Network Working Group Z. Li Internet-Draft H. Guo Intended status: Standards Track C. Liu Expires: January 17, 2013 China Telecom W. Liu Z. Zhang Huawei Technologies July 16, 2012 Experience from NAT44 Translation Testing draft-li-behave-nat444-test-01 Abstract This document describes the testing result of CGN device in Wuxi Branch of China Telecom, by providing an overview of support situation of CGN for getting applications through NAT. The CGN device is from Huawei and the test environment is a real network in Wuxi China. Requirements Language The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in . Status of this Memo This Internet-Draft is submitted in full conformance with the provisions of BCP 78 and BCP 79. Internet-Drafts are working documents of the Internet Engineering Task Force (IETF). Note that other groups may also distribute working documents as Internet-Drafts. The list of current Internet- Drafts is at http://datatracker.ietf.org/drafts/current/. Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress." This Internet-Draft will expire on January 17, 2013. Copyright Notice Copyright (c) 2012 IETF Trust and the persons identified as the document authors. All rights reserved. Li, et al. Expires January 17, 2013 [Page 1] Internet-Draft NAT44-test July 2012 This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (http://trustee.ietf.org/license-info) in effect on the date of publication of this document. Please review these documents carefully, as they describe your rights and restrictions with respect to this document. Code Components extracted from this document must include Simplified BSD License text as described in Section 4.e of the Trust Legal Provisions and are provided without warranty as described in the Simplified BSD License. Table of Contents 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 4 2. Terminology . . . . . . . . . . . . . . . . . . . . . . . . . 4 3. Testbed Overview . . . . . . . . . . . . . . . . . . . . . . . 4 3.1. A general topology for NAT444 testing . . . . . . . . . . 5 3.2. Testbed Description . . . . . . . . . . . . . . . . . . . 7 4. Applications Testing Overview . . . . . . . . . . . . . . . . 8 4.1. Instant message applications . . . . . . . . . . . . . . . 8 4.1.1. Microsoft Messenger . . . . . . . . . . . . . . . . . 8 4.1.2. skype . . . . . . . . . . . . . . . . . . . . . . . . 8 4.1.3. Other IM . . . . . . . . . . . . . . . . . . . . . . . 9 4.2. Web browsing . . . . . . . . . . . . . . . . . . . . . . . 9 4.2.1. www.google.com . . . . . . . . . . . . . . . . . . . . 9 4.2.2. Other web browsings . . . . . . . . . . . . . . . . . 10 4.3. Online gaming . . . . . . . . . . . . . . . . . . . . . . 10 4.3.1. QQ online gaming . . . . . . . . . . . . . . . . . . . 10 4.3.2. Other online gaming . . . . . . . . . . . . . . . . . 11 4.4. Downloading . . . . . . . . . . . . . . . . . . . . . . . 11 4.4.1. HTTP downloading . . . . . . . . . . . . . . . . . . . 11 4.4.2. FTP downloading . . . . . . . . . . . . . . . . . . . 12 4.4.3. Bittorrent/eMule downloading . . . . . . . . . . . . . 13 4.4.4. Xunlei downloading . . . . . . . . . . . . . . . . . . 14 4.5. Internet Video/music . . . . . . . . . . . . . . . . . . . 15 4.5.1. PPStream . . . . . . . . . . . . . . . . . . . . . . . 15 4.5.2. Other Internet Video/music . . . . . . . . . . . . . . 16 4.6. Email . . . . . . . . . . . . . . . . . . . . . . . . . . 16 4.6.1. Outlook/Outlook express . . . . . . . . . . . . . . . 16 4.6.2. Other Email softwares . . . . . . . . . . . . . . . . 17 4.7. Other applications . . . . . . . . . . . . . . . . . . . . 17 4.7.1. Telnet . . . . . . . . . . . . . . . . . . . . . . . . 17 4.7.2. SSH . . . . . . . . . . . . . . . . . . . . . . . . . 18 4.7.3. Traceroute . . . . . . . . . . . . . . . . . . . . . . 19 4.7.4. Remote desktop . . . . . . . . . . . . . . . . . . . . 20 4.8. VPN . . . . . . . . . . . . . . . . . . . . . . . . . . . 21 4.8.1. iAccess . . . . . . . . . . . . . . . . . . . . . . . 21 4.9. Shopping online . . . . . . . . . . . . . . . . . . . . . 22 Li, et al. Expires January 17, 2013 [Page 2] Internet-Draft NAT44-test July 2012 4.9.1. Taobao . . . . . . . . . . . . . . . . . . . . . . . . 22 4.10. Bank . . . . . . . . . . . . . . . . . . . . . . . . . . . 23 4.10.1. China Merchants Bank . . . . . . . . . . . . . . . . . 23 4.11. Negotiable securities . . . . . . . . . . . . . . . . . . 24 4.11.1. United securities . . . . . . . . . . . . . . . . . . 24 4.12. Map . . . . . . . . . . . . . . . . . . . . . . . . . . . 25 4.12.1. google map . . . . . . . . . . . . . . . . . . . . . . 25 5. Applications Testing with same public IP address . . . . . . . 26 5.1. Instant message applications . . . . . . . . . . . . . . . 26 5.1.1. Microsoft Messenger . . . . . . . . . . . . . . . . . 26 5.2. Online gaming . . . . . . . . . . . . . . . . . . . . . . 27 5.2.1. QQ online gaming . . . . . . . . . . . . . . . . . . . 27 5.3. Internet Video/music . . . . . . . . . . . . . . . . . . . 28 5.3.1. Youku . . . . . . . . . . . . . . . . . . . . . . . . 28 5.4. Shopping online . . . . . . . . . . . . . . . . . . . . . 29 5.4.1. Taobao . . . . . . . . . . . . . . . . . . . . . . . . 29 5.5. Bank . . . . . . . . . . . . . . . . . . . . . . . . . . . 30 5.5.1. Industrial and Commercial Bank of China . . . . . . . 30 6. Effect analysis . . . . . . . . . . . . . . . . . . . . . . . 31 6.1. User experience . . . . . . . . . . . . . . . . . . . . . 31 6.2. Testing summary . . . . . . . . . . . . . . . . . . . . . 31 7. Security Considerations . . . . . . . . . . . . . . . . . . . 32 8. Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . 32 9. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 32 10. Informative References . . . . . . . . . . . . . . . . . . . . 32 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . . 32 Li, et al. Expires January 17, 2013 [Page 3] Internet-Draft NAT44-test July 2012 1. Introduction This testing is based on specification of IP device from China Telecom. The main purpose is to know the states that CGN supports the applications translating the NAT device. The testing is done on a real network of China Telecom Wuxi branch where the CGN is a centralized device for NAT translation. Base on testing result we know which applications could adapt to the NAT device and the time delay after translation, whether there is echo for video and audio services. The CGN devices include BRAS, SR, CR which can support NAT444 by adding a CGN board or connecting a CGN device. The access devices include LSW, DSLAM, OLT, MxU. CPE devices can be HGW, ONT which support router/bridge model. Other devices such as Network management servers, log servers, AAA servers, user action analysis server, FTP/HTTP server are also included in the system. 2. Terminology This document makes use of the following terms: NAT: Network Address Translation CGN : Carrier Grade NAT BRAS: Broadband Remote Access Server SR: Service Router CR: Core Router LSW: LAN Switching DSLAM: Digital Subscriber Line Access Multiplexer OLT: Optical Line Terminal CPE: Customer premises equipment HGW: Home Gateway ONT: Optical Network Terminal FTP: File Transfer Protocol HTTP: Hypertext Transfer Protocol ALG: Application Layer Gateway PCP: Port Control Protocol VPN: Virtual Private Network SSH: Secure Shell 3. Testbed Overview Li, et al. Expires January 17, 2013 [Page 4] Internet-Draft NAT44-test July 2012 3.1. A general topology for NAT444 testing ------ /// \\\ +-------+ Internet | | | /-/ | | CR |/----/ \\\ /// | - ------ +-------+ // \\ / \ | | | | | | | | | | \ / \\ // +----------+ | | |ME60(CGN) | | | +-/----+---+ // | // | // | +--/-+ ++---+ |CPE1| |CPE2| | | | | +-X--+ +-+--+ / \ | / \ | / \ | / \ | +/---+ +--\-+ +-+--+ | PC1| | PC2| | PC3| +----+ +----+ +----+ Figure 1: Distributed CGN topology for NAT444 testing In figure 1 CPE1 and CPE2 have NAT function, and NE60 is a BRAS device with a embedded CGN . There are two scenarioes in figure 1. Scenario 1: Communication between PC1 and PC2; Scenario 2: Communication between PC2 and PC3 . Li, et al. Expires January 17, 2013 [Page 5] Internet-Draft NAT44-test July 2012 ------ /// \\\ +-------+ Internet | | | /-/ | |CR(CGN)|/----/ \\\ /// | - ------ +-------+ // \\ / \ | | | | | | | | | | \ / \\ // +----------+ | | | ME60 | | | +-+-------++ | | | | | | +---++ +-+--+ |CPE2| |CPE3| | | | | +-+--+ +-+--+ | | | | | | | | +-+--+ +-+--+ | PC3| | PC4| +----+ +----+ Figure 2:Centralized CGN topology for NAT444 testing In figure 2 CPE2 and CPE3 have NAT function, and NE60 is a BRAS device without embedded CGN . There is an embedded CGN in CR device. This is scenario 3: Communication between PC3 and PC4. Li, et al. Expires January 17, 2013 [Page 6] Internet-Draft NAT44-test July 2012 ------ /// \\\ +-------+ Internet | | | /-/ | | CR |/----/ \\\ /// | - ------ +-------+ // \\ / \ | | | | | | | | | | \ / \\ // +----------+ | | | ME60(CGN)| | | +-+-------++ | | | | | | +---++ +-+--+ |CPE3| |CPE4| | | | | +-+--+ +-+--+ | | | | | | | | +-+--+ +-+--+ | PC4| | PC5| +----+ +----+ Figure 3:Public user and private user interworking In figure 3 CPE3 has NAT function and accesses a private IP address from NE60; CPE4 has NAT function and accesses a public IPv4 address by PPP from NE60. NE60 is a BRAS device with a embedded CGN. This is scenario 4: Communication between PC4 and PC5. 3.2. Testbed Description During the testing ALG function can be closed and open. So we tested based on: Activation ALG and three-tuple(Index NAT entries by source IP, source port, protocol) ; Deactivation ALG and tree-tuple; Li, et al. Expires January 17, 2013 [Page 7] Internet-Draft NAT44-test July 2012 Activation single ALG and three-tuple; Activation ALG and Five- tuple(Index NAT entries by source IP, source port, protocol, destined IP, destined port) ; Deactivation ALG and five-tuple; 4. Applications Testing Overview This section describes testing result for all kinds applications. 4.1. Instant message applications 4.1.1. Microsoft Messenger +--------------+----------------------------------------------------+ |Test Item |IM | +--------------+----------------------------------------------------+ |Sub-Item |Microsoft Messenger | +--------------+----------------------------------------------------+ |Test |Check whether Microsoft Messenger can work under NAT| |Objective |44.Voice, Video, Webcam,File transfer are tested | +--------------+----------------------------------------------------+ |Test Scenario |Scenario:1, 2,3,4 | +--------------+----------------------------------------------------+ |Test |1.Configure user IP pool in BRAS. Configure NAT444 | |Procedure |and IPv4 public pool in CGN. | | |2.Install MSN in PC | | |3.Check whether MSN user can register | | |4.Check whether users can communicate normally | | |5.Test Activation/Deactivation/Single ALG+tree-tuple| +--------------+----------------------------------------------------+ |Expected |MSN user can register | |Result |Two user can communicate with MSN | | |Under four scenarios two user can communicate | +--------------+----------------------------------------------------+ |Actual Result |Passed | +--------------+----------------------------------------------------+ |Remarks |Independent ALG | +--------------+----------------------------------------------------+ 4.1.2. skype Li, et al. Expires January 17, 2013 [Page 8] Internet-Draft NAT44-test July 2012 +--------------+----------------------------------------------------+ |Test Item |IM | +--------------+----------------------------------------------------+ |Sub-Item |Skype | +--------------+----------------------------------------------------+ |Test |Check whether skype can used under NA44. | |Objective |Voice, Video, Webcam, File transfer are tested | +--------------+----------------------------------------------------+ |Test Scenario |Scenario:1, 2,3,4 | +--------------+----------------------------------------------------+ |Test |1.Configure user IP pool in BRAS. Configure NAT444 | |Procedure |and IPv4 public pool in CGN. | | |2.Install skype in PC | | |3.Check whether skype user can register | | |4.Check whether users can communicate normally | | |5.Test Activation/Deactivation/Single ALG+tree-tuple| +--------------+----------------------------------------------------+ |Expected |Skype user can register | |Result |Two user can communicate with skype | | |Under four scenarios two user can communicate | +--------------+----------------------------------------------------+ |Actual Result |Passed | +--------------+----------------------------------------------------+ |Remarks |Independent ALG | +--------------+----------------------------------------------------+ 4.1.3. Other IM We tested other IM application in the same way and got the same result as MSN. Other IM application include Feixin, QQ, Miliao, aliwangwang, and they are all popular IM applications in china. 4.2. Web browsing 4.2.1. www.google.com Li, et al. Expires January 17, 2013 [Page 9] Internet-Draft NAT44-test July 2012 +--------------+----------------------------------------------------+ |Test Item |Web browsing | +--------------+----------------------------------------------------+ |Sub-Item |www.google.com | +--------------+----------------------------------------------------+ |Test |Check whether we can access www.google.com when | |Objective |there is NAT in the network. | +--------------+----------------------------------------------------+ |Test Scenario |Scenario:1, 2,3,4 PCs can access web browsing | +--------------+----------------------------------------------------+ |Test |1.Configure user IP pool in BRAS. Configure NAT444 | |Procedure |and IPv4 public pool in CGN. | | |2.Open browsing and access www.google.com in PC | | |3.Check whether PC can access the Web normally. | | |4.Test Activation/Deactivation/Single ALG+tree-tuple| | | | +--------------+----------------------------------------------------+ |Expected |PC can access the web. | |Result | | | | | +--------------+----------------------------------------------------+ |Actual Result |Passed | +--------------+----------------------------------------------------+ |Remarks |Independent ALG | +--------------+----------------------------------------------------+ 4.2.2. Other web browsings We tested other web browsings in the same way and got the same result as google web. Other web browsings include www.baidu.com, www.yahoo.com, www.sohu.com, www.renren.com, www.sina.com, www.tianya.cn, www.qq.com, www.163.com, www.ifeng.com, www.chinanews.com, and they are all popular web sites in china. We also access web by HTTPS,we access https://chatmodels.dmm.co.jp/login/top and it runs smoothly. 4.3. Online gaming 4.3.1. QQ online gaming Li, et al. Expires January 17, 2013 [Page 10] Internet-Draft NAT44-test July 2012 +--------------+----------------------------------------------------+ |Test Item |Online gaming | +--------------+----------------- ----------------------------------+ |Sub-Item |QQ Online gaming | +--------------+----------------------------------------------------+ |Test |Check whether PC can register QQ online gaming room.| |Objective | | +--------------+----------------------------------------------------+ |Test Scenario |Scenario:1, 2,3,4 PCs can access online gaming room.| +--------------+----------------------------------------------------+ |Test |1.Configure user IP pool in BRAS. Configure NAT444 | |Procedure |and IPv4 public pool in CGN. | | |2.Install QQ online gaming client on PC | | |3.Check whether PC can entry game room and play. | | |4.Test Activation/Deactivation/Single ALG+tree-tuple| | | | +--------------+----------------------------------------------------+ |Expected |QQ game user can entry game room and play. | |Result | | | | | +--------------+----------------------------------------------------+ |Actual Result |Passed | +--------------+----------------------------------------------------+ |Remarks |Independent ALG | +--------------+----------------------------------------------------+ 4.3.2. Other online gaming We tested other online gamings in the same way and got the same result as QQ online gaming. Other online gamings include World of Warcraft , QQ farm, ourgame, Kaixin network, and they are all popular online game in china. 4.4. Downloading 4.4.1. HTTP downloading Li, et al. Expires January 17, 2013 [Page 11] Internet-Draft NAT44-test July 2012 +--------------+----------------------------------------------------+ |Test Item |Downloading | +--------------+----------------- ----------------------------------+ |Sub-Item |HTTP downloading | +--------------+----------------------------------------------------+ |Test |Check whether PC can download by HTTP with NAT444 on| |Objective |the networks. | +--------------+----------------------------------------------------+ |Test Scenario |Scenario:1, 2,3,4 PCs can download by HTTP. | +--------------+----------------------------------------------------+ |Test |1.Configure user IP pool in BRAS. Configure NAT444 | |Procedure |and IPv4 public pool in CGN. | | |2.Open any software or MP3 file download page. | | |3.Check whether PC can download the by HTTP. | | |4.Test Activation/Deactivation/Single ALG+tree-tuple| | | | +--------------+----------------------------------------------------+ |Expected |User can download files by HTTP. | |Result | | | | | +--------------+----------------------------------------------------+ |Actual Result |Passed | +--------------+----------------------------------------------------+ |Remarks |Independent ALG | +--------------+----------------------------------------------------+ 4.4.2. FTP downloading Li, et al. Expires January 17, 2013 [Page 12] Internet-Draft NAT44-test July 2012 +--------------+----------------------------------------------------+ |Test Item |Downloading | +--------------+----------------- ----------------------------------+ |Sub-Item |FTP downloading | +--------------+----------------------------------------------------+ |Test |Check whether PC can download by FTP with NAT444 on| |Objective |the networks. | +--------------+----------------------------------------------------+ |Test Scenario |Scenario:1, 2,3,4 PCs can download by FTP. | +--------------+----------------------------------------------------+ |Test |1.Configure user IP pool in BRAS. Configure NAT444 | |Procedure |and IPv4 public pool in CGN. | | |2.Input a FTP address:FTP://debian.bjlx.org.cn. | | |3.Check whether PC can connect to FTP server and | | |download by FTP. | | |4.Test Activation/Deactivation/Single ALG+tree-tuple| +--------------+----------------------------------------------------+ |Expected |User can download files by FTP. | |Result | | | | | +--------------+----------------------------------------------------+ |Actual Result |Passed but dependent ALG | +--------------+----------------------------------------------------+ |Remarks |Not testing when FTP server is in private network | +--------------+----------------------------------------------------+ 4.4.3. Bittorrent/eMule downloading Li, et al. Expires January 17, 2013 [Page 13] Internet-Draft NAT44-test July 2012 +--------------+----------------------------------------------------+ |Test Item |Downloading | +--------------+----------------- ----------------------------------+ |Sub-Item |Bittorrrent/eMule | +--------------+----------------------------------------------------+ |Test |Check whether PC can download by Bittorrent/eMule | |Objective | | +--------------+----------------------------------------------------+ |Test Scenario |Scenario:1, 2,3,4 PCs can download by Bittorrent | | |/eMule | +--------------+----------------------------------------------------+ |Test |1.Configure user IP pool in BRAS. Configure NAT444 | |Procedure |and IPv4 public pool in CGN. | | |2.Install Bittorrent or eMule client on PC. | | |3.Check whether PC can download by Bittorrent/eMule.| | |4.Test Activation/Deactivation/Single ALG+tree-tuple| | | | +--------------+----------------------------------------------------+ |Expected |User can download files by Bittorrent. | |Result |User can download files by eMule. | | | | +--------------+----------------------------------------------------+ |Actual Result |Passed and Independent ALG | +--------------+----------------------------------------------------+ |Remarks |No testing When Bittorrent server in private network| | |No testing When eMule server in private network. | | |CGN not support PCP | +--------------+----------------------------------------------------+ Remark: PCP([draft-ietf-pcp-base-26]) is not actived in CGN. When eMule/Bittorrent server is behind in CGN, we didn't test. +--+ 4.4.4. Xunlei downloading Li, et al. Expires January 17, 2013 [Page 14] Internet-Draft NAT44-test July 2012 +--------------+----------------------------------------------------+ |Test Item |Downloading | +--------------+----------------- ----------------------------------+ |Sub-Item |Xunlei downloading | +--------------+----------------------------------------------------+ |Test |Check whether PC can download by Xunlei when it is | |Objective |in a private network. | +--------------+----------------------------------------------------+ |Test Scenario |Scenario:1, 2,3,4 PCs can download by Xunlei. | +--------------+----------------------------------------------------+ |Test |1.Configure user IP pool in BRAS. Configure NAT444 | |Procedure |and IPv4 public pool in CGN. | | |2.Install Xunlei client on PC. | | |3.Open a file in Xunlei and check whether PC can | | |download by Xunlei. | | |4.Test Activation/Deactivation/Single ALG+tree-tuple| +--------------+----------------------------------------------------+ |Expected |User can download files by Xunlei. | |Result | | | | | +--------------+----------------------------------------------------+ |Actual Result |Passed and Independent ALG | +--------------+----------------------------------------------------+ |Remarks | | +--------------+----------------------------------------------------+ 4.5. Internet Video/music 4.5.1. PPStream Li, et al. Expires January 17, 2013 [Page 15] Internet-Draft NAT44-test July 2012 +--------------+----------------------------------------------------+ |Test Item |Internet Video/music | +--------------+----------------- ----------------------------------+ |Sub-Item |PPStream | +--------------+----------------------------------------------------+ |Test |Check whether PC with PPStream client can play video| |Objective |/music programme. | +--------------+----------------------------------------------------+ |Test Scenario |Scenario:1, 2,3,4 PCs can play video/music programme| +--------------+----------------------------------------------------+ |Test |1.Configure user IP pool in BRAS. Configure NAT444 | |Procedure |and IPv4 public pool in CGN. | | |2.Install PPStream client on PC. | | |3.Check whether PC can play programmes on PPStream. | | |4.Test Activation/Deactivation/Single ALG+tree-tuple| | | | +--------------+----------------------------------------------------+ |Expected |User can see the film or listen to music with | |Result |PPStream client. | | | | +--------------+----------------------------------------------------+ |Actual Result |Passed | +--------------+----------------------------------------------------+ |Remarks |Independent ALG | +--------------+----------------------------------------------------+ 4.5.2. Other Internet Video/music We tested other Internet Video/music software in the same way and got the same result as PPStream. Other Internet Video/music software include PPlive, Youku, Qiyi, Xunleikankan, Tudou, Baidu video, Sohu video, 163 video, and they are all popular video/music used in china. Youtube can't be accessed by Chinese user and do not pass the test. 4.6. Email 4.6.1. Outlook/Outlook express Li, et al. Expires January 17, 2013 [Page 16] Internet-Draft NAT44-test July 2012 +--------------+----------------------------------------------------+ |Test Item |Email | +--------------+----------------- ----------------------------------+ |Sub-Item |Outlook/Outlook express | +--------------+----------------------------------------------------+ |Test |Check whether PC with Outlook/Outlook express can | |Objective |receive and send mail from mail server. | +--------------+----------------------------------------------------+ |Test Scenario |Scenario:1, 2,3,4 PCs can receive/send mail. | +--------------+----------------------------------------------------+ |Test |1.Configure user IP pool in BRAS. Configure NAT444 | |Procedure |and IPv4 public pool in CGN. | | |2.Set Outlook/Outlook express on PC. | | |3.Check whether PC can use Outlook/Outlook express. | | |4.Test Activation/Deactivation/Single ALG+tree-tuple| | | | +--------------+----------------------------------------------------+ |Expected |User can see the film or listen to music with | |Result |PPStream client. | | | | +--------------+----------------------------------------------------+ |Actual Result |Passed | +--------------+----------------------------------------------------+ |Remarks |Independent ALG | +--------------+----------------------------------------------------+ 4.6.2. Other Email softwares We tested other Email software in the same way and got the same result as Outlook/Outlook express. Other Email softwares include QQ mail, 163 mail, sina mail, and they are all popular mail used in china. 4.7. Other applications 4.7.1. Telnet Li, et al. Expires January 17, 2013 [Page 17] Internet-Draft NAT44-test July 2012 +--------------+----------------------------------------------------+ |Test Item |Telnet | +--------------+----------------- ----------------------------------+ |Sub-Item |Telnet | +--------------+----------------------------------------------------+ |Test |Check whether PC can telnet a device within NAT | |Objective |environment. | +--------------+----------------------------------------------------+ |Test Scenario |Scenario:1, 2,3,4 PCs can Telnet. | +--------------+----------------------------------------------------+ |Test |1.Configure user IP pool in BRAS. Configure NAT444 | |Procedure |and IPv4 public pool in CGN. | | |2.Configure the Telnet on a PC. | | |3.Check whether PC can build telnet. | | |4.Test Activation/Deactivation/Single ALG+tree-tuple| | | | +--------------+----------------------------------------------------+ |Expected |User can build the telnet connection. | |Result | | | | +--------------+----------------------------------------------------+ |Actual Result |Passed | +--------------+----------------------------------------------------+ |Remarks |Independent ALG | +--------------+----------------------------------------------------+ 4.7.2. SSH Li, et al. Expires January 17, 2013 [Page 18] Internet-Draft NAT44-test July 2012 +--------------+----------------------------------------------------+ |Test Item |SSH | +--------------+----------------- ----------------------------------+ |Sub-Item |SSH | +--------------+----------------------------------------------------+ |Test |Check whether PC can build SSH connection within | |Objective |NAT environment. | +--------------+----------------------------------------------------+ |Test Scenario |Scenario:1, 2,3,4 PCs can Build SSH connection. | +--------------+----------------------------------------------------+ |Test |1.Configure user IP pool in BRAS. Configure NAT444 | |Procedure |and IPv4 public pool in CGN. | | |2.Configure the SHH on a router in network | | |3.Check whether PC can build SSH connection | | |4.Test Activation/Deactivation/Single ALG+tree-tuple| | | | +--------------+----------------------------------------------------+ |Expected |User can build the SHH connection. | |Result | | | | +--------------+----------------------------------------------------+ |Actual Result |Passed | +--------------+----------------------------------------------------+ |Remarks |Independent ALG | +--------------+----------------------------------------------------+ 4.7.3. Traceroute Li, et al. Expires January 17, 2013 [Page 19] Internet-Draft NAT44-test July 2012 +--------------+----------------------------------------------------+ |Test Item |Traceroute | +--------------+----------------- ----------------------------------+ |Sub-Item |Traceroute (using ICMP) | +--------------+----------------------------------------------------+ |Test |Check whether two PCs behind NAT can traceroute. | |Objective |NAT environment. | +--------------+----------------------------------------------------+ |Test Scenario |Scenario:1, 2,3,4 . | +--------------+----------------------------------------------------+ |Test |1.Configure user IP pool in BRAS. Configure NAT444 | |Procedure |and IPv4 public pool in CGN. | | |2.Traceroute from a PC to another PC. | | |3.Check whether two PC can traceroute. | | |4.Test Activation/Deactivation/Single ALG+tree-tuple| | | | +--------------+----------------------------------------------------+ |Expected |Two users can traceroute. | |Result | | | | +--------------+----------------------------------------------------+ |Actual Result |Passed | +--------------+----------------------------------------------------+ |Remarks |Independent ALG | +--------------+----------------------------------------------------+ 4.7.4. Remote desktop Li, et al. Expires January 17, 2013 [Page 20] Internet-Draft NAT44-test July 2012 +--------------+----------------------------------------------------+ |Test Item |Remote desktop | +--------------+----------------- ----------------------------------+ |Sub-Item |Remote desktop | +--------------+----------------------------------------------------+ |Test |Check whether a PC behind NAT can remote desktop | |Objective |to another PC behind NAT or to a public PC. | +--------------+----------------------------------------------------+ |Test Scenario |Scenario:1, 2,3,4 . | +--------------+----------------------------------------------------+ |Test |1.Configure user IP pool in BRAS. Configure NAT444 | |Procedure |and IPv4 public pool in CGN. | | |2.Remote desktop from a PC to another PC. | | |3.Check whether two PC can remotedesktop successfully | |4.Test Activation/Deactivation/Single ALG+tree-tuple| | | | +--------------+----------------------------------------------------+ |Expected |User behind CGN can remote desktop to another CGN | |Result |user or a public IP user. | | | | +--------------+----------------------------------------------------+ |Actual Result |Passed | +--------------+----------------------------------------------------+ |Remarks |Independent ALG | +--------------+----------------------------------------------------+ 4.8. VPN 4.8.1. iAccess Li, et al. Expires January 17, 2013 [Page 21] Internet-Draft NAT44-test July 2012 +--------------+----------------------------------------------------+ |Test Item |VPN | +--------------+----------------- ----------------------------------+ |Sub-Item |iAccess | +--------------+----------------------------------------------------+ |Test |Check whether a PC behind NAT can remote desktop | |Objective |to another PC behind NAT or to a public PC. | +--------------+----------------------------------------------------+ |Test Scenario |Scenario:1, 2,3,4 . | +--------------+----------------------------------------------------+ |Test |1.Configure user IP pool in BRAS. Configure NAT444 | |Procedure |and IPv4 public pool in CGN. | | |2.Get a iAccess user and password from company. | | |3.Check whether public PC can access the company. | | |4.Test Activation/Deactivation/Single ALG+tree-tuple| | | | +--------------+----------------------------------------------------+ |Expected |User can access company resource from public network| |Result |by iAccess user and password. | | | | +--------------+----------------------------------------------------+ |Actual Result |Passed | +--------------+----------------------------------------------------+ |Remarks |Independent ALG; not test PPTP,L2TP | +--------------+----------------------------------------------------+ 4.9. Shopping online 4.9.1. Taobao Li, et al. Expires January 17, 2013 [Page 22] Internet-Draft NAT44-test July 2012 +--------------+----------------------------------------------------+ |Test Item |Shopping online | +--------------+----------------- ----------------------------------+ |Sub-Item |Taobao | +--------------+----------------------------------------------------+ |Test |Check whether user can shop by Taobao within NAT | |Objective |environment. | +--------------+----------------------------------------------------+ |Test Scenario |Scenario:1, 2,3,4 PC can access Taobao. . | +--------------+----------------------------------------------------+ |Test |1.Configure user IP pool in BRAS. Configure NAT444 | |Procedure |and IPv4 public pool in CGN. | | |2.Open browsing and input Taobao address. | | |3.Check whether user can access Taobao web site. | | |4.Test Activation/Deactivation/Single ALG+tree-tuple| | | | +--------------+----------------------------------------------------+ |Expected |User can shop in Taobao and do all kind of operation| |Result |in web site. | | | | +--------------+----------------------------------------------------+ |Actual Result |Passed | +--------------+----------------------------------------------------+ |Remarks |Independent ALG | +--------------+----------------------------------------------------+ 4.10. Bank 4.10.1. China Merchants Bank Li, et al. Expires January 17, 2013 [Page 23] Internet-Draft NAT44-test July 2012 +--------------+----------------------------------------------------+ |Test Item |Bank | +--------------+----------------------------------------------------+ |Sub-Item |China Merchants Bank | +--------------+----------------------------------------------------+ |Test |Check whether user can use online bank web within | |Objective |NAT environment. | +--------------+----------------------------------------------------+ |Test Scenario |Scenario:1, 2,3,4 PC can access online bank. . | +--------------+----------------------------------------------------+ |Test |1.Configure user IP pool in BRAS. Configure NAT444 | |Procedure |and IPv4 public pool in CGN. | | |2.Open browsing and input China Merchants Bank Addr | | |3.Check whether user can use online bank. | | |4.Test Activation/Deactivation/Single ALG+tree-tuple| | | | +--------------+----------------------------------------------------+ |Expected |User can use online bank on web site. | |Result | | | | | +--------------+----------------------------------------------------+ |Actual Result |Passed | +--------------+----------------------------------------------------+ |Remarks |Independent ALG | +--------------+----------------------------------------------------+ 4.11. Negotiable securities 4.11.1. United securities Li, et al. Expires January 17, 2013 [Page 24] Internet-Draft NAT44-test July 2012 +--------------+----------------------------------------------------+ |Test Item |Negotiable securities | +--------------+----------------------------------------------------+ |Sub-Item |United securities | +--------------+----------------------------------------------------+ |Test |Check whether user can entry securities exchange | |Objective |centre and trade. | +--------------+----------------------------------------------------+ |Test Scenario |Scenario:1, 2,3,4 PC can access securities web. | +--------------+----------------------------------------------------+ |Test |1.Configure user IP pool in BRAS. Configure NAT444 | |Procedure |and IPv4 public pool in CGN. | | |2.Install United securities client. | | |3.Check whether user can entry the securities | | |exchange centre and trade | | |4.Test Activation/Deactivation/Single ALG+tree-tuple| +--------------+----------------------------------------------------+ |Expected |User can entry securities exchange centre and trade.| |Result | | | | | +--------------+----------------------------------------------------+ |Actual Result |Passed | +--------------+----------------------------------------------------+ |Remarks |Independent ALG | +--------------+----------------------------------------------------+ 4.12. Map 4.12.1. google map Li, et al. Expires January 17, 2013 [Page 25] Internet-Draft NAT44-test July 2012 +--------------+----------------------------------------------------+ |Test Item |MAP | +--------------+----------------------------------------------------+ |Sub-Item |Google map | +--------------+----------------------------------------------------+ |Test |Check whether user can use google map for search | |Objective |Within the NAT environment. | +--------------+----------------------------------------------------+ |Test Scenario |Scenario:1, 2,3,4 PC can use google map. | +--------------+----------------------------------------------------+ |Test |1.Configure user IP pool in BRAS. Configure NAT444 | |Procedure |and IPv4 public pool in CGN. | | |2.Open google map. | | |3.Check whether user can goole map for search. | | |Check the session entries on CGN. | | |4.Test Activation/Deactivation/Single ALG+tree-tuple| +--------------+----------------------------------------------------+ |Expected |User can use google map for search. | |Result | | | | | +--------------+----------------------------------------------------+ |Actual Result |Passed | +--------------+----------------------------------------------------+ |Remarks |Independent ALG | +--------------+----------------------------------------------------+ We tested Baidu map in the same way and got the same result . 5. Applications Testing with same public IP address This section describes testing result when different CPEs use same public IP address. The purpose of testing is make sure the application can also be used when different users use same external public IP address. This section include three scenarios. Scenario 1: in figure 1 PC1 and PC2 use same external public IP address; Scenario 2: in figure1 PC2 and PC3 use same external public IP address; Scenario 3: in figure 3 PC4 are CGN user and PC5 are public user; 5.1. Instant message applications 5.1.1. Microsoft Messenger Li, et al. Expires January 17, 2013 [Page 26] Internet-Draft NAT44-test July 2012 +--------------+----------------------------------------------------+ |Test Item |IM | +--------------+----------------------------------------------------+ |Sub-Item |Microsoft Messenger | +--------------+----------------------------------------------------+ |Test |Check when ALG active or deactive whether MSN has | |Objective |same communication flow in three scenarios. | +--------------+----------------------------------------------------+ |Test Scenario |Scenario:1, 2,3 | +--------------+----------------------------------------------------+ |Test |1.Configure user IP pool in BRAS. Configure NAT444 | |Procedure |and IPv4 public pool in CGN. | | |2.Install MSN in PC | | |3.Check whether MSN user can register | | |4.Active ALG and see the communication flow by | | |grasping packets in three scenarios. | +--------------+----------------------------------------------------+ |Expected |MSN user can communicate in three scenarios. | |Result | | | | | +--------------+----------------------------------------------------+ |Actual Result |Passed | +--------------+----------------------------------------------------+ |Remarks | | +--------------+----------------------------------------------------+ 5.2. Online gaming 5.2.1. QQ online gaming Li, et al. Expires January 17, 2013 [Page 27] Internet-Draft NAT44-test July 2012 +--------------+----------------------------------------------------+ |Test Item |Online gaming | +--------------+----------------- ----------------------------------+ |Sub-Item |QQ Online gaming | +--------------+----------------------------------------------------+ |Test |Check whether QQ online game has the same flow when | |Objective |ALG active or deactive. | +--------------+----------------------------------------------------+ |Test Scenario |Scenario:1, 2,3 | +--------------+----------------------------------------------------+ |Test |1.Configure user IP pool in BRAS. Configure NAT444 | |Procedure |and IPv4 public pool in CGN. | | |2.Install QQ online gaming client on PC | | |3.Check whether PC can entry game room and play. | | |4.Grasp packets when ALG active or deactive. | | | | +--------------+----------------------------------------------------+ |Expected |QQ game user can entry game room and play. | |Result | | | | | +--------------+----------------------------------------------------+ |Actual Result |Failed | +--------------+----------------------------------------------------+ |Remarks |same public IP user can't entry the same game room. | +--------------+----------------------------------------------------+ 5.3. Internet Video/music 5.3.1. Youku Li, et al. Expires January 17, 2013 [Page 28] Internet-Draft NAT44-test July 2012 +--------------+----------------------------------------------------+ |Test Item |Internet Video/music | +--------------+----------------- ----------------------------------+ |Sub-Item |Youku | +--------------+----------------------------------------------------+ |Test |Check whether Youku has the same flow when ALG | |Objective |active or deactive. | +--------------+----------------------------------------------------+ |Test Scenario |Scenario:1, 2,3 | +--------------+----------------------------------------------------+ |Test |1.Configure user IP pool in BRAS. Configure NAT444 | |Procedure |and IPv4 public pool in CGN. | | |2.Go to Youku web site and view video. | | |3.Grasp packets when ALG active or deactive and | | |analyse the flow. | | | | +--------------+----------------------------------------------------+ |Expected |User can see the film or listen to music in Youku | |Result |web site. | | | | +--------------+----------------------------------------------------+ |Actual Result |Passed | +--------------+----------------------------------------------------+ |Remarks | | +--------------+----------------------------------------------------+ 5.4. Shopping online 5.4.1. Taobao Li, et al. Expires January 17, 2013 [Page 29] Internet-Draft NAT44-test July 2012 +--------------+----------------------------------------------------+ |Test Item |Shopping online | +--------------+----------------- ----------------------------------+ |Sub-Item |Taobao | +--------------+----------------------------------------------------+ |Test |Check whether Taobao user has the same flow when NAT| |Objective |actives or deactives. | +--------------+----------------------------------------------------+ |Test Scenario |Scenario:1, 2,3 | +--------------+----------------------------------------------------+ |Test |1.Configure user IP pool in BRAS. Configure NAT444 | |Procedure |and IPv4 public pool in CGN. | | |2.Open browsing and input Taobao address. | | |3.Check whether user can shop on Taobao web site. | | |4.Grasp packets when ALG actives or deactives to see| | |whether the flow are same or not. | +--------------+----------------------------------------------------+ |Expected |User can shop in Taobao. | |Result | | | | | +--------------+----------------------------------------------------+ |Actual Result |Passed | +--------------+----------------------------------------------------+ |Remarks | | +--------------+----------------------------------------------------+ 5.5. Bank 5.5.1. Industrial and Commercial Bank of China Li, et al. Expires January 17, 2013 [Page 30] Internet-Draft NAT44-test July 2012 +--------------+----------------------------------------------------+ |Test Item |Bank | +--------------+----------------------------------------------------+ |Sub-Item |Industrial and Commercial Bank of China(ICBC) | +--------------+----------------------------------------------------+ |Test |Check when user can use online ICBC bank web the | |Objective |service flow is same when activing/deactiving ALG. | +--------------+----------------------------------------------------+ |Test Scenario |Scenario:1, 2,3 | +--------------+----------------------------------------------------+ |Test |1.Configure user IP pool in BRAS. Configure NAT444 | |Procedure |and IPv4 public pool in CGN. | | |2.Open browsing and input ICBC Bank address. | | |3.Check whether user can use online bank to transfer| | |4.Grasp the packets to analyse the flow when ALG | | |actives or deactives. | +--------------+----------------------------------------------------+ |Expected |User can use online bank on web site. | |Result | | | | | +--------------+----------------------------------------------------+ |Actual Result |Passed | +--------------+----------------------------------------------------+ |Remarks | | +--------------+----------------------------------------------------+ 6. Effect analysis 6.1. User experience User experience can't be quantified and we get the result only by subjective experience. Time delay, echo, fluency in video and audio are almost same as without NAT444 on network. Communications between CGN users and CGN user with public user are always normal. As a result, NAT444 has no affection on the users' experience in the tests we have run. 6.2. Testing summary In all the applications aforementioned only FTP depends on ALG. We only test two levels NAT. QQ online gaming does not permit two users use the same external public IP address in the same game room. When two users use the same Li, et al. Expires January 17, 2013 [Page 31] Internet-Draft NAT44-test July 2012 external public IP address, QQ online gaming considers they come from the same subscriber. If they are in the same game room, they are regarded as cribbers. We only tested a bank account to use online bank since we only have one account. We didn't test when eMule, Bittorrent work as internal server. This needs support of PCP. When there is two levels NAT, users can't set internal server, such as FTP server, in home network. Communication between CGN user and public IP user belonging to the same CGN is not processed by service board. 7. Security Considerations 8. Acknowledgments 9. IANA Considerations 10. Informative References [draft-ietf-pcp-base-26] IETF, "Port Control Protocol (PCP)", June 2012, . Authors' Addresses Zhongchao Li China Telecom Nanjing, P.R. China Email: 15301588336@189.cn Li, et al. Expires January 17, 2013 [Page 32] Internet-Draft NAT44-test July 2012 Hongwei Guo China Telecom Nanjing, P.R. China Email: 15306188213@189.cn Chunlin Liu China Telecom Nanjing, P.R. China Email: liuchunlin@jsptpd.com Will Liu Huawei Technologies Bantian, Longgang DIST Shenzhen 518129 P.R. China Phone: +86 755 28972315 Email: liushucheng@huawei.com Zhongjian Zhang Huawei Technologies Bantian, Longgang DIST Shenzhen, P.R. China Email: zhangzhongjian@huawei.com Li, et al. Expires January 17, 2013 [Page 33]