A10 CGN – CDNs design case with subscriber’s private addresses.

The streaming and social networks have come here to stay and are already part of our routine. When we use Facebook, YouTube, Instagram or when we want to hang out watching Netflix, we are downloading a huge amount of content and the truth is that we never question where all this comes from.

The streaming and social networks services are mostly delivered by CDNs ( Content Delivery Networks) which are Cache elements provided by content providers. The main purpose of this is to offer subscribers the greatest quantity of service locally. This benefits both, content provider and ISP by reducing the international traffic consumption and, on the other hand, it favors users with a lowest connection latency.

Serving content locally comes with some drawbacks. Let's not forget the Internet's golden rule; the lower the latency, the better the experience. In other words, when subscribers have a better experience, they increase their content consumption.

For ISPs this behavior means greater investment in Carrier grade NAT equipment, which makes us wonder what we can do to deliver CDN traffic without impacting CGN platforms.

Thanks to the CGN Support solutions for CDNs provided by Facebook & Google among others, it is possible to deliver CDN content directly to subscriber’s private addresses, preventing these downloads from consuming CGN platforms resources.

We would use the CGN support example described by Google GGC that you can review in the following link to see how easy this can be done!

Analysis Case – Google CDN + A10 CGN

Based on A10 Networks proposed topology architectures, CGN platforms can be integrated on a one-armed design. This means that a single physical connection of aggregated interfaces is connected to the network and using circuits (Vlans IN and Vlans Out) the subscribers IPs are delivered by the access network to an inside VPN and the CGN announces its NAT Pools IPs to an outside VPN. The routing between both VPN instances is built through the CGN platform so all internet traffic is processed by this device.

Both Inside and Outside VPNs require route exchanges with Local CDNs VPNs. This way, all subscribers’ queries go directly to the Caches bypassing the CGNs platforms. Last but not least these addresses are required to be announced with Specific BGP communities, 15169:12100 for RFC1918, RFC6598 networks and 15169:12000 for NAT Pools IPs reachable by internet.

With all that in mind, the subscribers request the content to the global services available on the internet. To start this download process, the global nodes inform the FQDNS of the local CDN available inside the ISP facility. At this point we can assure the following:

1. All Global Services from Google would know that the subscriber is NATed by a CGN device because the public prefix is marked with a 15169:12000 community.

2. The subscribers’ download requests to the CDN are routed between Inside and Local CDN VPNS without the need of using Nat on CGN devices. Local CDN knows that these requests come from private addresses that belong to CGN clients because the 15169:12100 community is sent by the ISP to the CDN. and that's it! The rest is magic

Something really important to mention is that setting the BGP community to the public prefixes required by GGC is quite easy thanks to the configuration flexibility offered by A10 Networks. To achieve our goal, it is possible to set the NATed community when we redistribute the ip-nat pool into our BGP process. This allow a scalable way to inform the NATed IP to the Internet and GGC. This configuration is as simple as you can see below:

Finally, when we consider the best practices given by A10 networks on both topology options and configuration recommendation for dynamic announcement of NAT POOLS, we can achieve a rock-solid design with an architecture that allows users to get a great download experience of content without a huge investment to make our CGNs bigger ( and bigger !)

you should think about what you can do with others social networks cdns and your own internal OTT services. And remember that if you require assistance to obtain CGN efficiency you can always trust in Auben's experience for achieving your goals.