A Multi-Perspective Analysis of Carrier-Grade NAT Deployment

Size: px

Start display at page:

Download "A Multi-Perspective Analysis of Carrier-Grade NAT Deployment"

Marshall Evans
5 years ago
Views:

1 A Multi-Perspective Analysis of Carrier-Grade NAT Deployment Philipp Richter, Florian Wohlfart, Narseo Vallina-Rodriguez, Mark Allman, Randy Bush, Anja Feldmann, Christian Kreibich, Nicholas Weaver, and Vern Paxson. in ACM IMC Philipp Richter TU Berlin

2 IPv4 Address Space Exhaustion 4 out of 5 RIRs exhausted. Less than ~2% of the IPv4 space is still unallocated/ free. Philipp Richter TU Berlin 1

3 What happens now and what do we know? Transition to IPv6 plenty of measurements and statistics available Buy IPv4 transfer statistics available from the RIRs Use IPv4 Carrier-Grade NAT no deployment statistics available little is known about CGN configurations Philipp Richter TU Berlin 2

4 ISP Survey We asked ISPs about IPv4 Carrier-Grade NAT More than 75 ISPs from all regions of the world replied Range from small rural ISPs in Africa up to Fortune 50 companies Did you or do you plan to deploy IPv4 Carrier-Grade NAT? considering deployment 12% 38% yes, already deployed 50% no plans to deploy Philipp Richter TU Berlin 3

5 ISP Survey: CGN Specifics Do you have operational concerns about CGN? Subscribers experience problems with application (e.g., gaming) Traceability of users behind CGN Issues with CGN IP addresses getting blacklisted Major challenges/caveats when configuring CGNs? Troubleshooting connectivity issues Resource allocation, quotas and port ranges per subscriber Internal address space fragmentation and shortage (e.g., RFC1918) Philipp Richter TU Berlin 4

6 Motivation and Objectives Motivation CGNs seems to be widely deployed ISPs voiced concerns about CGN configuration/operation No broad and systematic studies available Objectives Develop methods to detect CGN presence in the wild Develop methods to extract properties from detected CGNs Illuminate the current status of CGN deployment in the Internet Philipp Richter TU Berlin 5

7 NATs between Subscribers and the Internet Subscriber ISP Internet NAT44 (subscriber-side) internal space e.g., /16 CPE NAT public IPv4 NAT44 (carrier-side) Carrier-Grade NAT internal space e.g., /8 public IPv4 NAT444 (subscriber-side and carrier-side) internal space e.g., /16 CPE NAT Philipp Richter TU Berlin 6

8 Agenda ISP Survey Detecting CGN Presence From the Outside via BitTorrent From the Inside via Netalyzr CGN Deployment Statistics CGN Properties Conclusion Philipp Richter TU Berlin

9 The BitTorrent DHT : : :6883 tracker give me peers for torrent XYZ give me peers : :6883 classic BitTorrent Tracker stores peer contact information (IP:port) BitTorrent DHT: Peers store each others contact information (IP:port, nodeid) We can use DHT peers as vantage points Philipp Richter TU Berlin 8

10 Crawling the BitTorrent DHT give me peers DHT crawler Philipp Richter TU Berlin 9

11 Crawling the BitTorrent DHT i can reach peer 25fc at :6881 peer 492c at :6881 DHT crawler Philipp Richter TU Berlin 9

12 Crawling the BitTorrent DHT i can reach peer 25fc at :6881 peer 492c at :6881 DHT crawler NAT i can reach peer id a82d at :6881 a82d Some peers leak us internal IP addresses of other peers Philipp Richter TU Berlin 9

13 Crawling the BitTorrent DHT i can reach peer 25fc at :6881 peer 492c at :6881 DHT crawler NAT i can reach peer id a82d at :6881 a82d Some peers leak us internal IP addresses of other peers within 1 week: more than peers in ASes! Philipp Richter TU Berlin 9

14 Understanding Leakage Relationships A B DHT crawler :6881 i can reach peer id a82d at :6881 a82d :6881 we construct a graph of leaking relationships :6881 A a82d :6881 B now we look these graphs on a per-as basis Philipp Richter TU Berlin 10

15 BitTorrent Peer Leakage Graph In this AS: no CGN detected In this AS: CGN detected Philipp Richter TU Berlin 11

16 Detecting CGNs with BitTorrent We test more than 2700 ASes with this methodology We detect CGN (clusters) in 250+ ASes Benefits broad coverage Caveats need BitTorrent activity no probing devices needed not all CGNs show up networks? Philipp Richter TU Berlin 12

17 Agenda ISP Survey Detecting CGN Presence From the Outside via BitTorrent From the Inside via Netalyzr CGN Deployment Statistics Dominant Characteristics of deployed CGNs Conclusion Philipp Richter TU Berlin

18 Netalyzr What is Netalyzr? Network Troubleshooting Suite developed by ICSI Berkeley Available as Android App, Java Applet, CL tool Netalyzr in this Study More than 550K sessions in ASes Access to device/router/public IP address Runs in and non- networks Customized tests Philipp Richter TU Berlin 13

19 Detecting CGN in Cellular Networks ISP Internet device IP: server-side IP: Device IP address assigned directly by the ISP Device IP server-side IP Carrier-Grade NAT Philipp Richter TU Berlin 14

20 Detecting CGN in Residential Networks home network ISP Internet device IP: ext. router IP: server-side IP: ext. router IP server-side IP Carrier-Grade NAT? Philipp Richter TU Berlin 15

21 Detecting CGN in Residential Networks (2) home network ISP Internet device IP: ext. router IP: server-side IP: home network (another) home network ISP Internet device IP: ext. router IP: server-side IP: Up to 7% of sessions with chained home NATs Philipp Richter TU Berlin 15

22 Detecting CGNs with Netalyzr We test ASes We detect CGN in 194 non- and 205 ASes Benefits direct IP addressing data and non- Caveats partial visibility, crowdsourced (need users to run Netalyzr) more customized tests Philipp Richter TU Berlin 16

23 Agenda ISP Survey Detecting CGN Presence From the Outside via BitTorrent From the Inside via Netalyzr CGN Deployment Statistics CGN Properties Conclusion Philipp Richter TU Berlin

24 How many Networks do we cover? Eyeball Networks (Non-Cellular) Identify Eyeball ASes: Spamhaus PBL / APNIC Labs aspop Eyeball AS population: 3K ASes Tested with BitTorrent/Netalyzr: 1,791 (62%) Identify Cellular Networks directly via Netalyzr tested: 218 ASes Cellular Networks Philipp Richter TU Berlin 17

25 How many Networks deploy CGN? Eyeball Networks (Non-Cellular) CGN-positive: 17.1% particularly in the European and Asia-Pacific Region AFRINIC APNIC ARIN LACNIC RIPE % eyeball ASes CGN positive Cellular Networks CGN-positive: 94% CGN is the norm for AFRINIC APNIC ARIN LACNIC RIPE % ASes CGN positive Philipp Richter TU Berlin 18

26 Agenda ISP Survey Detecting CGN Presence From the Outside via BitTorrent From the Inside via Netalyzr CGN Deployment Statistics CGN Properties Conclusion Philipp Richter TU Berlin

27 Per AS: Internal CGN Address Space 192X 192X 172X 192X 172X 10X 172X /8 10X100X 100X multiple 100X multiple multiple private private & routab privat & / / /10 X 192X 172X 172X 10X 10X 100X multiple 100X ranges multiple private & routable private & routable non non non non non fraction of fraction ASes of ASes fraction of ASes fraction of ASes total: 421 ASes total: 205 ASes fraction fraction of ASes of ASes Philipp Richter TU Berlin 19

$00.2 0.20.4 0.40.6 0.60.8 0.81.0 1.0 0.0 0.2 0.4 0.6 0.8 1.0 fraction of fraction ASes of ASes fraction of ASes fraction of ASes total: 421 ASes total: 205 ASes 0.0 0.0 0.0.2 0.2 0.20.4 0.4 0.40.6 0.6 0.60.8 0.8 0.81.0 fraction fraction of ASes of ASes More than 20% of the ASes use multiple internal ranges.$

28 Per AS: Internal CGN Address Space 192X 192X 172X 192X 172X 10X 172X /8 10X100X 100X multiple 100X multiple multiple private private & routab privat & / / /10 X 192X 172X 172X 10X 10X 100X multiple 100X ranges multiple private & routable private & routable non non non non non fraction of fraction ASes of ASes fraction of ASes fraction of ASes total: 421 ASes total: 205 ASes fraction fraction of ASes of ASes More than 20% of the ASes use multiple internal ranges. Shortage of Internal Address Space? Philipp Richter TU Berlin 19

29 CGNs: Routable as Internal Address Space 1/8 21/8 22/8 25/8 26/8 29/8 30/8 33/8 51/8 e.g., /8: mostly unrouted, but in internal use by at least 4 major networks. What happens if somebody wants to route it? 100/8 AS21928 (T Mobile US) AS24608 (H3G SpA IT) AS22140 (T Mobile US) AS812 (Rogers Cable CA) AS3651 (Sprint US) AS852 (TELUS CA) Consideration for buyers of address space! Users in major ISPs will likely experience connectivity issues to these address blocks. Philipp Richter TU Berlin 20

30 CGNs: Extracting More Properties 10 subsequent TCP connections how do CGNs allocate ports and IPs estimate port-chunk per subscriber local IP, port server-side IP, port : : : : : :5003 NAT test using TTL-limited probe packets pinpoint the CGN location extract CGN timeout values CPE TTL TTL CGN X TTL TTL STUN test IP/port A reason about CGN mapping types compare CGN and CPE mappings CPE CGN STUN port B IP address B STUN Philipp Richter TU Berlin 21

31 CGN Properties High-Level Overview Stunning variety of configurations and setups across ASes and within the same AS Degree of resource sharing, IP addresses, ports, varies heavily, down to 512 ports / subscriber NAT mappings of some CGNs more restrictive compared to CPEs CGNs limit the resources available for subscribers CGN means very different things for different ISPs Philipp Richter TU Berlin 22

32 Summary Methods to detect CGN deployment Methods to extract properties from CGNs More than 500 CGN instances detected and analyzed CGN deployment rate >= 17% non- 94% for Philipp Richter TU Berlin 23

33 CGN Considerations CGNs are popular Consideration when developing applications IP address reputation systems, geolocation systems CGNs are different Degree of resource sharing varies heavily across CGNs Directly reduce how much Internet a subscriber receives CGNs still poorly understood What is an acceptable degree of resource sharing? Measurements needed Input for best practices for CGN dimensioning, regulations Philipp Richter TU Berlin 24

Empirical Analysis of the Effects and the Mitigation of IPv4 Address Exhaustion

Empirical Analysis of the Effects and the Mitigation of IPv4 Address Exhaustion wissenschaftliche Aussprache 2. August 2017 Philipp Richter Internet Penetration, 2017, ISOC. The Internet connects 3.5 billion