CGN Logging: Horror Stories & Happy Endings Chris Grundemann :: NANOG 54 :: 7 February 2012

CGN Logging

•  Horror Stories o  CGN logs required o  Testing results

•  Happy Endings o  Current options o  Deterministic reservation

Cable Television Laboratories, Inc. 2012. All Rights Reserved. Proprietary/Confidential. 2/9/12 2

Identity Traceback Illustration

: 10.0.0.1

: 10.0.0.2

DHCP Log A:10.0.0.1 B:10.0.0.2 C:10.0.0.3

Webserver log 204.57.36.2:4567 - - [10/Oct/2010:13:55:36 -0700] "GET /illegal.html HTTP/1.0" 200 2326

CGN Log 10.0.0.2:1234 -> 204.57.36.2:4567 [10/Oct/2010:13:55:36 -0700] 10.0.0.1:1234 -> 204.57.36.2:2345 [10/Oct/2010:13:55:38-0700] 10.0.0.3:4356 -> 204.57.36.2:3456 [10/Oct/2010:13:55:45 -0700] 10.0.0.2:3456 -> 204.57.36.2:4569 [10/Oct/2010:13:55:47 -0700] 2/9/12 Cable Television Laboratories, Inc. 2012. All Rights Reserved. Proprietary/Confidential. 3

CGN Testing Background

•  CableLabs first conducted CGN testing in 2010 •  Second round June – Sep, 2011

o  Both NAT444 and DS-Lite

•  Additional CGN testing in IPv6 interop events •  Logging has been one aspect of testing

2/9/12 Cable Television Laboratories, Inc. 2012. All Rights Reserved. Proprietary/Confidential. 4

CGN Logging Feature Highlights •  Remote reporting supports Syslog only •  Template for logging is currently not configurable •  Syslog facility is configurable •  Data fields include: Time Stamp, Source IP/Port, NAT

IP/Port, Destination IP/Port, Host Name o  173 – 542 bytes (DS-Lite) o  150 – 450 bytes (NAT444)

2/9/12 Cable Television Laboratories, Inc. 2012. All Rights Reserved. Proprietary/Confidential. 5

CGN Logging (DS-Lite)

2/9/12 Cable Television Laboratories, Inc. 2012. All Rights Reserved. Proprietary/Confidential. 6

CGN Logging (NAT444)

2/9/12 Cable Television Laboratories, Inc. 2012. All Rights Reserved. Proprietary/Confidential. 7

The Horror (log volumes)

150 - 450 bytes/connection + 33k - 216k connections per sub per day

-------------------------------------------------------------- 5 - 96 MB / user / day

That’s potentially over 1 PB per 1M subs per month It’s also over 20Mbps for just the log stream…

Cable Television Laboratories, Inc. 2012. All Rights Reserved. Proprietary/Confidential. 2/9/12 8

Log Reduction Strategies

•  Port block reservations o  Reduce logging up to 100x

•  Log compression o  Reduces volume, but not search time

•  Deterministic reservation o  See next slide…

2/9/12 Cable Television Laboratories, Inc. 2012. All Rights Reserved. Proprietary/Confidential. 9

Proposal: Deterministic Port Reservation

•  draft-donley-behave-deterministic-cgn •  Collect inside range, outside range, compression ratio

o  Compression ratio ≥ inside/outside o  Inside range/compression ratio = ports/user o  Set aside well-known ports (<1024) & dynamic overflow range o  Pre-reserve port ranges for each internal IP address o  Allow dynamic reservation above that threshold

•  Remote logging only required for dynamic reservations •  Still need state logging locally for every active connection

•  Limitation: Requires low compression ratios 2/9/12 Cable Television Laboratories, Inc. 2012. All Rights Reserved. Proprietary/Confidential. 10

The Happy Ending…

IP 1, Port Pool 1

IP 1, Port Pool 2

IP 1, Port Pool 3

CGN Device

Subscriber 1 (DHCP STP Address 1)

Subscriber 2 (DHCP STP Address 2)

Subscriber 3 (DHCP STP Address 3) C

GN

Map

ping

Ta

ble

IP 1, Port Pool 4 Subscriber 4

(DHCP STP Address 4)

IP 1 Reserved Pool

IP 1 Bulk Pool

Pool exhausted

CG

N M

appi

ng

Tabl

e

Reserved Port (e.g. 80)

DHCP

Logging Required

Static, PCP, portal, etc.

2/9/12 Cable Television Laboratories, Inc. 2012. All Rights Reserved. Proprietary/Confidential. 11

Questions?

Chris Grundemann c.grundemann@cablelabs.com

2/9/12 Cable Television Laboratories, Inc. 2012. All Rights Reserved. Proprietary/Confidential. 12