Concentrator
With NAT
FTTH
ADSL (newly defined)
Global v4 address Private v4 address
CPE CPE
With NAT With NAT
Private v4 address Private v4 address
High availability
High scalability
7
Network design of CGN
STUN/TURN
server
UDP/TCP
hole punching
Global IP addresses
CGN external NW
IP address
and port
CGN1 CGN2
Hairpining
Private IP addresses Private IP addresses
WAN1 WAN2
CPE1 CPE2
Private IP Private IP
addresses LAN1 addresses LAN2
8
Basic scheme
9
High transparency and high connectivity
To comply with RFC and drafts which describe
NAT behavior
10
Fairness to communicate for CPEs (1/2)
Limiting the number of the CGN external ports
of UDP and TCP,TCP sessions and ICMP
identifiers
REQ-2 c)
REQ-3 c)
REQ-3 e)
REQ-4 c)
Allocating dynamic ports for CGN external
UDP and TCP ports
(from 49152 through 65535)
11
Fairness to communicate for CPEs (2/2)
Exceptions of limiting ports and TCP sessions
REQ-5
Reserving UDP and TCP ports for always-available
services
Example of available services:
POP3, SMTP, NTP ….
REQ-6
To pass-through the communication between CPEs and
specific hosts
Examples of specific hosts:
POP3 server, DNS server, WEB server ….
12
Impact of service using CGN
1. Effects of NAT functions
VPN, P2P, VoIP
No using UPnP
2. Limiting the number of ports, TCP sessions and ICMP
identifiers
Using many TCP sessions simultaneously
AJAX, Web site including rich content, P2P
Using many TCP sessions in short time
RSS reader
3. Sharing global IP addresses for CPEs
API which checks only IP address during authentication
13
Conclusion
Concepts of CGN
High transparency
High connectivity
Fairness of communication for CPEs
High availability
High scalability
14
(Fairness to communicate for CPEs)
REQ-9 a)
When a CGN can't establish new session of
TCP/UDP by limiting of TCP/UDP ports per
user, the CGN sends an ICMP destination
unreachable message, with code of 13
(Communication administratively prohibited)
to the sender.
15