Cullen Jennings’s Presentation at eComm 2009


Published on

How Your ISP Plans to "Help" You, and Break the Internet

Published in: Technology, Education
  • Be the first to comment

  • Be the first to like this

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide

Cullen Jennings’s Presentation at eComm 2009

  1. 2. NATs Good, Bad, and Complicated How your ISP plans to &quot;Help” you, and break the Internet Cullen Jennings <>
  2. 3. IPv4 Completion <ul><li>True or False: Stanford has more address than China? </li></ul><ul><li>[Graphs as of Nov 2008 from] </li></ul>World as we know it ends Real Soon Now
  3. 4. What NATs do: 10,000 Foot View <ul><li>Allow several session to different devices behind that NAT to look like multiple sessions from a single device to outside world </li></ul><ul><li>NAT looks like a router to devices inside the NAT </li></ul><ul><li>NAT looks like a single host to devices outside the NAT </li></ul>Outside Inside
  4. 5. Carrier Grade NAT <ul><li>What does “Carrier Grade” mean? </li></ul><ul><ul><li>Carriers run it </li></ul></ul><ul><ul><li>It is big and fast </li></ul></ul><ul><ul><li>It can do policy </li></ul></ul><ul><ul><li>It is not on the edge of the network </li></ul></ul>
  5. 6. NAT Traversal
  6. 7. The Problem Cullen Jonathan SIP RTP INVITE INVITE INVITE RTP
  7. 8. Hole Punching <ul><li>Works for NATs with: </li></ul><ul><ul><li>address independent mapping and address independent filtering </li></ul></ul>Echo Server N Peer 1) What’s my address? 2) You are at N:100 3) Send to N:100 4) Data
  8. 9. Media Relay <ul><li>Works with all NATs </li></ul><ul><li>Requires bandwidth for relay and adds latency </li></ul>Relay Server N Peer 1) Give me a port 2) You can use R:100 3) Send to R:100 4) Data R
  9. 10. The Latency Problem <ul><li>Communication is often between parties in same geography </li></ul><ul><li>When parties are separated, relay is often off path </li></ul><ul><li>Human communications work best at < 150ms latency </li></ul><ul><ul><li>Games require even less latency </li></ul></ul>Tokyo Tokyo Taipei 45 ms 45 ms 20 ms Taipei 150 ms Amsterdam San Jose 140 ms 280 ms RELAY A B RELAY A B
  10. 11. ICE Relay Server N Peer <ul><li>Gather Address </li></ul><ul><li>P:100 private </li></ul><ul><li>N:200 from Echo </li></ul><ul><li>R:300 from Relay </li></ul><ul><li>4) Choose </li></ul><ul><li>Use N:200 </li></ul>2) Try all of P:100, N:200, R:300 3) Check connectivity R P Echo Server 3) Check connectivity
  11. 12. NATs, Carriers, And you
  12. 13. Carrier Grade NAT “Features” <ul><li>Limit number of connections per user (more for “Gold” users) </li></ul><ul><li>Point to rate shape bandwidth </li></ul><ul><li>Small timeout to reduce attacks on “guessed ports” </li></ul><ul><li>Block “unsafe” ports like 25 </li></ul><ul><li>Protect Identity with anonymous streams. </li></ul><ul><ul><li>No longer possible to correlate same person surfs </li></ul></ul><ul><ul><li> </li></ul></ul><ul><ul><li> </li></ul></ul>
  13. 14. AJAX <ul><li>Over 30 TCP Connections for Google map </li></ul><ul><li>Bittorrent uses many TCP connections </li></ul><ul><li>Future applications will use far more connections </li></ul><ul><li>Applications will be “connected” more often </li></ul><ul><li>Each user will have more “applications” at same time </li></ul><ul><li>How many IM session do you have open? </li></ul>
  14. 15. IPv4 Completion [Graphs as of Nov 2008 from]
  15. 16. Example Large ISP Address Usage <ul><li>May 2008, Comcast said it would need over 100 Million IP in near future </li></ul><ul><li>For each subscriber have 8 IP address with 20 Million video customers </li></ul><ul><ul><li>1 Cable Modem </li></ul></ul><ul><ul><li>1 Home Router </li></ul></ul><ul><ul><li>1 Voice MTA </li></ul></ul><ul><ul><li>2 per Set Top Box with 2.5 STB/ customer </li></ul></ul>
  16. 17. Good News / Bad News