Hey folks,
I am an applied mathematics grad student working on coming up with better Internet models, so I apologize preemptively, as my way of thinking about network configuration is very possibly wrong/inaccurate and my vocabulary clumsy.
Anyway, as part of a research project, I am interested in detecting whether some clients are hosted behind a CGNAT. The only information I have access to is the source IP address as observed by my server and traceroutes from the clients to my server at a random interval. I do not have a ground truth to validate the quality of my inferences, which makes the problem even more challenging. I thought the best way to get a better understanding of what I could potentially observe from my traceroute is to ask directly the people behind those configurations, so I am hoping that there are people that might have answers to my questions on this Subreddit!
I have started by eyeballing my traceroutes and noticed a few interesting patterns that I would like to validate:
1) Observing two different sets of private IP addresses (e.g. 192.x.x.x followed by 10.x.x.x) does not always imply the existence of a CGNAT. Clients can configure their NAT the way they want, and large networks such as companies are sometimes leveraging those IP addresses to set up their own topology.
2) The number of clients is exponentially higher behind a CGNAT than behind a standard customer NAT resulting in a more complex IP-level topology before the first public IP address observed by a traceroute.
3) It is possible to configure the routers between the router doing the client NAT translation and the one doing the carrier-grade NAT translation with public IP address, but it is very unlikely and defeats the purpose of CGNATing (reducing public IP address used).
4) It is safe to say that every private IP address at the beginning of a traceroute correspond to routers and devices that are hosted by the AS of the source IP address observed by my server.
5) Building on 4 and 5, that means by extension that detecting CGNAT requires only to look at the private IP addresses portion of my traceroute.
6) Assuming that I could run traceroute measurements from all the devices behind a CGNAT and that we had no shenanigans from my traceroute measurements. I can build a graph $G$ where the nodes are the first few private IP addresses and the first public IP address of a set of traceroute, and the edges are corresponding to adjacent hops. A CGNAT deployment would result in a tree-like structure where the first layer would consist of the client premise NAT, the second layer would be the internal topology of the ISP, the third layer would funnel toward the ingress of the routers hosting the IP addresses used for the CGNAT pooling (i.e. the public addresses observed by my server).
Do those assumptions make sense? As people deploying CGNAT in the wild, what are your expectations from this set of measurements? I would love to hear all of your opinions!
Thanks in advance, and thanks again to this Subreddit for helping me to better understand a lot of networking concepts through the prism of the operators (versus pure academic reading)!
No comments:
Post a Comment