Airtel 3G running CGNAT

Yesterday I was driving and radio was pretty boring. Next, I connected cell phone to car’s stereo (I use a PT-750 to wirelessly connected my devices to car’s audio system). Next I tuned into Gaana.com app and experience was overall good. The way whole setup was working itself is a wonder - wireless profiles keeping layer 3 link (IP address of device) consistent and handovers happening on layer 1. On top of that a while world of backbone routing across AS9498 backbone the hosting provider’s network of the app. Now an interesting thing in this setup was the IP allocations. I that IP allocated by Airtel was 100.92.215.253.

Is that an Airtel allocated IP range?

Let’s see whois data on it:  

NetRange: 100.64.0.0 - 100.127.255.255
CIDR: 100.64.0.0/10
OriginAS:
NetName: SHARED-ADDRESS-SPACE-RFCTBD-IANA-RESERVED
NetHandle: NET-100-64-0-0-1
Parent: NET-100-0-0-0-0
NetType: IANA Special Use
Comment: This block is used as Shared Address Space. Traffic from these addresses does not come from IANA. IANA has simply reserved these numbers in its database and does not use or operate them. We are not the source of activity you may see on logs or in e-mail records. Please refer to http://www.iana.org/abuse/
Comment:
Comment: Shared Address Space can only be used in Service Provider networks or on routing equipment that is able to do address translation across router interfaces when addresses are identical on two different interfaces.
Comment:
Comment: This block was assigned by the IETF in the Best Current Practice document,
Comment: RFC 6598 which can be found at:
Comment: http://tools.ietf.org/html/rfc6598
RegDate: 2012-03-13
Updated: 2012-04-23
Ref: http://whois.arin.net/rest/net/NET-100-64-0-0-1

The IP is part of 100.64.0.0/10 which is a well known pool for CGNAT or Carrier Grade NAT. Checkout wikipedia’s small into to CGNAT here. Basically Airtel is out of publically unique IP address pools and hence doing NAT at carrier level. This is something very common across 3G provider’s in India where they are getting a demand of high growth and “always on” connectivity where end users just grab an IP address and keep it for long time and carriers can’t re-use it anywhere else in network.  

Why use 100.64.0.0/10 ?

This is because other private pools from RFC1918 address space are already in use by lot of home and business networks for NATing inside a home or organization network. If carriers also use the same, it will cause a major conflict and routing will just fail. Imagine using 192.168.1.0/24 on your home router and then getting a WAN IP of 192.168.1.100 from your upstream. It will just not work. Thus a pool 100.64.0.0/10 is just like other private IP’s but simply not used by CPE vendors as default pool for NATing. Further more 100.64.0.0/10 is supposed to stay within an organization and not to be announced/leaked to any peer. It’s a one-to-many NAT and multiple IP’s in pool 100.64.0.0/10 have a single public IP as source address.   Let’s check what is my public IP on same 3G connection from bgp.he.net.

So my public IP at that instant was 223.225.243.83. This public IP has many such private IP’s behind it. It is part of 223.225.240.0/20 pool announced by Airtel AS9498 in global routing table. Though technically 100.64.0.0/10 is supposed to stay within a network and not hit global table at all but just like other routing issues, it’s very common to see this pool in global table. At the time of this blog post I see that BELTelecom in Belarus (AS6697) is leaking 100.92.0.0/16 in the global routing table. Route has very limited visibility but does seems visible at Oregon route-views. Russian provider MegaFon AS31133 seems to be transiting it.

route-views.routeviews.org> show ip bgp 100.92.0.0/16 long
BGP table version is 0, local router ID is 128.223.51.103
Status codes: s suppressed, d damped, h history, * valid, > best, i – internal,
r RIB-failure, S Stale, R Removed
Origin codes: i – IGP, e – EGP, ? – incomplete
Network Next Hop Metric LocPrf Weight Path
* 100.92.0.0/16 95.85.0.2 0 200130 31133 6697 i
* 217.75.96.60 0 0 16150 31133 6697 i
* 5.101.110.2 0 202018 31133 6697 i
* 194.85.40.15 0 3267 31133 31133 6697 i
* 194.85.102.33 0 3277 3267 31133 31133 6697 i
*> 164.128.32.11 0 3303 31133 6697 i
Total number of prefixes 1
route-views.routeviews.org>

Next time when you are streaming music over 3G, think about all nuts and bolts running in background to keep it going. ;)