Tuesday, December 10, 2013

CoNext HotMiddlebox: Analysis and Topology-based Traversal of Cascaded Large Scale NATs

Andreas Müller, Florian Wohlfart, and Georg Carle (TU Munich)

Presenter: Andreas Müller

There is no more free /8 block in IPv4. What can we do until IPv6 take over ? Large scale NAT deployment is a solution. Problem for ISPs, they run out of addresses but they have to still provide access to IPv4 content as well as the new IPv6 content. Operators deploy cascaded NATs to use private IP addresses between the CPE and the Large Scale NAT in the operator’s network. Another solution also exists where only one NAT is used in the operator network.

The goal of the paper is to detect such cascade NATs. Control based solution like UPnP are not an option when you have multiple levels of NAT so a behavior-based solution (Hole punching) has a higher success rate but is difficult to apply with cascaded NAT at the provider.

Main goals:
- Learn about LSN deployment, find an algorithm to detect stateful middleboxes on the path
- Improve LSN traversal by using those informations

The main contribution of the paper is the LSN discovery algorithm based on a software deployed in the client and the server, treating the intermediates nodes (the topology) as a blackbox.

The algorithm is roughly as follows (more detailed in the paper):
- establish multiple mappings (UDP)
- traceroute to count #hops
- remove mapping: UDP: timeout, TCP: RST.
- count number of hops and detect stateful middleboxes
- Iterate until reach all hops on the path.

The authors implemented a UDP-based algorithm (NAT-analyzer) and asked people to run from various type of networks. Over 4810 tested connections, 93% completed all the general tests where 53% completed the new topology analysis algorithm.

Results for UPnP:
- 30% of the tested hosts had UPnP enabled;
- in 26.5% of these connections there is a difference between the UPnP IP address and the public address (LSN ?);
- Stange: public IP address used by UPnP maybe due to a HTTP proxy (not sure)?
- Cascade NAT in operators are mainly present in LTE networks (~50% of the 1% cases);

The presenter showed some results using the algorithm based on hole punching. There were some issues due to operators blocking ICMP (40% in DSL).

As a conclusion, LSN as one way for the transition to IPv6 but it breaks existing traversal solutions.

Q: What was the largest number of NATs ?
A: Around 5 (not sure). Maybe due to biased results that were difficult to understand.

Q: Have you found middleboxes that would break the TTL ?
A: there are middleboxes that just doesn’t decrement the TTL

Q: How you do when timeout are differents on cascade NAT.
A: send probe from server to client with a TTL.

Q: Did you find any pooling, with nat and some path that appeared and disappeared
A: No.