Careful planning is for introducing NAT Operational advice

Careful planning is for introducing NAT Operational advice from real-world experience its communications Inc. Hiroyuki Ashida Aug 2009

Agenda ■ Introduction ■ Technical Issues for introducing LSN ■ Summary l Operational Advice to provide LSN 2001: db 8: 1256: a 4 da: : 2

Introduction: My Job ■ Company its communications Inc. the biggest CATV operator in Japan ■ Service l TV Broadcast l Internet Access l Primary Phone ■ Jobs l Access network & Backbone design /construction / operation ■ Recent Interests l IPv 6 deployment for CATV broadband access l ISP network operation before & after IPv 4 address exhaustion l Evaluation of Internet reachability 2001: db 8: 1256: a 4 da: : 3

Service Areas Around here 30 km around Area house holds 1, 130 K Connected TV: 610 k NET: 135 k Phone: 22 k 2001: db 8: 1256: a 4 da: : 4

Why I’m talking about NAT? ■ We have been providing NATed access service l since 1998 (before issued IPv 4 assignment guideline) l over 50, 000 customers are using NATed access => We have experience of operation of ten years ■ Proposals about LSN, NAT 444 LSN = Large Scale NAT (CGN, MUN) l JPOPM 13, APNIC 25 l IETF draft-shirasaki-isp-shared-addr draft-shirasaki-nat 444 -isp-shared-addr ■ Many ISPs examine introduction of LSN l 40 -50% of ISPs in Japan l for IPv 4 address exhaustion 2001: db 8: 1256: a 4 da: : 5

Scope of this presentation ■ Operational Advice of LSN from real-world experience l Technical and quantitative knowledge l Analysis actual equipment and traffic ■ Contents l Resource management (session number, size of storage) l Network design & Routing l Timing to deploy ■ Why? l We (our customer) will share an IPv 4 address in the future l We will have provided our services with the enough quality l 2 years after !! 2001: db 8: 1256: a 4 da: : 6

Network model: NAT 444 Internet v 4(G) v 6 ISP v 4(G) LSN(CGN) v 6 Any IPv 4 Address CPE CPE v 4(P) V 4(P) + v 6 http: //www. ietf. org/proceedings/09 mar/slides/opsarea-2_files/v 3_document. htm 2001: db 8: 1256: a 4 da: : 7

Technical Issue (1/5) port number ※ http: //www. nttv 6. jp/~miyakawa/IETF 72/IETF-IAB-TECH-PLENARY-NTT-miyakawa-extended. pdf How many sessions we should provide? 2001: db 8: 1256: a 4 da: : 8

Session numbers in consumer broadband access session number ■ ■ ■ Regional POP Night of the weekend Uniq addresses: 7, 300 observed TCP session about 360, 000 Time [sec] 2001: db 8: 1256: a 4 da: : 9

Session number per one IP address Analysis by network size, area and speed Statistical Multiplexing No correlation with access speed Area Difference ? /24 /22 area (1) 160 M HSD All area (2) ADSL FTTH 2001: db 8: 1256: a 4 da: : 10

Distribution of the port number (TCP) 80 135 25 443 It is reduced to half if Net. BIOS is denied 110 session number Number of times log Port number Time [sec] 2001: db 8: 1256: a 4 da: : 11

Conclusion of port numbers ■ Average of 50 -300 sessions per one user 　⇒ different by a condition (area, block size) ■ If the block is small, there are many sessions per user (Statistical Multiplexing) ■ Difference by regions (the class of users? ) ■ No correlation with access speed ■ It is reduced to half if Net. BIOS is denied 2001: db 8: 1256: a 4 da: : 12

Technical Issue (2/5) Logging Storage ■ Bit size per one session: about 48 bytes l Source IP Address + Port : 48 bit l Destination IP Address + Port : 48 bit l Translated IP Address + Port : 48 bit l Time stamp: 64 bit l Other information(status, information of NAT box, etc) ■ Actual observed flow(about 7, 000 addresses) TCP: 171, 378 flows, UDP: 458, 491 flows ⇒ about 40 GB? / day ⇒ about 14 TB? / year 2001: db 8: 1256: a 4 da: : 13

Technical Issue (3/5) Routing The Internet Default IPv 4 Global IPv 4 NATed (Private) Separate Policy Routing To LSN IPv 4 Global IPv 4 NATed (Private) Mixed 2001: db 8: 1256: a 4 da: : 14

Technical Issue (4/5) IP address Global Internet ISPs usually use 10/8 Default of most residential router is 192. 168. x. x ISP Network Home Network 10. x. x. x 192. 168. x. x 10. x. x. x 2001: db 8: 1256: a 4 da: : 15

Can ISPs use 10/8 for NAT? ■ Reserved for infrastructure l DOCSIS cable modems l Vo. IP Terminals l etc ■ Customer already use them l Enterprise customers 10. 2. 0. 0/16 l VPN service ISP 10. 1. 0. 0/16 2001: db 8: 1256: a 4 da: : 16

Communications between customers Src. IP = Global access alloed Src. IP = 10/8? access denied The Internet IPv 4 Global IPv 4 NATed (Private) 2001: db 8: 1256: a 4 da: : 17

Technical Issue (5/5) Time of Launch ONE IPv 4 address is shared by N users using LSN ⇒ Address consumption speed slows down 1/N Address Consumption Launch LSN time 2001: db 8: 1256: a 4 da: : 18

Address pool and Launch Timing ■ Current: 1, 000 addresses /month ■ After Launch LSN: 50 users share one address ⇒ 20 addresses / month Available addresses /24 (256) /22 (1024)　　 /21 (2048) 　　　　 remain of NAT pool 12 months 50 months 100 months Do you degrade of the existing service? Do you purchase the IP address? 2001: db 8: 1256: a 4 da: : 19

Summary: Technical Issues & Point of design ■ Management port number l We should focus on behavior of our customers • Hardly? Gently? l Many users share a large block • Effectively statistical multiplexing ■ Routing l Policy routing is used many depending on topology ■ IP address, Timing to deploy l If you can use 10/8, you should understood that some problems may occur. l You should reserve enough addresses for the translation. 2001: db 8: 1256: a 4 da: : 20