Independent Submission S. Vinapamula Request for Comments: 7767 Juniper Networks Category: Informational

Abstract This document specifies a mechanism for a host to indicate via the Port Control Protocol (PCP) which connections should be protected against network failures. These connections will then be subject to high-availability mechanisms enabled on the network side. This approach assumes that applications and/or users have more visibility about sensitive connections than any heuristic that can be enabled on the network side to guess which connections should be check-pointed

Traversing NAT: A Problem

This quasi-experimental before-and-after study measured and analyzed the impacts of adding security to a new bi-directional Network Address Translation (NAT). Literature revolves around various types of NAT, their advantages and disadvantages, their security models, and networking technologies’ adoption. The study of the newly created secure bi-directional model of NAT showed statistically significant changes in the variables than another model using port forwarding. Future research of how data will traverse networks is crucial in an ever-changing world of technology

Mass Adoption of NATs: Survey and experiments on carrier-grade NATs

In recent times, the prevalence of home NATs and the widespread implementation of Carrier-Grade NATs have posed significant challenges to various applications, particularly those relying on Peer-to-Peer communication. This paper addresses these issues by conducting a thorough review of related literature and exploring potential techniques to mitigate the problems. The literature review focuses on the disruptive effects of home NATs and CGNATs on application performance. Additionally, the study examines existing approaches used to alleviate these disruptions. Furthermore, this paper presents a comprehensive guide on how to puncture a NAT and facilitate direct communication between two peers behind any type of NAT. The techniques outlined in the guide are rigorously tested using a simple application running the IPv8 network overlay, along with their built-in NAT penetration procedures. To evaluate the effectiveness of the proposed techniques, 5G communication is established between two phones using four different Dutch telephone carriers. The results indicate successful cross-connectivity with three out of the four carriers tested, showcasing the practical applicability of the suggested methods.Comment: 12 pages, 9 figure

Avaliação do PCP como mecanismo de travessia de NAT em aplicações de backup

Trabalho de Conclusão de Curso (graduação)—Universidade de Brasília, Instituto de Ciências Exatas, Departamento de Ciência da Computação, 2019.Com a grande popularidade do protocolo de Internet, usado para definir os endereços de rede para dispositivos conectados à Internet, criou-se um grande problema de esgotamento de endereços. Isto resultou na criação da Tradução de Endereço de Rede (do inglês, Network Address Translation - NAT), utilizado com o objetivo de compartilhar o uso de um único endereço de rede entre vários dispositivos. Seu amplo uso, acarretou em problemas relacionados a conectividade entre aparelhos em diferentes redes. No trabalho será realizada uma apresentação dos principais métodos utilizados para a travessia de NAT, destacando o Protocolo de Controle de Porta (do inglês, Port Control Protocol - PCP). Este protocolo, proposto pelo Internet Engineering Task Force e descrito na RFC 6887, permite que um dispositivo em uma rede privada faça um mapeamento de seu endereço de rede para um endereço externo e roteável, permitindo assim ser alcançável por diferentes nós na Internet. O objetivo é analisar as principais funcionalidades deste protocolo na prática, buscando integrar uma implementação deste com duas ferramentas de backup, o Bacula e o Rsync, para expor como esta solução de travessia de NAT pode ser utilizada em um cenário real com o objetivo de aumentar o escopo de uso destas ferramentas. Foi feita uma análise de performance dessas ferramentas em um cenário onde o uso do PCP é necessário, indicando o PCP como uma solução válida e eficiente para a realização de travessia de NAT.With the widespread popularity of the Internet protocol, which is used to distribute net- work addresses to devices connected to the Internet, a major problem of address exhaus- tion has been created. This resulted in the creation of the Network Address Translator, which is mainly used to share the use of a single network address across multiple devices. Its widespread use has led to problems related to connectivity between devices on different networks. The main methods used for NAT traversal were presented, with a special focus on the Port Control Protocol, PCP. This protocol, proposed by the IETF and described in RFC 6887, allows a host on a private network to map its IP address and port to a routable address, thus allowing it to be reachable by different nodes on the Internet. The goal is to analyze this protocol’s main features in practice, integrating an implementation with two backup tools, Bacula and Rsync, to expose how PCP can be used in a real scenario in order to increase the usability of these tools. An analysis of performance of these tools was performed in a scenario where PCP is necessary, showing PCP as a valid and efficient solution for NAT traversal

IPv4 address sharing mechanism classification and tradeoff analysis

The growth of the Internet has made IPv4 addresses a scarce resource. Due to slow IPv6 deployment, IANA-level IPv4 address exhaustion was reached before the world could transition to an IPv6-only Internet. The continuing need for IPv4 reachability will only be supported by IPv4 address sharing. This paper reviews ISP-level address sharing mechanisms, which allow Internet service providers to connect multiple customers who share a single IPv4 address. Some mechanisms come with severe and unpredicted consequences, and all of them come with tradeoffs. We propose a novel classification, which we apply to existing mechanisms such as NAT444 and DS-Lite and proposals such as 4rd, MAP, etc. Our tradeoff analysis reveals insights into many problems including: abuse attribution, performance degradation, address and port usage efficiency, direct intercustomer communication, and availability

Tracking Middleboxes in the Mobile World with TraceboxAndroid

peer reviewedMiddleboxes are largely deployed over cellular networks. It is known that they might disrupt network performance, expose users to security issues, and harm protocols deployability. Further, hardly any network measurements tools for smartphones are able to infer middlebox behaviors, specially if one cannot control both ends of a path. In this paper, we present TraceboxAndroid a proof-of-concept measurement application for Android mobile devices implementing the tracebox algorithm. It aims at diagnosing middlebox-impaired paths by detecting and locating rewriting middleboxes. We analyze a dataset sample to highlight the range of opportunities offered by TraceboxAndroid. We show that TraceboxAndroid can be useful for mobile users as well as for the research community

Analysis of security impact of making mShield an IPv4 to IPv6 converter box

info:eu-repo/semantics/acceptedVersio

De-ossifying the Internet Transport Layer : A Survey and Future Perspectives

ACKNOWLEDGMENT The authors would like to thank the anonymous reviewers for their useful suggestions and comments.Peer reviewedPublisher PD