carrier-grade NAT on:
[Wikipedia]
[Google]
[Amazon]
Carrier-grade NAT (CGN or CGNAT), also known as large-scale NAT (LSN), is a type of Network address translation (NAT) for use in
Understanding Carrier Grade NAT
IETF Internet Draft: Common requirements for Carrier Grade NAT (CGN)
CGN :: Observations & Recommendations
A Multi-perspective Analysis of Carrier-Grade NAT Deployment (sept. 2016)
IPv4 Network address translation Telecommunications-related introductions in 2000
Carrier-grade NAT (CGN or CGNAT), also known as large-scale NAT (LSN), is a type of Network address translation (NAT) for use in IPv4
Internet Protocol version 4 (IPv4) is the fourth version of the Internet Protocol (IP). It is one of the core protocols of standards-based internetworking methods in the Internet and other packet-switched networks. IPv4 was the first version de ...
network design. With CGNAT, end sites, in particular residential networks, are configured with private network
In Internet networking, a private network is a computer network that uses a private address space of IP addresses. These addresses are commonly used for local area networks (LANs) in residential, office, and enterprise environments. Both the IPv4 ...
addresses that are translated to public IPv4 addresses by middlebox
A middlebox is a computer networking device that transforms, inspects, filters, and manipulates traffic for purposes other than packet forwarding. Examples of middleboxes include firewalls, network address translators (NATs), load balancers, and ...
network address translator devices embedded in the network operator's network, permitting the sharing of small pools of public addresses among many end sites. This shifts the NAT function and configuration thereof from the customer premises to the Internet service provider network (though "conventional" NAT on the customer premises will often be used additionally).
Carrier-grade NAT is often used for mitigating IPv4 address exhaustion
IPv4 address exhaustion is the depletion of the pool of unallocated IPv4 addresses. Because the original Internet architecture had fewer than 4.3 billion addresses available, depletion has been anticipated since the late 1980s, when the Interne ...
.
One use scenario of CGN has been labeled as NAT444, because some customer connections to Internet services on the public Internet would pass through three different IPv4 addressing domains: the customer's own private network, the carrier's private network and the public Internet.
Another CGN scenario is Dual-Stack Lite
An IPv6 transition mechanism is a technology that facilitates the transitioning of the Internet from the Internet Protocol version 4 (IPv4) infrastructure in use since 1983 to the successor addressing and routing system of Internet Protocol Vers ...
, in which the carrier's network uses IPv6
Internet Protocol version 6 (IPv6) is the most recent version of the Internet Protocol (IP), the communication protocol, communications protocol that provides an identification and location system for computers on networks and routes traffic ...
and thus only two IPv4 addressing domains are needed.
CGNAT techniques were first used in 2000 to accommodate the immediate need for large numbers of IPv4 addresses in General Packet Radio Service
General Packet Radio Service (GPRS) is a packet oriented mobile data standard on the 2G and 3G cellular communication network's global system for mobile communications (GSM). GPRS was established by European Telecommunications Standards Inst ...
(GPRS) deployments of mobile networks. Estimated CGNAT deployments increased from 1200 in 2014 to 3400 in 2016, with 28.85% of the studied deployments appearing to be in mobile operator networks.
Shared address space
If an ISP deploys a CGN, and uses address space to number customer gateways, the risk of address collision, and therefore routing failures, arises when the customer network already uses an address space. This prompted some ISPs to develop a policy within theAmerican Registry for Internet Numbers
The American Registry for Internet Numbers (ARIN) is the regional Internet registry for Canada, the United States, and many Caribbean and North Atlantic islands. ARIN manages the distribution of Internet number resources, including IPv4 and IPv ...
(ARIN) to allocate new private address space for CGNs, but ARIN deferred to the IETF
The Internet Engineering Task Force (IETF) is a standards organization for the Internet and is responsible for the technical standards that make up the Internet protocol suite (TCP/IP). It has no formal membership roster or requirements and a ...
before implementing the policy indicating that the matter was not a typical allocation issue but a reservation of addresses for technical purposes (per RFC 2860).
IETF published , detailing a shared address space for use in ISP CGN deployments that can handle the same network prefixes occurring both on inbound and outbound interfaces. ARIN returned address space to the Internet Assigned Numbers Authority
The Internet Assigned Numbers Authority (IANA) is a standards organization that oversees global IP address allocation, autonomous system number allocation, root zone management in the Domain Name System (DNS), media types, and other Interne ...
(IANA) for this allocation. The allocated address block is 100.64.0.0/10, i.e. IP addresses from 100.64.0.0 to 100.127.255.255.
Devices evaluating whether an IPv4 address is public must be updated to recognize the new address space. Allocating more private IPv4 address space for NAT devices might prolong the transition to IPv6.
Disadvantages
Critics of carrier-grade NAT argue the following aspects: * Like any form of NAT, it breaks theend-to-end principle
The end-to-end principle is a design framework in computer networking. In networks designed according to this principle, guaranteeing certain application-specific features, such as reliability and security, requires that they reside in the commu ...
.
* It has significant security, scalability
Scalability is the property of a system to handle a growing amount of work by adding resources to the system.
In an economic context, a scalable business model implies that a company can increase sales given increased resources. For example, a ...
, and reliability
Reliability, reliable, or unreliable may refer to:
Science, technology, and mathematics Computing
* Data reliability (disambiguation), a property of some disk arrays in computer storage
* High availability
* Reliability (computer networking), a ...
problems, by virtue of being stateful.
* It does not solve the IPv4 address exhaustion problem when a public IP address is needed, such as in web hosting.
Carrier-grade NAT usually prevents the ISP customers from using port forwarding
In computer networking, port forwarding or port mapping is an application of network address translation (NAT) that redirects a communication request from one address and port number combination to another while the packets are traversing a netw ...
, because the network address translation (NAT) is usually implemented by mapping ports of the NAT devices in the network to other ports
A port is a maritime facility comprising one or more wharves or loading areas, where ships load and discharge cargo and passengers. Although usually situated on a sea coast or estuary, ports can also be found far inland, such as Ham ...
in the external interface. This is done so the router will be able to map the responses to the correct device; in carrier-grade NAT networks, even though the router at the consumer end might be configured for port forwarding, the "master router" of the ISP, which runs the CGN, will block this port forwarding because the actual port would not be the port configured by the consumer.http://stakeholders.ofcom.org.uk/binaries/research/technology-research/2013/cgnat.pdf In order to overcome the former disadvantage, the Port Control Protocol
Port Control Protocol (PCP) is a computer networking protocol that allows hosts on IPv4 or IPv6 networks to control how the incoming IPv4 or IPv6 packets are translated and forwarded by an upstream router that performs network address translat ...
(PCP) has been standardized in the RFC 6887.
In cases of banning traffic based on IP addresses, the system might block the traffic of a spamming user by banning the user's IP address. If that user happens to be behind carrier-grade NAT, other users sharing the same public address with the spammer will be mistakenly blocked. This can create serious problems for forum and wiki administrators attempting to address disruptive actions from a single user sharing an IP address with legitimate users.
See also
*NAT64
NAT64 is an IPv6 transition mechanism that facilitates communication between IPv6 and IPv4 hosts by using a form of network address translation (NAT). The NAT64 gateway is a translator between IPv4 and IPv6 protocols, for which function it need ...
* DNS64
An IPv6 transition mechanism is a technology that facilitates the transitioning of the Internet from the Internet Protocol version 4 (IPv4) infrastructure in use since 1983 to the successor addressing and routing system of Internet Protocol Vers ...
* 464XLAT
An IPv6 transition mechanism is a technology that facilitates the IPv6 deployment, transitioning of the Internet from the IPv4, Internet Protocol version 4 (IPv4) infrastructure in use since 1983 to the successor addressing and routing system of ...
References
{{ReflistExternal links
Understanding Carrier Grade NAT
IETF Internet Draft: Common requirements for Carrier Grade NAT (CGN)
CGN :: Observations & Recommendations
A Multi-perspective Analysis of Carrier-Grade NAT Deployment (sept. 2016)
IPv4 Network address translation Telecommunications-related introductions in 2000