Cullen Jennings’s Presentation at eComm 2009

© 2008 Cisco Systems, Inc. All rights reserved. Cisco PublicPresentation_ID 2

NATsGood, Bad, and Complicated

How your ISP plans to "Help” you, and break the InternetHow your ISP plans to "Help” you, and break the Internet

Cullen Jennings <[email protected]>Cullen Jennings <[email protected]>


IPv4 Completion

True or False: Stanford has more address than China? [Graphs as of Nov 2008 from www.potaroo.net]

World as weknow it ends

Real Soon Now

World as weknow it ends

Real Soon Now


What NATs do: 10,000 Foot View

Allow several session to different devices behind that NAT to look like multiple sessions from a single device to outside world

NAT looks like a router to devices inside the NAT

NAT looks like a single host to devices outside the NAT

Outside

Inside


Carrier Grade NAT

What does “Carrier Grade” mean?

Carriers run it

It is big and fast

It can do policy

It is not on the edge of the network


NAT Traversal


The Problem

Cullen

cisco.com skype.com

Jonathan

SIP

RTP

INVITEINVITE

INVITE

RTP


Hole Punching

Works for NATs with:

address independent mapping and address independent filtering

EchoServerEcho

Server

N

PeerPeer1) What’s my address?

2) You are at N:100

3) Send to N:100

4) Data


Media Relay

Works with all NATs

Requires bandwidth for relay and adds latency

RelayServerRelayServer

N

PeerPeer1) Give me a port

2) You can use R:100

3) Send to R:100

4) Data

R


The Latency Problem

Communication is often between parties in same geography

When parties are separated, relay is often off path

Human communications work best at < 150ms latency

Games require even less latency

TokyoTokyo

RELAY

A B

Taipei

45 ms 45 ms

20 ms

Taipei

150 ms AmsterdamSan Jose

RELAY

A B

140 ms 280 ms


ICERelayServerRelayServer

N

PeerPeer

1) Gather Address• P:100 private• N:200 from Echo• R:300 from Relay

4) Choose•Use N:200

2) Try all ofP:100, N:200, R:300

3) Check connectivity

R

P

EchoServerEcho

Server

3) Check connectivity


NATs, Carriers, And you


Carrier Grade NAT “Features”

Limit number of connections per user (more for “Gold” users)

Point to rate shape bandwidth

Small timeout to reduce attacks on “guessed ports”

Block “unsafe” ports like 25

Protect Identity with anonymous streams.

No longer possible to correlate same person surfs

http://www.flickr.com/photos/cullenfluffyjennings

http://www.adultsheepfinder.com

http://www.flickr.com/photos/cullenfluffyjennings


AJAX

Over 30 TCP Connections for Google map

Bittorrent uses many TCP connections

Future applications will use far more connections

Applications will be “connected” more often

Each user will have more “applications” at same time

How many IM session do you have open?


[Graphs as of Nov 2008 from www.potaroo.net]

IPv4 Completion


Example Large ISP Address Usage

May 2008, Comcast said it would need over 100 Million IP in near future

For each subscriber have 8 IP address with 20 Million video customers

• 1 Cable Modem

• 1 Home Router

• 1 Voice MTA

• 2 per Set Top Box with 2.5 STB/ customer


Good News / Bad News

Cullen Jennings’s Presentation at eComm 2009

Technology

Transcript of Cullen Jennings’s Presentation at eComm 2009