With Carrier Grade NAT (CGN or CG-NAT) or Large Scale NAT (LSN) ISP can share one public IPv4 address with multiple subscribers, prolongs the use of the limited IPv4 addressing space, and simplifies the transition to IPv6 addressing.
Stingray SG solution is designed for telecom operators and Internet Service Providers, and also is suitable for NAT equipment replacement in corporate networks. Having a range of functions and possibilities the platform will fit into any growing network and adapt to it.
The addresses of the fourth version protocol, which is responsible for establishing a connection between network nodes (computers, servers, mobile devices, etc.), are currently insufficient: more than 4.3 billion devices are already used in the world.
IPv6 is the next generation protocol. Its main advantage is the increased address size from 32 to 128 bits, which gives an almost inexhaustible supply of unique IP addresses.
Carrier Grade NAT technology assumes using up to 64,000 ports on 1 public address. However, 3000 ports for TCP and UDP connections per subscriber are enough for comfortable operation. You get the optimal coefficient up to 1:10 (10 private IPs are translated to 1 public IP). This is the best practice due to the fact that many services (such as mail, video, search and others) use protection against BotNet attacks based on IP addresses. Therefore, the smaller the number of addresses, the lower the risk of blocking or enabling captcha.
Extend IPv4 Connectivity
Our NAT product suits Internet Service Providers of any size. Installed on a standard x86 server, it is flexible, affordable and easy to scale. This solution will give you time to prepare your network for IPv6 implementation and still have transparent and reliable network address translation.
We recommend using CG-NAT solution of Stingray platform as part of a smooth migration to IPv6 strategy and support for DualStack IPv4/IPv6, so that NAT v4 and v6 would work simultaneously. The Application Layer Gateways (ALGs) ensure that multi-channel applications connect normally to the entire Internet, no matter which IP version is used.
Advantages of DPI-based CG-NAT
- Complies with industry standards defined in RFC 6888 (Common Requirements for Carrier-Grade NATs (CGNs)), RFC 4787 (Network Address Translation (NAT) Behavioral Requirements for Unicast UDP)
- Uses effectively the limited IPv4 addressing space. Solving IPv4 exhaustaion problem gives time for smooth IPv6 migration
- High performance: the platform supports up to 128 million simultaneous sessions
- Our product is easy to scale dynamically and to increase throughput without interrupting traffic
- Allows to limit number of TCP and UDP ports for the subscriber, providing DDoS protection and network security
- A complete set of DPI platform tools and options with centralized management, which helps to reduce OPEX and CAPEX and operate the network efficiently
Full Cone NAT
CG-NAT uses Full Cone NAT technology (a combination of EIM and EIF — Endpoint Independent Mapping and Endpoint Independent Filtering), which allows packets incoming from any external system via an external TCP/UDP port, which is a source of subscriber's traffic.
Full Cone NAT provides transparent operation of peer-to-peer protocols (such as P2P, torrents and games).
Paired IP address pooling function
All subscriber connections from one IP-private internal address are bound to one external address.
The Hairpinning mechanism allows subscribers connected via CG-NAT to interact with each other's public addresses without sending packets outside the device.
Limiting of TCP and UDP connections for subscribers
For each IP address pool, number of TCP and UDP connections is limited individually per subscriber. This allows the ISP to allocate addressing space resources between corporate and private clients. When disabled, connections are closed and ports are released.
Network translations are logged to a text file or sent to an external collector via the IPFIX protocol (also known as NetFlow v10).
- The Stingray SG has to be implemented in-line to deploy CGNAT function.
- To ensure fail-safety, stand-by platform is recommended.
- License Stingray SG COMPLETE is necessary to make CGNAT function available.
- Performance of the address translation function depends on the chosen hardware platform and the license for Stingray SG software (from 6 to 200 Gbps).