NAT (Network Address Translation) is a mechanism applied in TCP/IP networks and allows to replace the local (private) IP address with a public one.

With Carrier Grade NAT (CGN or CG-NAT) or Large Scale NAT (LSN) ISP can share one public IPv4 address with multiple subscribers, prolongs the use of the limited IPv4 addressing space, and simplifies the transition to IPv6 addressing.

Stingray SG solution is designed for telecom operators and Internet Service Providers, and also is suitable for NAT equipment replacement in corporate networks. Having a range of functions and possibilities the platform will fit into any growing network and adapt to it.

IPv6 Implementation

The addresses of the fourth version protocol, which is responsible for establishing a connection between network nodes (computers, servers, mobile devices, etc.), are currently insufficient: more than 4.3 billion devices are already used in the world.

IPv6 is the next generation protocol. Its main advantage is the increased address size from 32 to 128 bits, which gives an almost inexhaustible supply of unique IP addresses.

Carrier Grade NAT technology assumes using up to 64,000 ports on 1 public address. However, 3000 ports for TCP and UDP connections per subscriber are enough for comfortable operation. You get the optimal coefficient up to 1:10 (10 private IPs are translated to 1 public IP). This is the best practice due to the fact that many services (such as mail, video, search and others) use protection against BotNet attacks based on IP addresses. Therefore, the smaller the number of addresses, the lower the risk of blocking or enabling captcha.

Extend IPv4 Connectivity

Our NAT product suits Internet Service Providers of any size. Installed on a standard x86 server, it is flexible, affordable and easy to scale. This solution will give you time to prepare your network for IPv6 implementation and still have transparent and reliable network address translation.

IPv6 Transition

We recommend using CG-NAT solution of Stingray platform as part of a smooth migration to IPv6 strategy and support for DualStack IPv4/IPv6, so that NAT v4 and v6 would work simultaneously. The Application Layer Gateways (ALGs) ensure that multi-channel applications connect normally to the entire Internet, no matter which IP version is used.

Advantages of DPI-based CG-NAT

  • Complies with industry standards defined in RFC 6888 (Common Requirements for Carrier-Grade NATs (CGNs)), RFC 4787 (Network Address Translation (NAT) Behavioral Requirements for Unicast UDP)
  • Uses effectively the limited IPv4 addressing space. Solving IPv4 exhaustaion problem gives time for smooth IPv6 migration
  • High performance: the platform supports up to 128 million simultaneous sessions
  • Our product is easy to scale dynamically and to increase throughput without interrupting traffic
  • Allows to limit number of TCP and UDP ports for the subscriber, providing DDoS protection and network security
  • A complete set of DPI platform tools and options with centralized management, which helps to reduce OPEX and CAPEX and operate the network efficiently


Full Cone NAT

CG-NAT uses Full Cone NAT technology (a combination of EIM and EIF — Endpoint Independent Mapping and Endpoint Independent Filtering), which allows packets incoming from any external system via an external TCP/UDP port, which is a source of subscriber's traffic.

Full Cone NAT provides transparent operation of peer-to-peer protocols (such as P2P, torrents and games).

Paired IP address pooling function

All subscriber connections from one IP-private internal address are bound to one external address.

Hairpinning Technology

The Hairpinning mechanism allows subscribers connected via CG-NAT to interact with each other's public addresses without sending packets outside the device.

Limiting of TCP and UDP connections for subscribers

For each IP address pool, number of TCP and UDP connections is limited individually per subscriber. This allows the ISP to allocate addressing space resources between corporate and private clients. When disabled, connections are closed and ports are released.

Translation logging

Network translations are logged to a text file or sent to an external collector via the IPFIX protocol (also known as NetFlow v10).

Technical Solution

  • The Stingray SG has to be implemented in-line to deploy CGNAT function.
  • To ensure fail-safety, stand-by platform is recommended.
  • License Stingray SG COMPLETE is necessary to make CGNAT function available.
  • Performance of the address translation function depends on the chosen hardware platform and the license for Stingray SG software (from 6 to 200 Gbps).
Troughput up to 200 Gbps
NAT44, NAT 1:1
Application Service Gateways (ALG)
IPFIX (NetFlow v10), Local files
Limitation of ports per user, Mini-Firewall for public IPs

Where to begin?

Send a request
We contact you, specify the task, provide access to the documentation and answer your questions.
Choose the solution
We discuss the current situation: traffic volume, available equipment, the functionality you need.
Free trial
Our engeniers install the selected software and adapt it to your specific tasks. Сontract — only after the test is successful.
We use cookies to optimize site functionality and give you the best possible experience. To learn more about the cookies we use, please visit our Cookies Policy. By clicking ‘Okay’, you agree to our use of cookies. Learn more.