There are two reasons mobile network operators are giving out private IP addresses to mobile users and map the traffic over a Network Address Translation (NAT) gateway to and from the Internet. The first is that IPv4 addresses are a scarce resource and assigning a public IP address to every user would require a huge pool. The second is reason battery drain. As public IPv4 addresses get reassigned, unsolicited packets can arrive at the mobile device for example from file sharing applications that were intended for the previous owner of the IP address, from virus- and other malware programs probing computers for potential weaknesses and from other origins. This phenomenon can be nicely observed in networks that use public IP addresses like Vodafone Spain for example and drain the battery really fast as the air interface is constantly in connected state. NAT keeps those packets from coming in which is good for battery consumption. On the other hand, network address translation renders services running on the mobile device that are waiting for incoming connections useless.
IPv6 can easily fix the later problem as the address space is so huge that each mobile device gets assigned a full 64 bit address space from which a network identifier (the other 64 bit of the address) can then be selected. The network operator is assigned a 32 bit part of the IPv6 address (for details see the German version of the Wikipedia entry on IPv6) which means that almost 4.3 billion devices can be hosted with a single assignment. So will that help with the power consumption problem due to unsolicited packets? If subnets are randomly assigned, then that might just do the trick as spamming such a large address space with unsolicited packets is likely to be quite difficult if not impossible.
IPv6 enthusiasts out there, what do you think?
The answer is “not quite”. The problem is not just NAT – it is also the firewall or stateful edge device that is conducting traffic flow and protecting handset ranges from internet attacks.
These firewalls can’t really deal with a large number of sessions due to memory and other performance related issues and as such require a timeout value to be placed on “always-on” TCP connections. Hence why the keep-alive packets need to be sent anyway, even if IPv6 is used as the firewalls would otherwise drop the connections.
The other reason for timeouts is that in a wireless environment, there is a lot of hung TCP connections – again these will exist regardless of IPv6 or IPv4 and the timeout value needs to be set to something reasonable for the size of the network. 15min or 30min timeouts are common.
To rely in pure luck in order to avoid spam IPv6 packets is not a very good option…
I here see the use case for paging protocols at the IP level similar to those found in at the Radio Level such as RFC 3154. These protocols could be integrated with packet filtering solutions able to detect such spam.
Hi Sadin,
Thanks for commenting, you mention two very good points!
Its going to be interesting to see how much protection will be put at the edge of the network for IPv6 when NAT is no longer required and if it is really required. As you say, managing TCP and UDP connections is a pretty expensive thing to do on the network level.
Good argument concerning the keep-alives, you are right, its not only a NAT requirement. I think a lot more fine tuning can be done on this end. When I look at the Nokia SIP implementation for example, it sends keep-alives by the minute.
Kind regards,
Martin
Hi Diogo,
yes, relying on luck not to get unsolicited packets that drain your battery is not a good thing. In the limited IPv4 address space you can get unlucky quite quickly. So I wonder that when an operator has billions of potential subnets to give out isnt the chance of being frequently hit small enough to be tolerated?
Kind regards,
Martin
Nokia has tested NAT vs. IPv6 and found out that NAT keep-alives drain the battery by 50% while IPv6 does not.
behind a firewall you can put any kind of IP address, preferably a global IP address. I won’t recommend an IPv4 address as most of the remaining IPv4 address space is part of the swamp used by all kind of rogue networks, spamers, hackers and previous users. No more good for new mobile networks.