idnits 2.17.1 draft-li-behave-nat444-test-01.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- == There are 7 instances of lines with non-RFC2606-compliant FQDNs in the document. Miscellaneous warnings: ---------------------------------------------------------------------------- == The copyright year in the IETF Trust and authors Copyright Line does not match the current year == The document doesn't use any RFC 2119 keywords, yet has text resembling RFC 2119 boilerplate text. -- The document date (July 16, 2012) is 4302 days in the past. Is this intentional? Checking references for intended status: Proposed Standard ---------------------------------------------------------------------------- (See RFCs 3967 and 4897 for information about using normative references to lower-maturity documents in RFCs) No issues found here. Summary: 0 errors (**), 0 flaws (~~), 3 warnings (==), 1 comment (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 2 Network Working Group Z. Li 3 Internet-Draft H. Guo 4 Intended status: Standards Track C. Liu 5 Expires: January 17, 2013 China Telecom 6 W. Liu 7 Z. Zhang 8 Huawei Technologies 9 July 16, 2012 11 Experience from NAT44 Translation Testing 12 draft-li-behave-nat444-test-01 14 Abstract 16 This document describes the testing result of CGN device in Wuxi 17 Branch of China Telecom, by providing an overview of support 18 situation of CGN for getting applications through NAT. The CGN 19 device is from Huawei and the test environment is a real network in 20 Wuxi China. 22 Requirements Language 24 The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", 25 "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this 26 document are to be interpreted as described in . 28 Status of this Memo 30 This Internet-Draft is submitted in full conformance with the 31 provisions of BCP 78 and BCP 79. 33 Internet-Drafts are working documents of the Internet Engineering 34 Task Force (IETF). Note that other groups may also distribute 35 working documents as Internet-Drafts. The list of current Internet- 36 Drafts is at http://datatracker.ietf.org/drafts/current/. 38 Internet-Drafts are draft documents valid for a maximum of six months 39 and may be updated, replaced, or obsoleted by other documents at any 40 time. It is inappropriate to use Internet-Drafts as reference 41 material or to cite them other than as "work in progress." 43 This Internet-Draft will expire on January 17, 2013. 45 Copyright Notice 47 Copyright (c) 2012 IETF Trust and the persons identified as the 48 document authors. All rights reserved. 50 This document is subject to BCP 78 and the IETF Trust's Legal 51 Provisions Relating to IETF Documents 52 (http://trustee.ietf.org/license-info) in effect on the date of 53 publication of this document. Please review these documents 54 carefully, as they describe your rights and restrictions with respect 55 to this document. Code Components extracted from this document must 56 include Simplified BSD License text as described in Section 4.e of 57 the Trust Legal Provisions and are provided without warranty as 58 described in the Simplified BSD License. 60 Table of Contents 62 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 4 63 2. Terminology . . . . . . . . . . . . . . . . . . . . . . . . . 4 64 3. Testbed Overview . . . . . . . . . . . . . . . . . . . . . . . 4 65 3.1. A general topology for NAT444 testing . . . . . . . . . . 5 66 3.2. Testbed Description . . . . . . . . . . . . . . . . . . . 7 67 4. Applications Testing Overview . . . . . . . . . . . . . . . . 8 68 4.1. Instant message applications . . . . . . . . . . . . . . . 8 69 4.1.1. Microsoft Messenger . . . . . . . . . . . . . . . . . 8 70 4.1.2. skype . . . . . . . . . . . . . . . . . . . . . . . . 8 71 4.1.3. Other IM . . . . . . . . . . . . . . . . . . . . . . . 9 72 4.2. Web browsing . . . . . . . . . . . . . . . . . . . . . . . 9 73 4.2.1. www.google.com . . . . . . . . . . . . . . . . . . . . 9 74 4.2.2. Other web browsings . . . . . . . . . . . . . . . . . 10 75 4.3. Online gaming . . . . . . . . . . . . . . . . . . . . . . 10 76 4.3.1. QQ online gaming . . . . . . . . . . . . . . . . . . . 10 77 4.3.2. Other online gaming . . . . . . . . . . . . . . . . . 11 78 4.4. Downloading . . . . . . . . . . . . . . . . . . . . . . . 11 79 4.4.1. HTTP downloading . . . . . . . . . . . . . . . . . . . 11 80 4.4.2. FTP downloading . . . . . . . . . . . . . . . . . . . 12 81 4.4.3. Bittorrent/eMule downloading . . . . . . . . . . . . . 13 82 4.4.4. Xunlei downloading . . . . . . . . . . . . . . . . . . 14 83 4.5. Internet Video/music . . . . . . . . . . . . . . . . . . . 15 84 4.5.1. PPStream . . . . . . . . . . . . . . . . . . . . . . . 15 85 4.5.2. Other Internet Video/music . . . . . . . . . . . . . . 16 86 4.6. Email . . . . . . . . . . . . . . . . . . . . . . . . . . 16 87 4.6.1. Outlook/Outlook express . . . . . . . . . . . . . . . 16 88 4.6.2. Other Email softwares . . . . . . . . . . . . . . . . 17 89 4.7. Other applications . . . . . . . . . . . . . . . . . . . . 17 90 4.7.1. Telnet . . . . . . . . . . . . . . . . . . . . . . . . 17 91 4.7.2. SSH . . . . . . . . . . . . . . . . . . . . . . . . . 18 92 4.7.3. Traceroute . . . . . . . . . . . . . . . . . . . . . . 19 93 4.7.4. Remote desktop . . . . . . . . . . . . . . . . . . . . 20 94 4.8. VPN . . . . . . . . . . . . . . . . . . . . . . . . . . . 21 95 4.8.1. iAccess . . . . . . . . . . . . . . . . . . . . . . . 21 96 4.9. Shopping online . . . . . . . . . . . . . . . . . . . . . 22 97 4.9.1. Taobao . . . . . . . . . . . . . . . . . . . . . . . . 22 98 4.10. Bank . . . . . . . . . . . . . . . . . . . . . . . . . . . 23 99 4.10.1. China Merchants Bank . . . . . . . . . . . . . . . . . 23 100 4.11. Negotiable securities . . . . . . . . . . . . . . . . . . 24 101 4.11.1. United securities . . . . . . . . . . . . . . . . . . 24 102 4.12. Map . . . . . . . . . . . . . . . . . . . . . . . . . . . 25 103 4.12.1. google map . . . . . . . . . . . . . . . . . . . . . . 25 104 5. Applications Testing with same public IP address . . . . . . . 26 105 5.1. Instant message applications . . . . . . . . . . . . . . . 26 106 5.1.1. Microsoft Messenger . . . . . . . . . . . . . . . . . 26 107 5.2. Online gaming . . . . . . . . . . . . . . . . . . . . . . 27 108 5.2.1. QQ online gaming . . . . . . . . . . . . . . . . . . . 27 109 5.3. Internet Video/music . . . . . . . . . . . . . . . . . . . 28 110 5.3.1. Youku . . . . . . . . . . . . . . . . . . . . . . . . 28 111 5.4. Shopping online . . . . . . . . . . . . . . . . . . . . . 29 112 5.4.1. Taobao . . . . . . . . . . . . . . . . . . . . . . . . 29 113 5.5. Bank . . . . . . . . . . . . . . . . . . . . . . . . . . . 30 114 5.5.1. Industrial and Commercial Bank of China . . . . . . . 30 115 6. Effect analysis . . . . . . . . . . . . . . . . . . . . . . . 31 116 6.1. User experience . . . . . . . . . . . . . . . . . . . . . 31 117 6.2. Testing summary . . . . . . . . . . . . . . . . . . . . . 31 118 7. Security Considerations . . . . . . . . . . . . . . . . . . . 32 119 8. Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . 32 120 9. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 32 121 10. Informative References . . . . . . . . . . . . . . . . . . . . 32 122 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . . 32 124 1. Introduction 126 This testing is based on specification of IP device from China 127 Telecom. The main purpose is to know the states that CGN supports 128 the applications translating the NAT device. The testing is done on 129 a real network of China Telecom Wuxi branch where the CGN is a 130 centralized device for NAT translation. 132 Base on testing result we know which applications could adapt to the 133 NAT device and the time delay after translation, whether there is 134 echo for video and audio services. 136 The CGN devices include BRAS, SR, CR which can support NAT444 by 137 adding a CGN board or connecting a CGN device. The access devices 138 include LSW, DSLAM, OLT, MxU. CPE devices can be HGW, ONT which 139 support router/bridge model. Other devices such as Network 140 management servers, log servers, AAA servers, user action analysis 141 server, FTP/HTTP server are also included in the system. 143 2. Terminology 145 This document makes use of the following terms: 146 NAT: Network Address Translation 147 CGN : Carrier Grade NAT 148 BRAS: Broadband Remote Access Server 149 SR: Service Router 150 CR: Core Router 151 LSW: LAN Switching 152 DSLAM: Digital Subscriber Line Access Multiplexer 153 OLT: Optical Line Terminal 154 CPE: Customer premises equipment 155 HGW: Home Gateway 156 ONT: Optical Network Terminal 157 FTP: File Transfer Protocol 158 HTTP: Hypertext Transfer Protocol 159 ALG: Application Layer Gateway 160 PCP: Port Control Protocol 161 VPN: Virtual Private Network 162 SSH: Secure Shell 164 3. Testbed Overview 165 3.1. A general topology for NAT444 testing 166 ------ 167 /// \\\ 168 +-------+ Internet | 169 | | /-/ | 170 | CR |/----/ \\\ /// 171 | - ------ 172 +-------+ 173 // \\ 174 / \ 175 | | 176 | | 177 | | 178 | | 179 | | 180 \ / 181 \\ // 182 +----------+ 183 | | 184 |ME60(CGN) | 185 | | 186 +-/----+---+ 187 // | 188 // | 189 // | 190 +--/-+ ++---+ 191 |CPE1| |CPE2| 192 | | | | 193 +-X--+ +-+--+ 194 / \ | 195 / \ | 196 / \ | 197 / \ | 198 +/---+ +--\-+ +-+--+ 199 | PC1| | PC2| | PC3| 200 +----+ +----+ +----+ 202 Figure 1: Distributed CGN topology for NAT444 testing 204 In figure 1 CPE1 and CPE2 have NAT function, and NE60 is a BRAS 205 device with a embedded CGN . There are two scenarioes in figure 1. 206 Scenario 1: Communication between PC1 and PC2; Scenario 2: 207 Communication between PC2 and PC3 . 209 ------ 210 /// \\\ 211 +-------+ Internet | 212 | | /-/ | 213 |CR(CGN)|/----/ \\\ /// 214 | - ------ 215 +-------+ 216 // \\ 217 / \ 218 | | 219 | | 220 | | 221 | | 222 | | 223 \ / 224 \\ // 225 +----------+ 226 | | 227 | ME60 | 228 | | 229 +-+-------++ 230 | | 231 | | 232 | | 233 +---++ +-+--+ 234 |CPE2| |CPE3| 235 | | | | 236 +-+--+ +-+--+ 237 | | 238 | | 239 | | 240 | | 241 +-+--+ +-+--+ 242 | PC3| | PC4| 243 +----+ +----+ 245 Figure 2:Centralized CGN topology for NAT444 testing 247 In figure 2 CPE2 and CPE3 have NAT function, and NE60 is a BRAS 248 device without embedded CGN . There is an embedded CGN in CR device. 249 This is scenario 3: Communication between PC3 and PC4. 251 ------ 252 /// \\\ 253 +-------+ Internet | 254 | | /-/ | 255 | CR |/----/ \\\ /// 256 | - ------ 257 +-------+ 258 // \\ 259 / \ 260 | | 261 | | 262 | | 263 | | 264 | | 265 \ / 266 \\ // 267 +----------+ 268 | | 269 | ME60(CGN)| 270 | | 271 +-+-------++ 272 | | 273 | | 274 | | 275 +---++ +-+--+ 276 |CPE3| |CPE4| 277 | | | | 278 +-+--+ +-+--+ 279 | | 280 | | 281 | | 282 | | 283 +-+--+ +-+--+ 284 | PC4| | PC5| 285 +----+ +----+ 287 Figure 3:Public user and private user interworking 289 In figure 3 CPE3 has NAT function and accesses a private IP address 290 from NE60; CPE4 has NAT function and accesses a public IPv4 address 291 by PPP from NE60. NE60 is a BRAS device with a embedded CGN. This 292 is scenario 4: Communication between PC4 and PC5. 294 3.2. Testbed Description 296 During the testing ALG function can be closed and open. So we tested 297 based on: Activation ALG and three-tuple(Index NAT entries by source 298 IP, source port, protocol) ; Deactivation ALG and tree-tuple; 299 Activation single ALG and three-tuple; Activation ALG and Five- 300 tuple(Index NAT entries by source IP, source port, protocol, destined 301 IP, destined port) ; Deactivation ALG and five-tuple; 303 4. Applications Testing Overview 305 This section describes testing result for all kinds applications. 307 4.1. Instant message applications 309 4.1.1. Microsoft Messenger 311 +--------------+----------------------------------------------------+ 312 |Test Item |IM | 313 +--------------+----------------------------------------------------+ 314 |Sub-Item |Microsoft Messenger | 315 +--------------+----------------------------------------------------+ 316 |Test |Check whether Microsoft Messenger can work under NAT| 317 |Objective |44.Voice, Video, Webcam,File transfer are tested | 318 +--------------+----------------------------------------------------+ 319 |Test Scenario |Scenario:1, 2,3,4 | 320 +--------------+----------------------------------------------------+ 321 |Test |1.Configure user IP pool in BRAS. Configure NAT444 | 322 |Procedure |and IPv4 public pool in CGN. | 323 | |2.Install MSN in PC | 324 | |3.Check whether MSN user can register | 325 | |4.Check whether users can communicate normally | 326 | |5.Test Activation/Deactivation/Single ALG+tree-tuple| 327 +--------------+----------------------------------------------------+ 328 |Expected |MSN user can register | 329 |Result |Two user can communicate with MSN | 330 | |Under four scenarios two user can communicate | 331 +--------------+----------------------------------------------------+ 332 |Actual Result |Passed | 333 +--------------+----------------------------------------------------+ 334 |Remarks |Independent ALG | 335 +--------------+----------------------------------------------------+ 337 4.1.2. skype 338 +--------------+----------------------------------------------------+ 339 |Test Item |IM | 340 +--------------+----------------------------------------------------+ 341 |Sub-Item |Skype | 342 +--------------+----------------------------------------------------+ 343 |Test |Check whether skype can used under NA44. | 344 |Objective |Voice, Video, Webcam, File transfer are tested | 345 +--------------+----------------------------------------------------+ 346 |Test Scenario |Scenario:1, 2,3,4 | 347 +--------------+----------------------------------------------------+ 348 |Test |1.Configure user IP pool in BRAS. Configure NAT444 | 349 |Procedure |and IPv4 public pool in CGN. | 350 | |2.Install skype in PC | 351 | |3.Check whether skype user can register | 352 | |4.Check whether users can communicate normally | 353 | |5.Test Activation/Deactivation/Single ALG+tree-tuple| 354 +--------------+----------------------------------------------------+ 355 |Expected |Skype user can register | 356 |Result |Two user can communicate with skype | 357 | |Under four scenarios two user can communicate | 358 +--------------+----------------------------------------------------+ 359 |Actual Result |Passed | 360 +--------------+----------------------------------------------------+ 361 |Remarks |Independent ALG | 362 +--------------+----------------------------------------------------+ 364 4.1.3. Other IM 366 We tested other IM application in the same way and got the same 367 result as MSN. Other IM application include Feixin, QQ, Miliao, 368 aliwangwang, and they are all popular IM applications in china. 370 4.2. Web browsing 372 4.2.1. www.google.com 373 +--------------+----------------------------------------------------+ 374 |Test Item |Web browsing | 375 +--------------+----------------------------------------------------+ 376 |Sub-Item |www.google.com | 377 +--------------+----------------------------------------------------+ 378 |Test |Check whether we can access www.google.com when | 379 |Objective |there is NAT in the network. | 380 +--------------+----------------------------------------------------+ 381 |Test Scenario |Scenario:1, 2,3,4 PCs can access web browsing | 382 +--------------+----------------------------------------------------+ 383 |Test |1.Configure user IP pool in BRAS. Configure NAT444 | 384 |Procedure |and IPv4 public pool in CGN. | 385 | |2.Open browsing and access www.google.com in PC | 386 | |3.Check whether PC can access the Web normally. | 387 | |4.Test Activation/Deactivation/Single ALG+tree-tuple| 388 | | | 389 +--------------+----------------------------------------------------+ 390 |Expected |PC can access the web. | 391 |Result | | 392 | | | 393 +--------------+----------------------------------------------------+ 394 |Actual Result |Passed | 395 +--------------+----------------------------------------------------+ 396 |Remarks |Independent ALG | 397 +--------------+----------------------------------------------------+ 399 4.2.2. Other web browsings 401 We tested other web browsings in the same way and got the same result 402 as google web. Other web browsings include www.baidu.com, 403 www.yahoo.com, www.sohu.com, www.renren.com, www.sina.com, 404 www.tianya.cn, www.qq.com, www.163.com, www.ifeng.com, 405 www.chinanews.com, and they are all popular web sites in china. We 406 also access web by HTTPS,we access 407 https://chatmodels.dmm.co.jp/login/top and it runs smoothly. 409 4.3. Online gaming 411 4.3.1. QQ online gaming 412 +--------------+----------------------------------------------------+ 413 |Test Item |Online gaming | 414 +--------------+----------------- ----------------------------------+ 415 |Sub-Item |QQ Online gaming | 416 +--------------+----------------------------------------------------+ 417 |Test |Check whether PC can register QQ online gaming room.| 418 |Objective | | 419 +--------------+----------------------------------------------------+ 420 |Test Scenario |Scenario:1, 2,3,4 PCs can access online gaming room.| 421 +--------------+----------------------------------------------------+ 422 |Test |1.Configure user IP pool in BRAS. Configure NAT444 | 423 |Procedure |and IPv4 public pool in CGN. | 424 | |2.Install QQ online gaming client on PC | 425 | |3.Check whether PC can entry game room and play. | 426 | |4.Test Activation/Deactivation/Single ALG+tree-tuple| 427 | | | 428 +--------------+----------------------------------------------------+ 429 |Expected |QQ game user can entry game room and play. | 430 |Result | | 431 | | | 432 +--------------+----------------------------------------------------+ 433 |Actual Result |Passed | 434 +--------------+----------------------------------------------------+ 435 |Remarks |Independent ALG | 436 +--------------+----------------------------------------------------+ 438 4.3.2. Other online gaming 440 We tested other online gamings in the same way and got the same 441 result as QQ online gaming. Other online gamings include World of 442 Warcraft , QQ farm, ourgame, Kaixin network, and they are all popular 443 online game in china. 445 4.4. Downloading 447 4.4.1. HTTP downloading 448 +--------------+----------------------------------------------------+ 449 |Test Item |Downloading | 450 +--------------+----------------- ----------------------------------+ 451 |Sub-Item |HTTP downloading | 452 +--------------+----------------------------------------------------+ 453 |Test |Check whether PC can download by HTTP with NAT444 on| 454 |Objective |the networks. | 455 +--------------+----------------------------------------------------+ 456 |Test Scenario |Scenario:1, 2,3,4 PCs can download by HTTP. | 457 +--------------+----------------------------------------------------+ 458 |Test |1.Configure user IP pool in BRAS. Configure NAT444 | 459 |Procedure |and IPv4 public pool in CGN. | 460 | |2.Open any software or MP3 file download page. | 461 | |3.Check whether PC can download the by HTTP. | 462 | |4.Test Activation/Deactivation/Single ALG+tree-tuple| 463 | | | 464 +--------------+----------------------------------------------------+ 465 |Expected |User can download files by HTTP. | 466 |Result | | 467 | | | 468 +--------------+----------------------------------------------------+ 469 |Actual Result |Passed | 470 +--------------+----------------------------------------------------+ 471 |Remarks |Independent ALG | 472 +--------------+----------------------------------------------------+ 474 4.4.2. FTP downloading 475 +--------------+----------------------------------------------------+ 476 |Test Item |Downloading | 477 +--------------+----------------- ----------------------------------+ 478 |Sub-Item |FTP downloading | 479 +--------------+----------------------------------------------------+ 480 |Test |Check whether PC can download by FTP with NAT444 on| 481 |Objective |the networks. | 482 +--------------+----------------------------------------------------+ 483 |Test Scenario |Scenario:1, 2,3,4 PCs can download by FTP. | 484 +--------------+----------------------------------------------------+ 485 |Test |1.Configure user IP pool in BRAS. Configure NAT444 | 486 |Procedure |and IPv4 public pool in CGN. | 487 | |2.Input a FTP address:FTP://debian.bjlx.org.cn. | 488 | |3.Check whether PC can connect to FTP server and | 489 | |download by FTP. | 490 | |4.Test Activation/Deactivation/Single ALG+tree-tuple| 491 +--------------+----------------------------------------------------+ 492 |Expected |User can download files by FTP. | 493 |Result | | 494 | | | 495 +--------------+----------------------------------------------------+ 496 |Actual Result |Passed but dependent ALG | 497 +--------------+----------------------------------------------------+ 498 |Remarks |Not testing when FTP server is in private network | 499 +--------------+----------------------------------------------------+ 501 4.4.3. Bittorrent/eMule downloading 502 +--------------+----------------------------------------------------+ 503 |Test Item |Downloading | 504 +--------------+----------------- ----------------------------------+ 505 |Sub-Item |Bittorrrent/eMule | 506 +--------------+----------------------------------------------------+ 507 |Test |Check whether PC can download by Bittorrent/eMule | 508 |Objective | | 509 +--------------+----------------------------------------------------+ 510 |Test Scenario |Scenario:1, 2,3,4 PCs can download by Bittorrent | 511 | |/eMule | 512 +--------------+----------------------------------------------------+ 513 |Test |1.Configure user IP pool in BRAS. Configure NAT444 | 514 |Procedure |and IPv4 public pool in CGN. | 515 | |2.Install Bittorrent or eMule client on PC. | 516 | |3.Check whether PC can download by Bittorrent/eMule.| 517 | |4.Test Activation/Deactivation/Single ALG+tree-tuple| 518 | | | 519 +--------------+----------------------------------------------------+ 520 |Expected |User can download files by Bittorrent. | 521 |Result |User can download files by eMule. | 522 | | | 523 +--------------+----------------------------------------------------+ 524 |Actual Result |Passed and Independent ALG | 525 +--------------+----------------------------------------------------+ 526 |Remarks |No testing When Bittorrent server in private network| 527 | |No testing When eMule server in private network. | 528 | |CGN not support PCP | 529 +--------------+----------------------------------------------------+ 531 Remark: PCP([draft-ietf-pcp-base-26]) is not actived in CGN. When 532 eMule/Bittorrent server is behind in CGN, we didn't test. 534 +--+ 536 4.4.4. Xunlei downloading 537 +--------------+----------------------------------------------------+ 538 |Test Item |Downloading | 539 +--------------+----------------- ----------------------------------+ 540 |Sub-Item |Xunlei downloading | 541 +--------------+----------------------------------------------------+ 542 |Test |Check whether PC can download by Xunlei when it is | 543 |Objective |in a private network. | 544 +--------------+----------------------------------------------------+ 545 |Test Scenario |Scenario:1, 2,3,4 PCs can download by Xunlei. | 546 +--------------+----------------------------------------------------+ 547 |Test |1.Configure user IP pool in BRAS. Configure NAT444 | 548 |Procedure |and IPv4 public pool in CGN. | 549 | |2.Install Xunlei client on PC. | 550 | |3.Open a file in Xunlei and check whether PC can | 551 | |download by Xunlei. | 552 | |4.Test Activation/Deactivation/Single ALG+tree-tuple| 553 +--------------+----------------------------------------------------+ 554 |Expected |User can download files by Xunlei. | 555 |Result | | 556 | | | 557 +--------------+----------------------------------------------------+ 558 |Actual Result |Passed and Independent ALG | 559 +--------------+----------------------------------------------------+ 560 |Remarks | | 561 +--------------+----------------------------------------------------+ 563 4.5. Internet Video/music 565 4.5.1. PPStream 566 +--------------+----------------------------------------------------+ 567 |Test Item |Internet Video/music | 568 +--------------+----------------- ----------------------------------+ 569 |Sub-Item |PPStream | 570 +--------------+----------------------------------------------------+ 571 |Test |Check whether PC with PPStream client can play video| 572 |Objective |/music programme. | 573 +--------------+----------------------------------------------------+ 574 |Test Scenario |Scenario:1, 2,3,4 PCs can play video/music programme| 575 +--------------+----------------------------------------------------+ 576 |Test |1.Configure user IP pool in BRAS. Configure NAT444 | 577 |Procedure |and IPv4 public pool in CGN. | 578 | |2.Install PPStream client on PC. | 579 | |3.Check whether PC can play programmes on PPStream. | 580 | |4.Test Activation/Deactivation/Single ALG+tree-tuple| 581 | | | 582 +--------------+----------------------------------------------------+ 583 |Expected |User can see the film or listen to music with | 584 |Result |PPStream client. | 585 | | | 586 +--------------+----------------------------------------------------+ 587 |Actual Result |Passed | 588 +--------------+----------------------------------------------------+ 589 |Remarks |Independent ALG | 590 +--------------+----------------------------------------------------+ 592 4.5.2. Other Internet Video/music 594 We tested other Internet Video/music software in the same way and got 595 the same result as PPStream. Other Internet Video/music software 596 include PPlive, Youku, Qiyi, Xunleikankan, Tudou, Baidu video, Sohu 597 video, 163 video, and they are all popular video/music used in china. 599 Youtube can't be accessed by Chinese user and do not pass the test. 601 4.6. Email 603 4.6.1. Outlook/Outlook express 604 +--------------+----------------------------------------------------+ 605 |Test Item |Email | 606 +--------------+----------------- ----------------------------------+ 607 |Sub-Item |Outlook/Outlook express | 608 +--------------+----------------------------------------------------+ 609 |Test |Check whether PC with Outlook/Outlook express can | 610 |Objective |receive and send mail from mail server. | 611 +--------------+----------------------------------------------------+ 612 |Test Scenario |Scenario:1, 2,3,4 PCs can receive/send mail. | 613 +--------------+----------------------------------------------------+ 614 |Test |1.Configure user IP pool in BRAS. Configure NAT444 | 615 |Procedure |and IPv4 public pool in CGN. | 616 | |2.Set Outlook/Outlook express on PC. | 617 | |3.Check whether PC can use Outlook/Outlook express. | 618 | |4.Test Activation/Deactivation/Single ALG+tree-tuple| 619 | | | 620 +--------------+----------------------------------------------------+ 621 |Expected |User can see the film or listen to music with | 622 |Result |PPStream client. | 623 | | | 624 +--------------+----------------------------------------------------+ 625 |Actual Result |Passed | 626 +--------------+----------------------------------------------------+ 627 |Remarks |Independent ALG | 628 +--------------+----------------------------------------------------+ 630 4.6.2. Other Email softwares 632 We tested other Email software in the same way and got the same 633 result as Outlook/Outlook express. Other Email softwares include QQ 634 mail, 163 mail, sina mail, and they are all popular mail used in 635 china. 637 4.7. Other applications 639 4.7.1. Telnet 640 +--------------+----------------------------------------------------+ 641 |Test Item |Telnet | 642 +--------------+----------------- ----------------------------------+ 643 |Sub-Item |Telnet | 644 +--------------+----------------------------------------------------+ 645 |Test |Check whether PC can telnet a device within NAT | 646 |Objective |environment. | 647 +--------------+----------------------------------------------------+ 648 |Test Scenario |Scenario:1, 2,3,4 PCs can Telnet. | 649 +--------------+----------------------------------------------------+ 650 |Test |1.Configure user IP pool in BRAS. Configure NAT444 | 651 |Procedure |and IPv4 public pool in CGN. | 652 | |2.Configure the Telnet on a PC. | 653 | |3.Check whether PC can build telnet. | 654 | |4.Test Activation/Deactivation/Single ALG+tree-tuple| 655 | | | 656 +--------------+----------------------------------------------------+ 657 |Expected |User can build the telnet connection. | 658 |Result | 659 | | | 660 +--------------+----------------------------------------------------+ 661 |Actual Result |Passed | 662 +--------------+----------------------------------------------------+ 663 |Remarks |Independent ALG | 664 +--------------+----------------------------------------------------+ 666 4.7.2. SSH 667 +--------------+----------------------------------------------------+ 668 |Test Item |SSH | 669 +--------------+----------------- ----------------------------------+ 670 |Sub-Item |SSH | 671 +--------------+----------------------------------------------------+ 672 |Test |Check whether PC can build SSH connection within | 673 |Objective |NAT environment. | 674 +--------------+----------------------------------------------------+ 675 |Test Scenario |Scenario:1, 2,3,4 PCs can Build SSH connection. | 676 +--------------+----------------------------------------------------+ 677 |Test |1.Configure user IP pool in BRAS. Configure NAT444 | 678 |Procedure |and IPv4 public pool in CGN. | 679 | |2.Configure the SHH on a router in network | 680 | |3.Check whether PC can build SSH connection | 681 | |4.Test Activation/Deactivation/Single ALG+tree-tuple| 682 | | | 683 +--------------+----------------------------------------------------+ 684 |Expected |User can build the SHH connection. | 685 |Result | 686 | | | 687 +--------------+----------------------------------------------------+ 688 |Actual Result |Passed | 689 +--------------+----------------------------------------------------+ 690 |Remarks |Independent ALG | 691 +--------------+----------------------------------------------------+ 693 4.7.3. Traceroute 694 +--------------+----------------------------------------------------+ 695 |Test Item |Traceroute | 696 +--------------+----------------- ----------------------------------+ 697 |Sub-Item |Traceroute (using ICMP) | 698 +--------------+----------------------------------------------------+ 699 |Test |Check whether two PCs behind NAT can traceroute. | 700 |Objective |NAT environment. | 701 +--------------+----------------------------------------------------+ 702 |Test Scenario |Scenario:1, 2,3,4 . | 703 +--------------+----------------------------------------------------+ 704 |Test |1.Configure user IP pool in BRAS. Configure NAT444 | 705 |Procedure |and IPv4 public pool in CGN. | 706 | |2.Traceroute from a PC to another PC. | 707 | |3.Check whether two PC can traceroute. | 708 | |4.Test Activation/Deactivation/Single ALG+tree-tuple| 709 | | | 710 +--------------+----------------------------------------------------+ 711 |Expected |Two users can traceroute. | 712 |Result | 713 | | | 714 +--------------+----------------------------------------------------+ 715 |Actual Result |Passed | 716 +--------------+----------------------------------------------------+ 717 |Remarks |Independent ALG | 718 +--------------+----------------------------------------------------+ 720 4.7.4. Remote desktop 721 +--------------+----------------------------------------------------+ 722 |Test Item |Remote desktop | 723 +--------------+----------------- ----------------------------------+ 724 |Sub-Item |Remote desktop | 725 +--------------+----------------------------------------------------+ 726 |Test |Check whether a PC behind NAT can remote desktop | 727 |Objective |to another PC behind NAT or to a public PC. | 728 +--------------+----------------------------------------------------+ 729 |Test Scenario |Scenario:1, 2,3,4 . | 730 +--------------+----------------------------------------------------+ 731 |Test |1.Configure user IP pool in BRAS. Configure NAT444 | 732 |Procedure |and IPv4 public pool in CGN. | 733 | |2.Remote desktop from a PC to another PC. | 734 | |3.Check whether two PC can remotedesktop successfully 735 | |4.Test Activation/Deactivation/Single ALG+tree-tuple| 736 | | | 737 +--------------+----------------------------------------------------+ 738 |Expected |User behind CGN can remote desktop to another CGN | 739 |Result |user or a public IP user. | 740 | | | 741 +--------------+----------------------------------------------------+ 742 |Actual Result |Passed | 743 +--------------+----------------------------------------------------+ 744 |Remarks |Independent ALG | 745 +--------------+----------------------------------------------------+ 747 4.8. VPN 749 4.8.1. iAccess 750 +--------------+----------------------------------------------------+ 751 |Test Item |VPN | 752 +--------------+----------------- ----------------------------------+ 753 |Sub-Item |iAccess | 754 +--------------+----------------------------------------------------+ 755 |Test |Check whether a PC behind NAT can remote desktop | 756 |Objective |to another PC behind NAT or to a public PC. | 757 +--------------+----------------------------------------------------+ 758 |Test Scenario |Scenario:1, 2,3,4 . | 759 +--------------+----------------------------------------------------+ 760 |Test |1.Configure user IP pool in BRAS. Configure NAT444 | 761 |Procedure |and IPv4 public pool in CGN. | 762 | |2.Get a iAccess user and password from company. | 763 | |3.Check whether public PC can access the company. | 764 | |4.Test Activation/Deactivation/Single ALG+tree-tuple| 765 | | | 766 +--------------+----------------------------------------------------+ 767 |Expected |User can access company resource from public network| 768 |Result |by iAccess user and password. | 769 | | | 770 +--------------+----------------------------------------------------+ 771 |Actual Result |Passed | 772 +--------------+----------------------------------------------------+ 773 |Remarks |Independent ALG; not test PPTP,L2TP | 774 +--------------+----------------------------------------------------+ 776 4.9. Shopping online 778 4.9.1. Taobao 779 +--------------+----------------------------------------------------+ 780 |Test Item |Shopping online | 781 +--------------+----------------- ----------------------------------+ 782 |Sub-Item |Taobao | 783 +--------------+----------------------------------------------------+ 784 |Test |Check whether user can shop by Taobao within NAT | 785 |Objective |environment. | 786 +--------------+----------------------------------------------------+ 787 |Test Scenario |Scenario:1, 2,3,4 PC can access Taobao. . | 788 +--------------+----------------------------------------------------+ 789 |Test |1.Configure user IP pool in BRAS. Configure NAT444 | 790 |Procedure |and IPv4 public pool in CGN. | 791 | |2.Open browsing and input Taobao address. | 792 | |3.Check whether user can access Taobao web site. | 793 | |4.Test Activation/Deactivation/Single ALG+tree-tuple| 794 | | | 795 +--------------+----------------------------------------------------+ 796 |Expected |User can shop in Taobao and do all kind of operation| 797 |Result |in web site. | 798 | | | 799 +--------------+----------------------------------------------------+ 800 |Actual Result |Passed | 801 +--------------+----------------------------------------------------+ 802 |Remarks |Independent ALG | 803 +--------------+----------------------------------------------------+ 805 4.10. Bank 807 4.10.1. China Merchants Bank 808 +--------------+----------------------------------------------------+ 809 |Test Item |Bank | 810 +--------------+----------------------------------------------------+ 811 |Sub-Item |China Merchants Bank | 812 +--------------+----------------------------------------------------+ 813 |Test |Check whether user can use online bank web within | 814 |Objective |NAT environment. | 815 +--------------+----------------------------------------------------+ 816 |Test Scenario |Scenario:1, 2,3,4 PC can access online bank. . | 817 +--------------+----------------------------------------------------+ 818 |Test |1.Configure user IP pool in BRAS. Configure NAT444 | 819 |Procedure |and IPv4 public pool in CGN. | 820 | |2.Open browsing and input China Merchants Bank Addr | 821 | |3.Check whether user can use online bank. | 822 | |4.Test Activation/Deactivation/Single ALG+tree-tuple| 823 | | | 824 +--------------+----------------------------------------------------+ 825 |Expected |User can use online bank on web site. | 826 |Result | | 827 | | | 828 +--------------+----------------------------------------------------+ 829 |Actual Result |Passed | 830 +--------------+----------------------------------------------------+ 831 |Remarks |Independent ALG | 832 +--------------+----------------------------------------------------+ 834 4.11. Negotiable securities 836 4.11.1. United securities 837 +--------------+----------------------------------------------------+ 838 |Test Item |Negotiable securities | 839 +--------------+----------------------------------------------------+ 840 |Sub-Item |United securities | 841 +--------------+----------------------------------------------------+ 842 |Test |Check whether user can entry securities exchange | 843 |Objective |centre and trade. | 844 +--------------+----------------------------------------------------+ 845 |Test Scenario |Scenario:1, 2,3,4 PC can access securities web. | 846 +--------------+----------------------------------------------------+ 847 |Test |1.Configure user IP pool in BRAS. Configure NAT444 | 848 |Procedure |and IPv4 public pool in CGN. | 849 | |2.Install United securities client. | 850 | |3.Check whether user can entry the securities | 851 | |exchange centre and trade | 852 | |4.Test Activation/Deactivation/Single ALG+tree-tuple| 853 +--------------+----------------------------------------------------+ 854 |Expected |User can entry securities exchange centre and trade.| 855 |Result | | 856 | | | 857 +--------------+----------------------------------------------------+ 858 |Actual Result |Passed | 859 +--------------+----------------------------------------------------+ 860 |Remarks |Independent ALG | 861 +--------------+----------------------------------------------------+ 863 4.12. Map 865 4.12.1. google map 866 +--------------+----------------------------------------------------+ 867 |Test Item |MAP | 868 +--------------+----------------------------------------------------+ 869 |Sub-Item |Google map | 870 +--------------+----------------------------------------------------+ 871 |Test |Check whether user can use google map for search | 872 |Objective |Within the NAT environment. | 873 +--------------+----------------------------------------------------+ 874 |Test Scenario |Scenario:1, 2,3,4 PC can use google map. | 875 +--------------+----------------------------------------------------+ 876 |Test |1.Configure user IP pool in BRAS. Configure NAT444 | 877 |Procedure |and IPv4 public pool in CGN. | 878 | |2.Open google map. | 879 | |3.Check whether user can goole map for search. | 880 | |Check the session entries on CGN. | 881 | |4.Test Activation/Deactivation/Single ALG+tree-tuple| 882 +--------------+----------------------------------------------------+ 883 |Expected |User can use google map for search. | 884 |Result | | 885 | | | 886 +--------------+----------------------------------------------------+ 887 |Actual Result |Passed | 888 +--------------+----------------------------------------------------+ 889 |Remarks |Independent ALG | 890 +--------------+----------------------------------------------------+ 892 We tested Baidu map in the same way and got the same result . 894 5. Applications Testing with same public IP address 896 This section describes testing result when different CPEs use same 897 public IP address. The purpose of testing is make sure the 898 application can also be used when different users use same external 899 public IP address. 901 This section include three scenarios. Scenario 1: in figure 1 PC1 902 and PC2 use same external public IP address; Scenario 2: in figure1 903 PC2 and PC3 use same external public IP address; Scenario 3: in 904 figure 3 PC4 are CGN user and PC5 are public user; 906 5.1. Instant message applications 908 5.1.1. Microsoft Messenger 909 +--------------+----------------------------------------------------+ 910 |Test Item |IM | 911 +--------------+----------------------------------------------------+ 912 |Sub-Item |Microsoft Messenger | 913 +--------------+----------------------------------------------------+ 914 |Test |Check when ALG active or deactive whether MSN has | 915 |Objective |same communication flow in three scenarios. | 916 +--------------+----------------------------------------------------+ 917 |Test Scenario |Scenario:1, 2,3 | 918 +--------------+----------------------------------------------------+ 919 |Test |1.Configure user IP pool in BRAS. Configure NAT444 | 920 |Procedure |and IPv4 public pool in CGN. | 921 | |2.Install MSN in PC | 922 | |3.Check whether MSN user can register | 923 | |4.Active ALG and see the communication flow by | 924 | |grasping packets in three scenarios. | 925 +--------------+----------------------------------------------------+ 926 |Expected |MSN user can communicate in three scenarios. | 927 |Result | | 928 | | | 929 +--------------+----------------------------------------------------+ 930 |Actual Result |Passed | 931 +--------------+----------------------------------------------------+ 932 |Remarks | | 933 +--------------+----------------------------------------------------+ 935 5.2. Online gaming 937 5.2.1. QQ online gaming 938 +--------------+----------------------------------------------------+ 939 |Test Item |Online gaming | 940 +--------------+----------------- ----------------------------------+ 941 |Sub-Item |QQ Online gaming | 942 +--------------+----------------------------------------------------+ 943 |Test |Check whether QQ online game has the same flow when | 944 |Objective |ALG active or deactive. | 945 +--------------+----------------------------------------------------+ 946 |Test Scenario |Scenario:1, 2,3 | 947 +--------------+----------------------------------------------------+ 948 |Test |1.Configure user IP pool in BRAS. Configure NAT444 | 949 |Procedure |and IPv4 public pool in CGN. | 950 | |2.Install QQ online gaming client on PC | 951 | |3.Check whether PC can entry game room and play. | 952 | |4.Grasp packets when ALG active or deactive. | 953 | | | 954 +--------------+----------------------------------------------------+ 955 |Expected |QQ game user can entry game room and play. | 956 |Result | | 957 | | | 958 +--------------+----------------------------------------------------+ 959 |Actual Result |Failed | 960 +--------------+----------------------------------------------------+ 961 |Remarks |same public IP user can't entry the same game room. | 962 +--------------+----------------------------------------------------+ 964 5.3. Internet Video/music 966 5.3.1. Youku 967 +--------------+----------------------------------------------------+ 968 |Test Item |Internet Video/music | 969 +--------------+----------------- ----------------------------------+ 970 |Sub-Item |Youku | 971 +--------------+----------------------------------------------------+ 972 |Test |Check whether Youku has the same flow when ALG | 973 |Objective |active or deactive. | 974 +--------------+----------------------------------------------------+ 975 |Test Scenario |Scenario:1, 2,3 | 976 +--------------+----------------------------------------------------+ 977 |Test |1.Configure user IP pool in BRAS. Configure NAT444 | 978 |Procedure |and IPv4 public pool in CGN. | 979 | |2.Go to Youku web site and view video. | 980 | |3.Grasp packets when ALG active or deactive and | 981 | |analyse the flow. | 982 | | | 983 +--------------+----------------------------------------------------+ 984 |Expected |User can see the film or listen to music in Youku | 985 |Result |web site. | 986 | | | 987 +--------------+----------------------------------------------------+ 988 |Actual Result |Passed | 989 +--------------+----------------------------------------------------+ 990 |Remarks | | 991 +--------------+----------------------------------------------------+ 993 5.4. Shopping online 995 5.4.1. Taobao 996 +--------------+----------------------------------------------------+ 997 |Test Item |Shopping online | 998 +--------------+----------------- ----------------------------------+ 999 |Sub-Item |Taobao | 1000 +--------------+----------------------------------------------------+ 1001 |Test |Check whether Taobao user has the same flow when NAT| 1002 |Objective |actives or deactives. | 1003 +--------------+----------------------------------------------------+ 1004 |Test Scenario |Scenario:1, 2,3 | 1005 +--------------+----------------------------------------------------+ 1006 |Test |1.Configure user IP pool in BRAS. Configure NAT444 | 1007 |Procedure |and IPv4 public pool in CGN. | 1008 | |2.Open browsing and input Taobao address. | 1009 | |3.Check whether user can shop on Taobao web site. | 1010 | |4.Grasp packets when ALG actives or deactives to see| 1011 | |whether the flow are same or not. | 1012 +--------------+----------------------------------------------------+ 1013 |Expected |User can shop in Taobao. | 1014 |Result | | 1015 | | | 1016 +--------------+----------------------------------------------------+ 1017 |Actual Result |Passed | 1018 +--------------+----------------------------------------------------+ 1019 |Remarks | | 1020 +--------------+----------------------------------------------------+ 1022 5.5. Bank 1024 5.5.1. Industrial and Commercial Bank of China 1025 +--------------+----------------------------------------------------+ 1026 |Test Item |Bank | 1027 +--------------+----------------------------------------------------+ 1028 |Sub-Item |Industrial and Commercial Bank of China(ICBC) | 1029 +--------------+----------------------------------------------------+ 1030 |Test |Check when user can use online ICBC bank web the | 1031 |Objective |service flow is same when activing/deactiving ALG. | 1032 +--------------+----------------------------------------------------+ 1033 |Test Scenario |Scenario:1, 2,3 | 1034 +--------------+----------------------------------------------------+ 1035 |Test |1.Configure user IP pool in BRAS. Configure NAT444 | 1036 |Procedure |and IPv4 public pool in CGN. | 1037 | |2.Open browsing and input ICBC Bank address. | 1038 | |3.Check whether user can use online bank to transfer| 1039 | |4.Grasp the packets to analyse the flow when ALG | 1040 | |actives or deactives. | 1041 +--------------+----------------------------------------------------+ 1042 |Expected |User can use online bank on web site. | 1043 |Result | | 1044 | | | 1045 +--------------+----------------------------------------------------+ 1046 |Actual Result |Passed | 1047 +--------------+----------------------------------------------------+ 1048 |Remarks | | 1049 +--------------+----------------------------------------------------+ 1051 6. Effect analysis 1053 6.1. User experience 1055 User experience can't be quantified and we get the result only by 1056 subjective experience. Time delay, echo, fluency in video and audio 1057 are almost same as without NAT444 on network. Communications between 1058 CGN users and CGN user with public user are always normal. As a 1059 result, NAT444 has no affection on the users' experience in the tests 1060 we have run. 1062 6.2. Testing summary 1064 In all the applications aforementioned only FTP depends on ALG. We 1065 only test two levels NAT. 1067 QQ online gaming does not permit two users use the same external 1068 public IP address in the same game room. When two users use the same 1069 external public IP address, QQ online gaming considers they come from 1070 the same subscriber. If they are in the same game room, they are 1071 regarded as cribbers. 1073 We only tested a bank account to use online bank since we only have 1074 one account. 1076 We didn't test when eMule, Bittorrent work as internal server. This 1077 needs support of PCP. 1079 When there is two levels NAT, users can't set internal server, such 1080 as FTP server, in home network. 1082 Communication between CGN user and public IP user belonging to the 1083 same CGN is not processed by service board. 1085 7. Security Considerations 1087 8. Acknowledgments 1089 9. IANA Considerations 1091 10. Informative References 1093 [draft-ietf-pcp-base-26] 1094 IETF, "Port Control Protocol (PCP)", June 2012, 1095 . 1097 Authors' Addresses 1099 Zhongchao Li 1100 China Telecom 1101 Nanjing, 1102 P.R. China 1104 Email: 15301588336@189.cn 1105 Hongwei Guo 1106 China Telecom 1107 Nanjing, 1108 P.R. China 1110 Email: 15306188213@189.cn 1112 Chunlin Liu 1113 China Telecom 1114 Nanjing, 1115 P.R. China 1117 Email: liuchunlin@jsptpd.com 1119 Will Liu 1120 Huawei Technologies 1121 Bantian, Longgang DIST 1122 Shenzhen 518129 1123 P.R. China 1125 Phone: +86 755 28972315 1126 Email: liushucheng@huawei.com 1128 Zhongjian Zhang 1129 Huawei Technologies 1130 Bantian, Longgang DIST 1131 Shenzhen, 1132 P.R. China 1134 Email: zhangzhongjian@huawei.com