Carrier Grade NAT (CGNAT to CGNAT) Testing #383
Assignees
Labels
development
Standard development
r&d:polykey:core activity 4
End to End Networking behind Consumer NAT Devices
Comments
CMCDragonkai
changed the title
teebirdy
added
the
r&d:polykey:core activity 4
16 tasks
|
To test CGNAT to CGNAT, we can basically connect to the office from another mobile network by hot-spotting a laptop. This can be done in-office or at home. It will be critical for mobile networks for this to work. But if hole punching doesn't succeed then, most likely this will need to be done with relaying. Note though, that it's possible that many mobile phones end up sharing the same IP address. And this would result in the same problem with P2P on internal networks. I'll discuss this problem in MatrixAI/js-mdns#1. |
CMCDragonkai
changed the title
|
This can only be done in PKI, not here. Closing for now as this is not something we can do until we implement more sophisticated PKI and setup relaying NAT traversal in #182. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Specification
Existing issues #159 and PR #381 address testing the NAT busting through hole-punching and centralised signalling via
testnet.polykey.io. We know that certain NAT situations won't be traversable until relaying via #182 is possible. We're parking #182 until #365 is first solved, since the architectures would be similar.This issue is about augmenting our NAT tests to also simulate a carrier grade NAT situation. This is important for mobile device deployment.
To give you an example, our office has a wireless router connected to the ISP. The router provides a LAN for the office computers. However the external IP assigned to the router is not the real IP on the internet, it's also within a LAN with respect to the ISP. The ISP adds their own NAT on top of our router's NAT.
This means there's a "double NAT".
Therefore we may want to test:
The hardest would be double NAT to double NAT.
When I attempted to use wireguard/tailscale to connect my home laptop to my phone's hotspot to the office router to the windows/mac systems in office, I noticed that it had to use the DERP relays, a direct connection was not possible. This implies hole-punching and signalling is not enough in theses situations. But we can simumlate this using our NAT simulation harness.
The CGNAT is likely to be a port-restricted or symmetric NAT. And as we saw in #381, we don't need to test address-restricted or full-cone as long as port-restricted and symmetric works.
Additional context
testnet.polykey.io#487 - demonstrates that CGNAT to NAT and NAT to CGNAT works.Tasks
The text was updated successfully, but these errors were encountered: