1. No category

Leone - IMDEA Networks Repository

Leone
From global measurements
to local management
NATalyser
inhome NAT detection
Miguel Ángel Díaz, Francisco Valera
METRIC OBJECTIVE
 General picture
EXTERNAL
NETWORKS
October 2014
Leone - From global measurements to local management
2
METRIC OBJECTIVE
 What : evaluate NATs characteristics and 'behave' RFC compliance
 General
picture
 The requirements are described in:
 RFC 5382 for TCP
 RFC 5508 for ICMP
 RFC 4787 for UDP
EXTERNAL
 Why: check possible problems for end user applications
NETWORKS

Are ISPs aware of this?
October 2014
Leone - From global measurements to local management
3
Testbed
 NATalyser has been executed on
various countries…
October 2014
Leone - From global measurements to local management
4
Testbed
 …and also with several router vendors
Count
14
12
10
8
6
4
2
13
6
3
3
1
4
2
1
4
6
7
6
1
Count
0
October 2014
Leone - From global measurements to local management
5
Requirements summary
table
 How much are the requirements met by the tested NATs?
UDP
Fullfilment
MA
91-100%
X
FIL
PP H
X
PPA
DB
MSI
X
X
X
81-90%
71-80%
ICMP
DFF
OO
SOO
X
X
LFTM
OR RR EE IE DU
X
X
TCP
TE P EH EI PO
X
X
MRI
X
MI H
X
X
X
X
X
61-70%
X
X
51-60%
< 51%
X
X
X
X
X
October 2014
Leone - From global measurements to local management
6
Remarkable results
 Overall picture
UDP
EXTERNAL
NETWORKS
8th October, 2013
Leone - From global measurements to local management
7
NAT behavioral requirements
for unicast UDP
 11 tests in order to discover how is the NAT behavioring
with UDP protocol ( RFC 4787)
1.
2.
3.
4.
5.
6.
7.
8.
9.
10.
11.
Type of mapping
Type of filtering
If the nat preserves the port
If there’s port parity
If the nat supports hairpinning
If the nat has a deterministic behavior
If icmp errors breaks the mapping
If there’s support of don’t fragment flag
If the nat supports receiving out of order
If the mapping has a lifetime over 2 minutes
If the nat renew the mapping with outbounds packets
October 2014
Leone - From global measurements to local management
8
RemarkableIt’sresults
for
UDP
the unique
ENDPOINT INDEPENDENT
 On the mappingThomson
test routerADDRESS
on all DEPENDENT
56
0
the testbed
ADDRESS AND PORT
DEPENDENT
1
Technicolor
ADB Broadband Italia
A.P.D. ISPs
Arcadyan Technology Corp.
1
AVM GmbH
Cisco-Linksys, LLC
Huawei Technologies Co., Ltd
A.P.D. Vendors
Industrie Dial Face S.p.A.
1
NEC AccessTechnica, Ltd.
NETGEAR
Pirelli Tyre S.p.A
E.P. ISPs
19
35
11
SAGEM COMMUNICATION
Thomson Telecom Belgium
UnKnown
Bt Public Internet Service
E.P. Vendors
13
6
3
3 1
4
2 1
4
6
7
6
Telecom Italia S.p.a.
Biglobe Inc.
0
10
20
30
40
50
60
The Hebrew University Of
Jerusalem
Remarkable results for UDP
 If the mapping is not Endpoint-independent
 Could be problems with UNSAF (Unilateral Self-Address
Fixing) methods, as it is said on the RFC 3424
October 2014
Leone - From global measurements to local management
10
Remarkable results for UDP
APD: ADDRESS AND PORT
DEPENDENT
 On the filtering test
AD: ADDRESS DEPENDENT
EP: ENDPOINT
INDEPENDENT
A.P.D. ISPs
19
21
43
1
13
Technicolor
11
ADB Broadband Italia
Arcadyan Technology Corp.
A.P.D. Vendors
6
3
3
1
4
2 1
3
6
7
1
AVM GmbH
6
Cisco-Linksys, LLC
A.D. ISPs
1
A.D. Vendors
1
E.P. ISPs
1
Huawei Technologies Co., Ltd
On the rest of them as
Industrie Dial Face S.p.A.
they are more restrictive
The 13 probes of Telecom Italia that NEC AccessTechnica, Ltd.
are from the vendor Technicolor has anNETGEAR
Pirelli Tyre S.p.A
One out
of the four NETGEAR
that is
Endpoint
Independent
filtering behavior
from Telecom Italia, maybe due to aSAGEM COMMUNICATION
Thomson Telecom Belgium
differentwith
model?
Known problems
Endpoint- UnKnown
Independent filtering (RFC 4787) Bt Public Internet Service
13
Telecom Italia S.p.a.
E.P. Vendors
Biglobe Inc.
13
The Hebrew University Of Jerusalem
0
10
20
30
40
50
Remarkable results for UDP
 Example of problems with the filtering (RFC 4787)
The unauthorized
packet could go through
this open port if it has
endpoint-independent
filtering (with luck)
X port
EXTERNAL
NETWORKS
Imagine that
this router has
an open port
October 2014
Leone - From global measurements to local management
12
Remarkable results for UDP
 On the preserve port test
Preserve Port
43
Does not preserve port
14
Technicolor
NOT P.P. ISPs
2
ADB Broadband Italia
13
Technicolor does
not preserve port
NOT P.P. Vendors
13
Arcadyan Technology Corp.
AVM GmbH
Cisco-Linksys, LLC
Huawei Technologies Co., Ltd
1
Industrie Dial Face S.p.A.
NEC AccessTechnica, Ltd.
NETGEAR
Pirelli Tyre S.p.A
P.P. ISPs
18
22
11
SAGEM COMMUNICATION
Thomson Telecom Belgium
UnKnown
Bt Public Internet Service
P.P. Vendors
6
3
3 1
4
2 1
4
6
7
6
Telecom Italia S.p.a.
Biglobe Inc.
The Hebrew University Of Jerusalem
0
10
20
30
40
50
Remarkable results for UDP
 On the Don’t fragment flag test
DONT FRAGMENT FLAG support
46
Not
11
Technicolor
NOT ISPs
NOT Vendors
6
4
ADB Broadband Italia
11
The Hebrew university of
Jerusalem (vendor NEC
Access) and Biglobe Inc.
hasmay
theirmean:
routers on a
No icmp
“Don’t fragment” flag
1. No support
need to behavior
fragmentof No.
Thomson
Telecom and
2.
A real
unsupport
for DF=1
31
Cisco are only on this
behavior
111 2 2 1 3
D.F. ISPs
14
Arcadyan Technology Corp.
AVM GmbH
Cisco-Linksys, LLC
Huawei Technologies Co., Ltd
Industrie Dial Face S.p.A.
NEC AccessTechnica, Ltd.
NETGEAR
Pirelli Tyre S.p.A
SAGEM COMMUNICATION
Thomson Telecom Belgium
UnKnown
Bt Public Internet Service
D.F. Vendors
13
6
3
3
4
1 2
6
5
Telecom Italia S.p.a.
3
Biglobe Inc.
The Hebrew University Of Jerusalem
0
10
20
30
40
50
Remarkable results for UDP
 All of them reported that the NAT has a outbound
mapping lifetime renueval behavior of true
Technicolor
ADB Broadband Italia
NOT ISPs
Arcadyan Technology Corp.
AVM GmbH
Cisco-Linksys, LLC
Huawei Technologies Co., Ltd
NOT Vendors
Industrie Dial Face S.p.A.
NEC AccessTechnica, Ltd.
NETGEAR
Pirelli Tyre S.p.A
O.R. ISPs
20
35
11
SAGEM COMMUNICATION
Thomson Telecom Belgium
UnKnown
Bt Public Internet Service
O.R. Vendors
13
6
3
3
1
4
2 1
4
6
7
1
6
Telecom Italia S.p.a.
Biglobe Inc.
The Hebrew University Of Jerusalem
0
10
20
30
40
50
Remarkable results for UDP
 All of the probes report that their NATs dont have a
mapping over lifetime > 2 minutes
Technicolor
NOT ISPs
20
35
11
ADB Broadband Italia
Arcadyan Technology Corp.
AVM GmbH
Cisco-Linksys, LLC
NOT Vendors
13
6
3
3 1
4
2 1
4
6
7
1
6
Huawei Technologies Co., Ltd
Industrie Dial Face S.p.A.
NEC AccessTechnica, Ltd.
NETGEAR
Pirelli Tyre S.p.A
M.L. ISPs
SAGEM COMMUNICATION
Thomson Telecom Belgium
UnKnown
Bt Public Internet Service
M.L. Vendors
Telecom Italia S.p.a.
Biglobe Inc.
The Hebrew University Of Jerusalem
0
10
20
30
40
50
Remarkable results
 Overall picture
ICMP
EXTERNAL
NETWORKS
8th October, 2013
Leone - From global measurements to local management
19
Remarkable results for ICMP
 7 tests to check the behavior of the NAT device using
ICMP protocol
1.
2.
3.
4.
5.
6.
7.
If the NAT handle ICMP queries and their associated responses
If the NAT support error packets from external realm when there is a
mapping
If the NAT support error packets from internal realm when there is a
mapping
Support of Destination Unrecheable packet error
Support of Time Excedeed packet error
Support for ping
Support of hairpinning ICMP error packets
October 2014
Leone - From global measurements to local management
20
Remarkable results for ICMP
 On the reply/request test
REQUEST/REPLY
19
NOT
38
Technicolor
ADB Broadband Italia
NOT ISPs
1
35
Arcadyan Technology Corp.
11
AVM GmbH
Cisco-Linksys, LLC
NOT Vendors
Maybe Its because something in the middle
of 6the communication
has
filtered the
3 1 2 1 3
6
3
packet?
13
RR ISPs
19
RR Vendors
3
0
4
1
7
10
Telecom Italia has all
of the routers with the
icmp request filtered.It
Technicolor, Adb Italia,
AVM, Cisco, NEC, Dial is the same for
and Pirelly vendors haveBiglobe and the
also the request/replyHebrew University
1
3
feature filtered
20
30
Huawei Technologies Co.,
Ltd
Industrie Dial Face S.p.A.
NEC AccessTechnica, Ltd.
NETGEAR
Pirelli Tyre S.p.A
SAGEM COMMUNICATION
Thomson Telecom Belgium
UnKnown
Bt Public Internet Service
Telecom Italia S.p.a.
Biglobe Inc.
40
50
The Hebrew University Of
Jerusalem
Remarkable results for ICMP
 Example of problems with the error hairpinning
The server
generates an error
packet
If the Nat doesn’t do the
hairpinning, the original
app won’t have any
notification about the
error
EXTERNAL
NETWORKS
Sends a packet
to the server
through the
Leone - From global measurements to local management
public IP
October 2014
23
Remarkable results for ICMP
 On the error packet hairpinning test
ERROR HAIRPINNING
29
Not
28
Technicolor
ADB Broadband Italia
NOT ISPs
11
16
1
Arcadyan Technology Corp.
All Pirelly and ADB routers
do error
AVM GmbH
hairpining. Also Arcadyan,Cisco-Linksys,
AVM, LLC
Cisco,
Huawei and NEC
do.Technologies Co., Ltd
Huawei
NOT Vendors
12
1
3
6
1
5
Industrie Dial Face S.p.A.
It seems to be a very specific requirement and
seems not to be implemented everywhere
NEC AccessTechnica, Ltd.
NETGEAR
Pirelli Tyre S.p.A
EH ISPs
9
19
1
SAGEM COMMUNICATION
Thomson Telecom Belgium
UnKnown
Bt Public Internet Service
EH Vendors
1
6
3
3
1
4
111
6
11
Telecom Italia S.p.a.
Biglobe Inc.
0
10
20
30
40
50
The Hebrew University Of
Jerusalem
Remarkable results for ICMP
 On the time exceded error test
TIME EXCEDEED
48
Not
9
Technicolor
NOT ISPs
ADB Broadband Italia
9
Arcadyan Technology Corp.
NOT Vendors
2
4
AVM GmbH
Arcadyan, Sagem
and Huawei (this last
has no representation
on support)
3
Cisco-Linksys, LLC
Huawei Technologies Co., Ltd
Industrie Dial Face S.p.A.
NEC AccessTechnica, Ltd.
NETGEAR
Pirelli Tyre S.p.A
T.E. ISPs
11
35
11
SAGEM COMMUNICATION
Thomson Telecom Belgium
UnKnown
Bt Public Internet Service
T.E Vendors
13
6
1
3
1 2 1
4
6
4
1
Telecom Italia S.p.a.
6
Biglobe Inc.
The Hebrew University Of Jerusalem
0
10
20
30
40
50
Remarkable results
 Overall picture
TCP
EXTERNAL
NETWORKS
8th October, 2013
Leone - From global measurements to local management
27
Remarkable results for TCP
 5 tests to check the behavior of the NAT device using
TCP protocol
1.
2.
3.
4.
5.
If the mapping has endpoint-independent behavior
If the Nat is overloading ports
If the mapping resists icmp packets
If the Nat performs the requirement to the multiple initiation
If the Nat supports hairpinning
TCP
October 2014
Leone - From global measurements to local management
28
Remarkable results for TCP
 On the mapping test
NOT
ISPs
1
ENDPOINT INDEPENDENT
43
Not
14
Technicolor vendor is not
doing Endpoint
independent mapping
13
Technicolor
ADB Broadband Italia
Arcadyan Technology Corp.
AVM GmbH
Cisco-Linksys, LLC
NOT
Vend
ors
13
1
E.P.
ISPs
Huawei Technologies Co.,
Ltd
Industrie Dial Face S.p.A.
Thomson (BT)
is not
implementing
it either
19
NEC AccessTechnica, Ltd.
NETGEAR
22
Pirelli Tyre S.p.A
1 1
SAGEM COMMUNICATION
Thomson Telecom Belgium
UnKnown
E.P.
Vend
ors
6
3
3
1
4
2 1
4
6
7
6
Bt Public Internet Service
Telecom Italia S.p.a.
0
10
20
30
40
29
50
Biglobe Inc.
The Hebrew University Of
Jerusalem
Remarkable results for TCP
 On the hairpinning test
Technicolor
NOT ISPs
20
34
11
ADB Broadband Italia
Arcadyan Technology Corp.
AVM GmbH
Cisco-Linksys, LLC
NOT Vendors
13
6
3
3 1
4
2 1 3
6
7
1
6
Huawei Technologies Co., Ltd
Industrie Dial Face S.p.A.
NEC AccessTechnica, Ltd.
NETGEAR
H. ISPs
From Telecom Italia and
Netgear vendor
1
Pirelli Tyre S.p.A
SAGEM COMMUNICATION
Thomson Telecom Belgium
UnKnown
Bt Public Internet Service
H. Vendors
Telecom Italia S.p.a.
1
Biglobe Inc.
The Hebrew University Of Jerusalem
0
10
20
30
40
31
50
> 50% on fulfillment by
vendor
Majority by vendor
UDP
ICMP
Fullfilment
MA
FIL
PP
H
PPA
DB
MSI
DFF
OO
SOO
LFTM
OR
RR
EE
Technicolor
X
X
X
X
X
X
X
X
-
X
-
X
-
ADB Broadband Italia
X
-
-
X
X
X
X
X
-
X
-
X
Arcadyan Technology Corp.
X
-
-
X
X
X
X
X
-
X
-
AVM GmbH
X
-
-
X
X
X
X
X
-
X
Cisco-Linksys, LLC
X
-
-
X
X
X
X
-
-
Huawei Technologies Co., Ltd
X
-
-
X
X
X
X
X
Industrie Dial Face S.p.A.
X
-
-
X
X
X
X
NEC AccessTechnica, Ltd.
X
-
-
X
X
X
NETGEAR
X
-
-
X
X
Pirelli Tyre S.p.A
X
-
-
X
SAGEM COMMUNICATION
X
-
-
Thomson Telecom Belgium
-
-
UnKnown
X
-
IE
TCP
DU
TE
P
EH
EI
PO
MRI
MI
H
X
X
X
-
-
-
X
X
X
-
-
X
X
X
-
X
X
X
X
X
-
X
X
X
X
-
X
X
X
X
X
X
-
-
X
-
X
X
X
-
X
X
X
X
X
-
X
-
X
-
X
X
X
-
X
X
X
X
X
-
-
X
-
X
X
X
X
-
X
X
X
X
X
X
-
X
-
X
-
X
-
X
X
X
-
=
X
X
X
X
-
X
-
-
X
-
X
-
X
X
X
-
X
X
X
X
X
-
X
X
=
-
X
-
X
-
X
X
X
-
-
X
X
X
X
-
X
X
X
X
-
X
-
X
-
X
X
X
-
X
X
X
X
X
-
X
X
X
X
X
-
X
-
X
X
X
X
X
X
-
X
X
X
X
-
X
X
X
X
X
-
-
X
-
X
X
X
X
X
X
-
-
X
X
X
-
-
X
X
X
X
=
-
X
-
X
=
X
X
X
=
-
X
X
X
X
-
Those that best meet the RFCs
> 50% on fulfillment by
vendor
Majority by vendor
UDP
ICMP
Fullfilment
MA
FIL
PP
H
PPA
DB
MSI
DFF
OO
SOO
LFTM
OR
RR
EE
Technicolor
X
X
X
X
X
X
X
X
-
X
-
X
-
ADB Broadband Italia
X
-
-
X
X
X
X
X
-
X
-
X
Arcadyan Technology Corp.
X
-
-
X
X
X
X
X
-
X
-
AVM GmbH
X
-
-
X
X
X
X
X
-
X
Cisco-Linksys, LLC
X
-
-
X
X
X
X
-
-
Huawei Technologies Co., Ltd
X
-
-
X
X
X
X
X
Industrie Dial Face S.p.A.
X
-
-
X
X
X
X
NEC AccessTechnica, Ltd.
X
-
-
X
X
X
NETGEAR
X
-
-
X
X
Pirelli Tyre S.p.A
X
-
-
X
SAGEM COMMUNICATION
X
-
-
Thomson Telecom Belgium
-
-
UnKnown
X
-
IE
TCP
DU
TE
P
EH
EI
PO
MRI
MI
H
X
X
X
-
-
-
X
X
X
-
-
X
X
X
-
X
X
X
X
X
-
X
X
X
X
-
X
X
X
X
X
X
-
-
X
-
X
X
X
-
X
X
X
X
X
-
X
-
X
-
X
X
X
-
X
X
X
X
X
-
-
X
-
X
X
X
X
-
X
X
X
X
X
X
-
X
-
X
-
X
-
X
X
X
-
=
X
X
X
X
-
X
-
-
X
-
X
-
X
X
X
-
X
X
X
X
X
-
X
X
=
-
X
-
X
-
X
X
X
-
-
X
X
X
X
-
X
X
X
X
-
X
-
X
-
X
X
X
-
X
X
X
X
X
-
X
X
X
X
X
-
X
-
X
X
X
X
X
X
-
X
X
X
X
-
X
X
X
X
X
-
-
X
-
X
X
X
X
X
X
-
-
X
X
X
-
-
X
X
X
X
=
-
X
-
X
=
X
X
X
=
-
X
X
X
X
-
Those that worst meet the RFCs
> 50% on fulfillment by ISP
Majority by ISP
UDP
ICMP
Fullfilment
MA
FIL
PP
H
PPA
DB
MSI
DFF
OO
SOO
LFTM
OR
RR
EE
Bt Public Internet Service
X
-
X
X
X
X
X
X
-
X
-
X
X
Telecom Italia S.p.a.
X
-
X
X
X
X
X
X
-
X
-
X
Biglobe Inc.
X
-
X
X
X
X
X
-
-
X
-
The Hebrew University Of Jerusalem
X
-
X
X
X
X
X
-
-
X
-
IE
TCP
DU
TE
P
EH
EI
PO
MRI
X
X
X
X
-
X
X
X
X
X
-
X
X
X
-
X
X
X
X
X
X
X
-
X
X
X
-
X
X
X
X
X
X
X
-
X
X
X
-
-
X
X
X
X
X
October 2014
Leone - From global measurements to local management
34
MI H
Conclusions
 NATalyser has been executed on Sam’s testbed with some
interesting results
 In the future NATalyser will be improved
 Support for more platforms
 Java applet
 Windows
 Android
 Use it with different NAT environment
 Residential environments
 Public open networks
 Public registration network
October 2014
Leone - From global measurements to local management
35

 Download  Report

Paperzz.com

Your Paperzz

© Copyright 2026 Paperzz