Typical additional latency for CGN?
Have there been studies on how much latency CGN adds to a typical internet user? I'd also be interested in anecdotes. I've seen theoretical predictions but by now we should have measurements from early-world deployments. Thanks, Tom -- Speaking at MacTech Conference 2012. http://mactech.com/conference http://EverythingSysadmin.com -- my blog http://www.TomOnTime.com -- my videos
Ancedotally, for users of an e-gadget company's website, cellphone company's outbound web proxies, internet games company, and image-intensive home furnishings website, the CGNs delivered content faster than the main website could, regardless of increasing its bandwidth. Latency problems with the CGNs were less than the main websites' latency problems, on the average. There were days that was not true, and days we had to re-re-re-reset the CGN contents, and the day the @#$#@$% game programmers screwed up the CGN calls, but on the whole it was among the least performance limiting / impeding features of the sites in question. -george On Sun, Oct 7, 2012 at 1:47 PM, Tom Limoncelli <tal@whatexit.org> wrote:
Have there been studies on how much latency CGN adds to a typical internet user? I'd also be interested in anecdotes.
I've seen theoretical predictions but by now we should have measurements from early-world deployments.
Thanks, Tom
-- Speaking at MacTech Conference 2012. http://mactech.com/conference http://EverythingSysadmin.com -- my blog http://www.TomOnTime.com -- my videos
-- -george william herbert george.herbert@gmail.com
I think you've confused CGN with CDN. On Sun, 7 Oct 2012, George Herbert wrote:
Ancedotally, for users of an e-gadget company's website, cellphone company's outbound web proxies, internet games company, and image-intensive home furnishings website, the CGNs delivered content faster than the main website could, regardless of increasing its bandwidth. Latency problems with the CGNs were less than the main websites' latency problems, on the average.
There were days that was not true, and days we had to re-re-re-reset the CGN contents, and the day the @#$#@$% game programmers screwed up the CGN calls, but on the whole it was among the least performance limiting / impeding features of the sites in question.
-george
On Sun, Oct 7, 2012 at 1:47 PM, Tom Limoncelli <tal@whatexit.org> wrote:
Have there been studies on how much latency CGN adds to a typical internet user? I'd also be interested in anecdotes.
I've seen theoretical predictions but by now we should have measurements from early-world deployments.
Thanks, Tom
-- Speaking at MacTech Conference 2012. http://mactech.com/conference http://EverythingSysadmin.com -- my blog http://www.TomOnTime.com -- my videos
-- -george william herbert george.herbert@gmail.com
---------------------------------------------------------------------- Jon Lewis, MCP :) | I route Senior Network Engineer | therefore you are Atlantic Net | _________ http://www.lewis.org/~jlewis/pgp for PGP public key_________
Or maybe SDN ? So many acronyms to choose from On Oct 7, 2012 5:31 PM, "Jon Lewis" <jlewis@lewis.org> wrote:
I think you've confused CGN with CDN.
On Sun, 7 Oct 2012, George Herbert wrote:
Ancedotally, for users of an e-gadget company's website, cellphone
company's outbound web proxies, internet games company, and image-intensive home furnishings website, the CGNs delivered content faster than the main website could, regardless of increasing its bandwidth. Latency problems with the CGNs were less than the main websites' latency problems, on the average.
There were days that was not true, and days we had to re-re-re-reset the CGN contents, and the day the @#$#@$% game programmers screwed up the CGN calls, but on the whole it was among the least performance limiting / impeding features of the sites in question.
-george
On Sun, Oct 7, 2012 at 1:47 PM, Tom Limoncelli <tal@whatexit.org> wrote:
Have there been studies on how much latency CGN adds to a typical internet user? I'd also be interested in anecdotes.
I've seen theoretical predictions but by now we should have measurements from early-world deployments.
Thanks, Tom
-- Speaking at MacTech Conference 2012. http://mactech.com/conference http://EverythingSysadmin.com -- my blog http://www.TomOnTime.com -- my videos
-- -george william herbert george.herbert@gmail.com
------------------------------**------------------------------**---------- Jon Lewis, MCP :) | I route Senior Network Engineer | therefore you are Atlantic Net | _________ http://www.lewis.org/~jlewis/**pgp<http://www.lewis.org/~jlewis/pgp>for PGP public key_________
On Oct 7, 2012, at 4:56 PM, George Herbert <george.herbert@gmail.com> wrote:
Ancedotally, for users of an e-gadget company's website, cellphone company's outbound web proxies, internet games company, and image-intensive home furnishings website, the CGNs delivered content faster than the main website could, regardless of increasing its bandwidth. Latency problems with the CGNs were less than the main websites' latency problems, on the average.
There were days that was not true, and days we had to re-re-re-reset the CGN contents, and the day the @#$#@$% game programmers screwed up the CGN calls, but on the whole it was among the least performance limiting / impeding features of the sites in question.
-george
On Sun, Oct 7, 2012 at 1:47 PM, Tom Limoncelli <tal@whatexit.org> wrote:
Have there been studies on how much latency CGN adds to a typical internet user? I'd also be interested in anecdotes.
I've seen theoretical predictions but by now we should have measurements from early-world deployments.
Thanks, Tom
-- Speaking at MacTech Conference 2012. http://mactech.com/conference http://EverythingSysadmin.com -- my blog http://www.TomOnTime.com -- my videos
Huh? I had presumed that CGN was Carrier Grade NAT, not a proxy service. Help me understand. James R. Cutler james.cutler@consultant.com
Sorry, at a conference and not paying enough attention to email. My bad. -george On Sun, Oct 7, 2012 at 2:30 PM, Cutler James R <james.cutler@consultant.com> wrote:
On Oct 7, 2012, at 4:56 PM, George Herbert <george.herbert@gmail.com> wrote:
Ancedotally, for users of an e-gadget company's website, cellphone company's outbound web proxies, internet games company, and image-intensive home furnishings website, the CGNs delivered content faster than the main website could, regardless of increasing its bandwidth. Latency problems with the CGNs were less than the main websites' latency problems, on the average.
There were days that was not true, and days we had to re-re-re-reset the CGN contents, and the day the @#$#@$% game programmers screwed up the CGN calls, but on the whole it was among the least performance limiting / impeding features of the sites in question.
-george
On Sun, Oct 7, 2012 at 1:47 PM, Tom Limoncelli <tal@whatexit.org> wrote:
Have there been studies on how much latency CGN adds to a typical internet user? I'd also be interested in anecdotes.
I've seen theoretical predictions but by now we should have measurements from early-world deployments.
Thanks, Tom
-- Speaking at MacTech Conference 2012. http://mactech.com/conference http://EverythingSysadmin.com -- my blog http://www.TomOnTime.com -- my videos
Huh? I had presumed that CGN was Carrier Grade NAT, not a proxy service. Help me understand.
James R. Cutler james.cutler@consultant.com
-- -george william herbert george.herbert@gmail.com
Of all the problems CGN creates, I would think that latency is in the noise compared to the other issues. Owen On Oct 7, 2012, at 1:56 PM, George Herbert <george.herbert@gmail.com> wrote:
Ancedotally, for users of an e-gadget company's website, cellphone company's outbound web proxies, internet games company, and image-intensive home furnishings website, the CGNs delivered content faster than the main website could, regardless of increasing its bandwidth. Latency problems with the CGNs were less than the main websites' latency problems, on the average.
There were days that was not true, and days we had to re-re-re-reset the CGN contents, and the day the @#$#@$% game programmers screwed up the CGN calls, but on the whole it was among the least performance limiting / impeding features of the sites in question.
-george
On Sun, Oct 7, 2012 at 1:47 PM, Tom Limoncelli <tal@whatexit.org> wrote:
Have there been studies on how much latency CGN adds to a typical internet user? I'd also be interested in anecdotes.
I've seen theoretical predictions but by now we should have measurements from early-world deployments.
Thanks, Tom
-- Speaking at MacTech Conference 2012. http://mactech.com/conference http://EverythingSysadmin.com -- my blog http://www.TomOnTime.com -- my videos
-- -george william herbert george.herbert@gmail.com
On Oct 7, 2012 1:48 PM, "Tom Limoncelli" <tal@whatexit.org> wrote:
Have there been studies on how much latency CGN adds to a typical internet user? I'd also be interested in anecdotes.
Anecdote. Sub-millasecond, with full load. (gigs and gigs) . CGN does not meaningfully add latency. CGN is not enough of a factor to impact happy eyeballs in a way that improves ipv6 use.
I've seen theoretical predictions but by now we should have measurements from early-world deployments.
Most mobile providers have been doing what is commonly called cgn for 5 to 10 years. CGN is not a new concept or implementation for mobile. CB
Thanks, Tom
-- Speaking at MacTech Conference 2012. http://mactech.com/conference http://EverythingSysadmin.com -- my blog http://www.TomOnTime.com -- my videos
On Oct 7, 2012, at 3:18 PM, Cameron Byrne <cb.list6@gmail.com> wrote:
On Oct 7, 2012 1:48 PM, "Tom Limoncelli" <tal@whatexit.org> wrote:
Have there been studies on how much latency CGN adds to a typical internet user? I'd also be interested in anecdotes.
Anecdote. Sub-millasecond, with full load. (gigs and gigs) . CGN does not meaningfully add latency. CGN is not enough of a factor to impact happy eyeballs in a way that improves ipv6 use.
I've seen theoretical predictions but by now we should have measurements from early-world deployments.
Most mobile providers have been doing what is commonly called cgn for 5 to 10 years. CGN is not a new concept or implementation for mobile.
True, but, as we have discussed before, mobile users, especially in the US, have dramatically lowered expectations of internet access from their mobile devices vs. what they expect from a household ISP. We expect half the services we want to be crippled by mobile carriers because they don't like competition. We file lawsuits when that happens on our terrestrial connections. Owen
On Sun, 7 Oct 2012, Owen DeLong wrote:
Most mobile providers have been doing what is commonly called cgn for 5 to 10 years. CGN is not a new concept or implementation for mobile.
True, but, as we have discussed before, mobile users, especially in the US, have dramatically lowered expectations of internet access from their mobile devices vs. what they expect from a household ISP.
Speaking of which, has anyone else noticed AT&T mobile is blocking ssh (outgoing 22/tcp) connections? AFAIK, AT&T mobile does CGN. It's puzzling that they'd block outgoing ssh when there have been multiple ssh clients in the Apple app store for years. I used to be able to ssh from my AT&T phone. I found recently, the packets don't get to the server unless I VPN from the phone first (or am on wifi, not relying on AT&T for IP). ---------------------------------------------------------------------- Jon Lewis, MCP :) | I route Senior Network Engineer | therefore you are Atlantic Net | _________ http://www.lewis.org/~jlewis/pgp for PGP public key_________
On 10/7/2012 9:22 PM, Jon Lewis wrote:
has anyone else noticed AT&T mobile is blocking ssh (outgoing 22/tcp) connections?
Not here, have an SSH session open on my phone on port 22 as we speak. I'm on an android on ATT's 3G network in central indiana, if that matters. -- Jon Sands Fohdeesha Media http://fohdeesha.com/
The day before I left the US, it was still working on my iPad. Owen On Oct 8, 2012, at 5:20 AM, Jon Sands <fohdeesha@gmail.com> wrote:
On 10/7/2012 9:22 PM, Jon Lewis wrote:
has anyone else noticed AT&T mobile is blocking ssh (outgoing 22/tcp) connections?
Not here, have an SSH session open on my phone on port 22 as we speak. I'm on an android on ATT's 3G network in central indiana, if that matters.
-- Jon Sands Fohdeesha Media http://fohdeesha.com/
I just spent a few minutes looking into this again, and figured out the problem. AT&T has apparently changed the way their CGN works. I use a form of port knocking to restrict access to SSHd from "foreign" networks. It used to work fine from my phone. Now, the port knocking request from the phone and the ssh connection are being NAT'd to different public IPs, so my system is allowing ssh access to one AT&T IP, and then the ssh connection comes from a nearby but different IP. On Wed, 10 Oct 2012, Owen DeLong wrote:
The day before I left the US, it was still working on my iPad.
Owen
On Oct 8, 2012, at 5:20 AM, Jon Sands <fohdeesha@gmail.com> wrote:
On 10/7/2012 9:22 PM, Jon Lewis wrote:
has anyone else noticed AT&T mobile is blocking ssh (outgoing 22/tcp) connections?
Not here, have an SSH session open on my phone on port 22 as we speak. I'm on an android on ATT's 3G network in central indiana, if that matters.
-- Jon Sands Fohdeesha Media http://fohdeesha.com/
---------------------------------------------------------------------- Jon Lewis, MCP :) | I route Senior Network Engineer | therefore you are Atlantic Net | _________ http://www.lewis.org/~jlewis/pgp for PGP public key_________
In message <Pine.LNX.4.61.1210100920590.26706@soloth.lewis.org>, Jon Lewis writ es:
I just spent a few minutes looking into this again, and figured out the problem. AT&T has apparently changed the way their CGN works. I use a form of port knocking to restrict access to SSHd from "foreign" networks. It used to work fine from my phone. Now, the port knocking request from the phone and the ssh connection are being NAT'd to different public IPs, so my system is allowing ssh access to one AT&T IP, and then the ssh connection comes from a nearby but different IP.
Which is a badly designed CGN. I turns singly homed clients into multi-homed client where the client has no control over the source address selection. At least with real multi-homed clients they have the ability to force source addresses to match.
On Wed, 10 Oct 2012, Owen DeLong wrote:
The day before I left the US, it was still working on my iPad.
Owen
On Oct 8, 2012, at 5:20 AM, Jon Sands <fohdeesha@gmail.com> wrote:
On 10/7/2012 9:22 PM, Jon Lewis wrote:
has anyone else noticed AT&T mobile is blocking ssh (outgoing 22/tcp) con nections?
Not here, have an SSH session open on my phone on port 22 as we speak. I'm on an android on ATT's 3G network in central indiana, if that matters.
-- Jon Sands Fohdeesha Media http://fohdeesha.com/
---------------------------------------------------------------------- Jon Lewis, MCP :) | I route Senior Network Engineer | therefore you are Atlantic Net | _________ http://www.lewis.org/~jlewis/pgp for PGP public key_________
-- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: marka@isc.org
On Oct 10, 2012, at 3:30 PM, Mark Andrews <marka@isc.org> wrote:
In message <Pine.LNX.4.61.1210100920590.26706@soloth.lewis.org>, Jon Lewis writ es:
I just spent a few minutes looking into this again, and figured out the problem. AT&T has apparently changed the way their CGN works. I use a form of port knocking to restrict access to SSHd from "foreign" networks. It used to work fine from my phone. Now, the port knocking request from the phone and the ssh connection are being NAT'd to different public IPs, so my system is allowing ssh access to one AT&T IP, and then the ssh connection comes from a nearby but different IP.
Which is a badly designed CGN. I turns singly homed clients into multi-homed client where the client has no control over the source address selection. At least with real multi-homed clients they have the ability to force source addresses to match.
AT&T probably likes it for mobile, however, because it's about the easiest way possible to prevent data services from being successfully used for VOIP. Owen
On Wed, 10 Oct 2012, Owen DeLong wrote:
The day before I left the US, it was still working on my iPad.
Owen
On Oct 8, 2012, at 5:20 AM, Jon Sands <fohdeesha@gmail.com> wrote:
On 10/7/2012 9:22 PM, Jon Lewis wrote:
has anyone else noticed AT&T mobile is blocking ssh (outgoing 22/tcp) con nections?
Not here, have an SSH session open on my phone on port 22 as we speak. I'm on an android on ATT's 3G network in central indiana, if that matters.
-- Jon Sands Fohdeesha Media http://fohdeesha.com/
---------------------------------------------------------------------- Jon Lewis, MCP :) | I route Senior Network Engineer | therefore you are Atlantic Net | _________ http://www.lewis.org/~jlewis/pgp for PGP public key_________
-- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: marka@isc.org
Owen DeLong <owen@delong.com> wrote:
On Oct 7, 2012, at 3:18 PM, Cameron Byrne <cb.list6@gmail.com> wrote:
On Oct 7, 2012 1:48 PM, "Tom Limoncelli" <tal@whatexit.org> wrote:
Have there been studies on how much latency CGN adds to a typical internet user? I'd also be interested in anecdotes.
Anecdote. Sub-millasecond, with full load. (gigs and gigs) . CGN does not meaningfully add latency. CGN is not enough of a factor to impact happy eyeballs in a way that improves ipv6 use.
I've seen theoretical predictions but by now we should have measurements from early-world deployments.
Most mobile providers have been doing what is commonly called cgn for 5 to 10 years. CGN is not a new concept or implementation for mobile.
True, but, as we have discussed before, mobile users, especially in the US, have dramatically lowered expectations of internet access from their mobile devices vs. what they expect from a household ISP.
We expect half the services we want to be crippled by mobile carriers because they don't like competition. We file lawsuits when that happens on our terrestrial connections.
Owen
Except now you have to do mediation, since class action lawsuits are now null and void. :) -- Sent from my Android phone with K-9 Mail. Please excuse my brevity.
True, but, as we have discussed before, mobile users, especially in the US, have dramatically lowered expectations of internet access from their mobile devices vs. what they expect from a household ISP.
We expect half the services we want to be crippled by mobile carriers because they don't like competition. We file lawsuits when that happens on our terrestrial connections.
Owen
Except now you have to do mediation, since class action lawsuits are now null and void. :)
I'm not convinced that's actually true, however, even if you ignore the idea of a class-action, the more effective approach is a vast fleet of small-claims cases. Corporations are generally much better prepared and resourced to deal with mediation and/or class-actions. An influx of a huge number of small-claims actions in courts all over the place, OTOH, costs very little resources on the plaintiff side while having a much larger impact on the corporation, even if the corporation prevails in every case. Owen
On Sun, Oct 07, 2012 at 03:18:56PM -0700, Cameron Byrne wrote:
On Oct 7, 2012 1:48 PM, "Tom Limoncelli" <tal@whatexit.org> wrote:
Have there been studies on how much latency CGN adds to a typical internet user? I'd also be interested in anecdotes.
Anecdote. Sub-millasecond, with full load. (gigs and gigs) . CGN does not meaningfully add latency. CGN is not enough of a factor to impact happy eyeballs in a way that improves ipv6 use.
Confirmed by my experience. Best regards, Daniel -- CLUE-RIPE -- Jabber: dr@cluenet.de -- dr@IRCnet -- PGP: 0xA85C8AA0
On Mon, Oct 8, 2012 at 5:27 AM, Daniel Roesen <dr@cluenet.de> wrote:
On Sun, Oct 07, 2012 at 03:18:56PM -0700, Cameron Byrne wrote:
On Oct 7, 2012 1:48 PM, "Tom Limoncelli" <tal@whatexit.org> wrote:
Have there been studies on how much latency CGN adds to a typical internet user? I'd also be interested in anecdotes.
Anecdote. Sub-millasecond, with full load. (gigs and gigs) . CGN does not meaningfully add latency. CGN is not enough of a factor to impact happy eyeballs in a way that improves ipv6 use.
Confirmed by my experience.
Thanks for the info! Tom -- Speaking at MacTech Conference 2012. http://mactech.com/conference http://EverythingSysadmin.com -- my blog http://www.TomOnTime.com -- my videos
On 08. okt. 2012 11:27, Daniel Roesen wrote:
On Sun, Oct 07, 2012 at 03:18:56PM -0700, Cameron Byrne wrote:
On Oct 7, 2012 1:48 PM, "Tom Limoncelli" <tal@whatexit.org> wrote:
Have there been studies on how much latency CGN adds to a typical internet user? I'd also be interested in anecdotes.
Anecdote. Sub-millasecond, with full load. (gigs and gigs) . CGN does not meaningfully add latency. CGN is not enough of a factor to impact happy eyeballs in a way that improves ipv6 use.
Confirmed by my experience.
Latency of the CGN's themselfes are not going to be significant if it is properly scaled and configured. Most of the added latency will be in the network path to it, depending on how the CGN's are deployed relative to the path that particular flow normally would go and how big your network is. A small detour within a DC is obviously not very noticable for most. However if you're skipping peering oppurtunities and such closer to the customer when using a big central CGN, that clearly becomes sub-optimal in terms of network performance.
On Sun, 07 Oct 2012 16:47:18 -0400, Tom Limoncelli said:
Have there been studies on how much latency CGN adds to a typical internet user? I'd also be interested in anecdotes.
Should we include the time spent talking to the help desk trying to resolve double-NAT'ing issues in the latency?
On 10/8/12, Valdis.Kletnieks@vt.edu <Valdis.Kletnieks@vt.edu> wrote:
On Sun, 07 Oct 2012 16:47:18 -0400, Tom Limoncelli said:
Have there been studies on how much latency CGN adds to a typical internet user? I'd also be interested in anecdotes.
Should we include the time spent talking to the help desk trying to resolve double-NAT'ing issues in the latency?
That's downtime to address the brokenness, or loss of availability
1% after you count time users waste trying to navigate large carriers' confusing telephone IVR mazes designed to obscure access to helpdesk, hold time, time waiting for callbacks, and finally, non-resolution of double-NAT issue without user paying extra for non-NAT IP; which is all different from network latency, and of much greater impact than a latency increase <0.1ms.
-- -JH
On Mon, 8 Oct 2012 Valdis.Kletnieks@vt.edu wrote:
On Sun, 07 Oct 2012 16:47:18 -0400, Tom Limoncelli said:
Have there been studies on how much latency CGN adds to a typical internet user? I'd also be interested in anecdotes.
Should we include the time spent talking to the help desk trying to resolve double-NAT'ing issues in the latency?
That's a different sort of latency, and from what I've heard, it's often measured in days rather than fractional seconds. ---------------------------------------------------------------------- Jon Lewis, MCP :) | I route Senior Network Engineer | therefore you are Atlantic Net | _________ http://www.lewis.org/~jlewis/pgp for PGP public key_________
Thomas E Everett bb Enterprise Systems Engineering & Exploitation [G091] National Cyber Operations & Support everettt@mitre.org MITRE -- 703.983.1400 Cell 978.852.2400 ----- Original Message ----- From: Valdis.Kletnieks@vt.edu [mailto:Valdis.Kletnieks@vt.edu] Sent: Monday, October 08, 2012 10:29 PM To: Tom Limoncelli <tal@whatexit.org> Cc: nanog@nanog.org <nanog@nanog.org> Subject: Re: Typical additional latency for CGN? On Sun, 07 Oct 2012 16:47:18 -0400, Tom Limoncelli said:
Have there been studies on how much latency CGN adds to a typical internet user? I'd also be interested in anecdotes.
Should we include the time spent talking to the help desk trying to resolve double-NAT'ing issues in the latency?
participants (16)
-
Alastair Johnson
-
Andre Tomt
-
Cameron Byrne
-
chris
-
Cutler James R
-
Daniel Roesen
-
Everett, Thomas E.
-
George Herbert
-
Jimmy Hess
-
Jon Lewis
-
Jon Sands
-
joseph.snyder@gmail.com
-
Mark Andrews
-
Owen DeLong
-
Tom Limoncelli
-
Valdis.Kletnieks@vt.edu