CG-NAT

NAT (Network Address Translation) solution is used in TCP/IP networks. It allows replacement (literally – the “translation”) of the private IP address with a public one.

Service description

Using Carrier Grade NAT (CGN or CG-NAT) or Large Scale NAT (LSN), an ISP is capable of:

  • sharing one public IPv4 address with multiple subscribers;
  • prolonging usage of IPv4 addresses – which are limited;
  • simplifying the transition to IPv6 addresses.

NAT/CG-NAT significantly expands existing networks’ capacities. As today the limit of IPv4 addresses is almost over, the transition to IPv6 is inevitable. Rapid growth of mobile devices and cloud services in use make this task even more urgent.

IPv4 addresses from the regional Internet registries (RIR) are no longer available. The only way is: to purchase a large pool of IPv4 addresses from a broker. This makes single IPv4 address cost raising constantly.

Network Address Translation Scheme

Stingray SG solution is designed for telecom operators and Internet service providers; it is also the suitable replacement of NAT equipment in corporate networks. Having a range of functions and possibilities, Stingray is to fit any growing network and to adapt to it.

Implementation notes

  • To be able to perform as CG-NAT, Stingray SG needs to be switched in in-line mode.
  • To activate CG-NAT function, Stingray BRAS or COMPLETE license is required.
  • The reserve Stingray system is recommended to ensure fail-proof.
  • Factual performance of address translation function can vary from 6 to 200 Gbps – it depends on the chosen hardware platform and the type of Stingray software license.
Features
Specifications
Performance
Troughput up to 200 Gbps
Modes
NAT44, NAT 1:1
Routing
BGP, OSPF
Application Service Gateways (ALG)
FTP, DNS, PPTP, ICMP, IPSec, SIP, RTSP
Logging
IPFIX (NetFlow v10), Local files
Security
Limitation of ports per user, Mini-Firewall for public IPs

Specifics

Full Cone NAT

CG-NAT uses Full Cone NAT technology (a combination of EIM and EIF — Endpoint Independent Mapping and Endpoint Independent Filtering), which allows packets incoming from any external system via an external TCP/UDP port, which is a source of subscriber's traffic.

Full Cone NAT provides transparent operation of peer-to-peer protocols (such as P2P, torrents and games).

Limiting of TCP and UDP connections for subscribers

For each IP address pool, number of TCP and UDP connections is limited individually per subscriber. This allows the ISP to allocate addressing space resources between corporate and private clients. When disabled, connections are closed and ports are released.

Hairpinning Technology

The Hairpinning mechanism allows subscribers connected via CG-NAT to interact with each other's public addresses without sending packets outside the device.

Translation logging

Network translations are logged to a text file or sent to an external collector via the IPFIX protocol (also known as NetFlow v10).

Paired IP address pooling function

All subscriber connections from one IP-private internal address are bound to one external address.

Advantages of DPI-based CG-NAT

  • Complies with industry standards defined in RFC 6888 (Common Requirements for Carrier-Grade NATs (CGNs)), RFC 4787 (Network Address Translation (NAT) Behavioral Requirements for Unicast UDP)
  • Effectively uses the limited IPv4 addressing space. IPv4 network infrastructure may remain in service longer – to maintain continuous availability and reliability of critically important applications and services
  • High performance: the platform supports up to 128 million simultaneous sessions
  • Smooth transition to IPv6 is possible, via tunneling support between IPv4 and IPv6 networks
  • The product is easy to scale dynamically and to increase throughput without interrupting traffic
  • Allows to limit number of TCP and UDP ports for the subscriber, providing DDoS protection and network security
  • A complete set of DPI platform tools and options with centralized management, which allows lowering both capital and operating expenses and running the network efficiently

Request a demo

Fill in the form
We will contact you, specify the task, provide access to the documentation and answer your questions.
Choose the solution
We discuss the current situation: traffic volume, available equipment, the functionality you need.
Free trial
Our engeniers install the selected software and adapt it to your specific tasks. Сontract — only after the test is successful.
We use cookies to optimize site functionality and give you the best possible experience. To learn more about the cookies we use, please visit our Cookies Policy. By clicking ‘Okay’, you agree to our use of cookies. Learn more.