Transcript Slides
Careful planning is for introducing NAT Operational advice from real-world experience its communications Inc. Hiroyuki Ashida Aug 2009 Agenda ■ Introduction ■ Technical Issues for introducing LSN ■ Summary Operational Advice to provide LSN 2001:db8:1256:a4da::2 Introduction: My Job ■ Company its communications Inc. the biggest CATV operator in Japan ■ Service TV Broadcast Internet Access Primary Phone ■ Jobs Access network & Backbone design /construction / operation ■ Recent Interests IPv6 deployment for CATV broadband access ISP network operation before & after IPv4 address exhaustion Evaluation of Internet reachability 2001:db8:1256:a4da::3 Service Areas Around here 30km around Area house holds 1,130K Connected TV: 610k NET: 135k Phone: 22k 2001:db8:1256:a4da::4 Why I’m talking about NAT? ■ We have been providing NATed access service since 1998 (before issued IPv4 assignment guideline) over 50,000 customers are using NATed access => We have experience of operation of ten years ■ Proposals about LSN, NAT444 LSN = Large Scale NAT (CGN,MUN) JPOPM13, APNIC25 IETF draft-shirasaki-isp-shared-addr draft-shirasaki-nat444-isp-shared-addr ■ Many ISPs examine introduction of LSN 40-50% of ISPs in Japan for IPv4 address exhaustion 2001:db8:1256:a4da::5 Scope of this presentation ■ Operational Advice of LSN from real-world experience Technical and quantitative knowledge Analysis actual equipment and traffic ■ Contents Resource management (session number, size of storage) Network design & Routing Timing to deploy ■ Why? We (our customer) will share an IPv4 address in the future We will have provided our services with the enough quality 2 years after !! 2001:db8:1256:a4da::6 Network model: NAT444 Internet v4(G) v6 ISP v4(G) LSN(CGN) v6 Any IPv4 Address CPE CPE CPE v4(P) v4(P) V4(P) + v6 http://www.ietf.org/proceedings/09mar/slides/opsarea-2/opsarea-2_files/v3_document.htm 2001:db8:1256:a4da::7 Technical Issue (1/5) port number ※ http://www.nttv6.jp/~miyakawa/IETF72/IETF-IAB-TECH-PLENARY-NTT-miyakawa-extended.pdf How many sessions we should provide? 2001:db8:1256:a4da::8 Session numbers in consumer broadband access ■ ■ ■ Regional POP Night of the weekend Uniq addresses: 7,300 400000 300000 Active 250000 SYN 200000 FIN 150000 Expire observed TCP session about 360,000 100000 50000 60 45 80 43 00 42 20 40 40 38 60 36 80 34 00 33 20 31 40 60 29 80 27 25 00 24 20 22 40 20 60 18 80 00 16 15 20 13 0 40 11 96 0 0 78 セッシ ョン数 number session 350000 Time [sec] 計測開始からの秒数 2001:db8:1256:a4da::9 Analysis by network size, area and speed 1IPアドレスあたりのセッション数 number per one IP address Session 300 285.5 TCP UDP 250 Statistical Multiplexing 200 No correlation with access speed 150 114.9 Area Difference ? 113.8 95.2 100 65 59.5 48.2 50 73.5 50.8 0 /24 内/24 160M 160M HSD 地域A area (1) /22 内/22 All 全体 area 地域B FTTH ADSL FTTH (2) ADSL他 2001:db8:1256:a4da::10 Distribution of the port number (TCP) 10000000 80 1000000 445 135 443 25 It is reduced to half if NetBIOS is denied 110 10000 1000 400000 350000 100 Active deny NetBIOS 250000 100000 1024 1003 949 905 871 840 802 765 719 668 613 562 525 491 432 373 322 245 ポート番号 Port number 50000 60 80 45 00 43 42 20 40 40 60 38 36 80 34 00 33 20 31 40 29 60 27 80 25 00 24 20 40 22 60 20 18 80 16 00 15 20 13 40 0 11 78 0 0 96 208 150000 281 200000 164 79 52 26 1 134 10 セッション数 number session 300000 1 of times Number 出現頻度 100000 103 log Time [sec] 計測開始からの秒数 2001:db8:1256:a4da::11 Conclusion of port numbers ■ Average of 50-300 sessions per one user ⇒ different by a condition (area, block size) ■ If the block is small, there are many sessions per user (Statistical Multiplexing) ■ Difference by regions (the class of users?) ■ No correlation with access speed ■ It is reduced to half if NetBIOS is denied 2001:db8:1256:a4da::12 Technical Issue (2/5) Logging Storage ■ Bit size per one session: about 48bytes Source IP Address + Port : 48bit Destination IP Address + Port : 48bit Translated IP Address + Port : 48bit Time stamp: 64bit Other information(status, information of NAT box, etc) ■ Actual observed flow(about 7,000 addresses) TCP: 171,378 flows, UDP: 458,491 flows ⇒ about 40GB? / day ⇒ about 14TB? / year 2001:db8:1256:a4da::13 Technical Issue (3/5) Routing The Internet The Internet Default IPv4 Global IPv4 NATed (Private) Separate Policy Routing To LSN IPv4 Global IPv4 NATed (Private) Mixed 2001:db8:1256:a4da::14 Technical Issue (4/5) IP address Global Internet ISPs usually use 10/8 Default of most residential router is 192.168.x.x ISP Network Home Network 10.x.x.x 10.x.x.x 192.168.x.x 10.x.x.x 2001:db8:1256:a4da::15 Can ISPs use 10/8 for NAT? ■ Reserved for infrastructure DOCSIS cable modems VoIP Terminals etc ■ Customer already use them Enterprise customers 10.2.0.0/16 VPN service ISP 10.1.0.0/16 2001:db8:1256:a4da::16 Communications between customers SrcIP = Global access alloed SrcIP = 10/8? access denied The Internet IPv4 Global IPv4 NATed (Private) 2001:db8:1256:a4da::17 Technical Issue (5/5) Time of Launch ONE IPv4 address is shared by N users using LSN ⇒ Address consumption speed slows down 1/N Address Consumption Launch LSN time 2001:db8:1256:a4da::18 Address pool and Launch Timing ■ Current: 1,000 addresses /month ■ After Launch LSN: 50 users share one address ⇒ 20 addresses / month Available addresses /24 (256) /22 (1024) /21 (2048) remain of NAT pool 12 months 50 months 100 months Do you degrade of the existing service? Do you purchase the IP address? 2001:db8:1256:a4da::19 Summary: Technical Issues & Point of design ■ Management port number We should focus on behavior of our customers • Hardly? Gently? Many users share a large block • Effectively statistical multiplexing ■ Routing Policy routing is used many depending on topology ■ IP address, Timing to deploy If you can use 10/8, you should understood that some problems may occur. You should reserve enough addresses for the translation. 2001:db8:1256:a4da::20