Carrier Grade NAT
Encyclopedia
Carrier-grade NAT also known as large-scale NAT (LSN), is an approach to IPv4
network design in which end sites, in particular residential networks, are configured with private network
addresses that are translated to public IPv4 addresses by middlebox
network address translator devices embedded in the network operator's network, permitting the sharing of small pools of public addresses among many end sites. This shifts the NAT function and configuration thereof from the customer premise to the Internet service provider network.
Carrier-grade NAT has been proposed as an approach for mitigating IPv4 address exhaustion, and easing the transition to IPv6.
Critics of carrier-grade NAT argue the following aspects:
One use scenario of CGN can be described as NAT444, because some customer's connections to public servers would pass through three different IPv4 addressing domains: the customer's own private network, the carrier's private network, and the public Internet.
Another CGN scenario is Dual-Stack Lite, in which the carrier's network uses IPv6
and thus only two IPv4 addressing domains are needed.
IPv4
Internet Protocol version 4 is the fourth revision in the development of the Internet Protocol and the first version of the protocol to be widely deployed. Together with IPv6, it is at the core of standards-based internetworking methods of the Internet...
network design in which end sites, in particular residential networks, are configured with private network
Private network
In the Internet addressing architecture, a private network is a network that uses private IP address space, following the standards set by RFC 1918 and RFC 4193. These addresses are commonly used for home, office, and enterprise local area networks , when globally routable addresses are not...
addresses that are translated to public IPv4 addresses by middlebox
Middlebox
A middlebox is a device in the Internet thatprovides transport policy enforcement. Examples of these devicesinclude firewalls, network address translators , signature management for intrusion detection...
network address translator devices embedded in the network operator's network, permitting the sharing of small pools of public addresses among many end sites. This shifts the NAT function and configuration thereof from the customer premise to the Internet service provider network.
Carrier-grade NAT has been proposed as an approach for mitigating IPv4 address exhaustion, and easing the transition to IPv6.
Critics of carrier-grade NAT argue the following aspects:
- It breaks the end-to-end principleEnd-to-end principleThe end-to-end principle is a classic design principle of computer networking which states that application specific functions ought to reside in the end hosts of a network rather than in intermediary nodes, provided they can be implemented "completely and correctly" in the end hosts...
. - It has significant security, scalabilityScalabilityIn electronics scalability is the ability of a system, network, or process, to handle growing amount of work in a graceful manner or its ability to be enlarged to accommodate that growth...
, and reliabilityReliability (computer networking)In computer networking, a reliable protocol is one that provides reliability properties with respect to the delivery of data to the intended recipient, as opposed to an unreliable protocol, which does not provide notifications to the sender as to the delivery of transmitted data.A reliable...
problems, by virtue of being stateful. - It makes record keeping for law-enforcement operations more difficult.
- It makes it impossible to host services on well known ports.
One use scenario of CGN can be described as NAT444, because some customer's connections to public servers would pass through three different IPv4 addressing domains: the customer's own private network, the carrier's private network, and the public Internet.
Another CGN scenario is Dual-Stack Lite, in which the carrier's network uses IPv6
IPv6
Internet Protocol version 6 is a version of the Internet Protocol . It is designed to succeed the Internet Protocol version 4...
and thus only two IPv4 addressing domains are needed.