Using Carrier Grade NAT (CGN or CG-NAT) or Large Scale NAT (LSN), an ISP is capable of:
- sharing one public IPv4 address with multiple subscribers;
- prolonging usage of IPv4 addresses – which are limited;
- simplifying the transition to IPv6 addresses.
NAT/CG-NAT significantly expands existing networks’ capacities. As today the limit of IPv4 addresses is almost over, the transition to IPv6 is inevitable. Rapid growth of mobile devices and cloud services in use make this task even more urgent.
IPv4 addresses from the regional Internet registries (RIR) are no longer available. The only way is: to purchase a large pool of IPv4 addresses from a broker. This makes single IPv4 address cost raising constantly.
Stingray SG solution is designed for telecom operators and Internet service providers; it is also the suitable replacement of NAT equipment in corporate networks. Having a range of functions and possibilities, Stingray is to fit any growing network and to adapt to it.
- To be able to perform as CG-NAT, Stingray SG needs to be switched in in-line mode.
- To activate CG-NAT function, Stingray BRAS or COMPLETE license is required.
- The reserve Stingray system is recommended to ensure fail-proof.
- Factual performance of address translation function can vary from 6 to 200 Gbps – it depends on the chosen hardware platform and the type of Stingray software license.
Full Cone NAT
CG-NAT uses Full Cone NAT technology (a combination of EIM and EIF — Endpoint Independent Mapping and Endpoint Independent Filtering), which allows packets incoming from any external system via an external TCP/UDP port, which is a source of subscriber's traffic.
Full Cone NAT provides transparent operation of peer-to-peer protocols (such as P2P, torrents and games).
Limiting of TCP and UDP connections for subscribers
For each IP address pool, number of TCP and UDP connections is limited individually per subscriber. This allows the ISP to allocate addressing space resources between corporate and private clients. When disabled, connections are closed and ports are released.
The Hairpinning mechanism allows subscribers connected via CG-NAT to interact with each other's public addresses without sending packets outside the device.
Network translations are logged to a text file or sent to an external collector via the IPFIX protocol (also known as NetFlow v10).
Paired IP address pooling function
All subscriber connections from one IP-private internal address are bound to one external address.
Advantages of DPI-based CG-NAT
- Complies with industry standards defined in RFC 6888 (Common Requirements for Carrier-Grade NATs (CGNs)), RFC 4787 (Network Address Translation (NAT) Behavioral Requirements for Unicast UDP)
- Effectively uses the limited IPv4 addressing space. IPv4 network infrastructure may remain in service longer – to maintain continuous availability and reliability of critically important applications and services
- High performance: the platform supports up to 128 million simultaneous sessions
- Smooth transition to IPv6 is possible, via tunneling support between IPv4 and IPv6 networks
- The product is easy to scale dynamically and to increase throughput without interrupting traffic
- Allows to limit number of TCP and UDP ports for the subscriber, providing DDoS protection and network security
- A complete set of DPI platform tools and options with centralized management, which allows lowering both OPEX and CAPEX and operating the network efficiently